[open-ils-commits] [GIT] Evergreen ILS branch master updated. bf0a3fd21abdac7a88eed6fa3510d9f3114e26df

Evergreen Git git at git.evergreen-ils.org
Mon Aug 13 14:30:07 EDT 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, master has been updated
       via  bf0a3fd21abdac7a88eed6fa3510d9f3114e26df (commit)
      from  ecdcfb21c141d05fede11cad7ddef11c7a75a18a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit bf0a3fd21abdac7a88eed6fa3510d9f3114e26df
Author: Bill Erickson <berickxx at gmail.com>
Date:   Tue Aug 7 14:27:47 2018 -0400

    LP#1718032 Patron merge honors group perms; no self-merge
    
    Ensure the staff performing a patron merge have sufficient permission to
    edit all users involved in the merge process, in addition the
    MERGE_USERS permssion.
    
    Prevent staff from merging their own logged in account.
    
    Signed-off-by: Bill Erickson <berickxx at gmail.com>
    Signed-off-by: Michele Morgan <mmorgan at noblenet.org>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
index 503cf35..f0bfa2e 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
@@ -3378,7 +3378,13 @@ sub merge_users {
     my $colls = $e->search_money_collections_tracker({usr => $user_ids}, {idlist => 1});
     return OpenILS::Event->new('MERGED_USER_IN_COLLECTIONS', payload => $user_ids) if @$colls;
 
+    return OpenILS::Event->new('MERGE_SELF_NOT_ALLOWED')
+        if $master_id == $e->requestor->id;
+
     my $master_user = $e->retrieve_actor_user($master_id) or return $e->die_event;
+    my $evt = group_perm_failed($e, $e->requestor, $master_user);
+    return $evt if $evt;
+
     my $del_addrs = ($U->ou_ancestor_setting_value(
         $master_user->home_ou, 'circ.user_merge.delete_addresses', $e)) ? 't' : 'f';
     my $del_cards = ($U->ou_ancestor_setting_value(
@@ -3387,7 +3393,13 @@ sub merge_users {
         $master_user->home_ou, 'circ.user_merge.deactivate_cards', $e)) ? 't' : 'f';
 
     for my $src_id (@$user_ids) {
+
         my $src_user = $e->retrieve_actor_user($src_id) or return $e->die_event;
+        my $evt = group_perm_failed($e, $e->requestor, $src_user);
+        return $evt if $evt;
+
+        return OpenILS::Event->new('MERGE_SELF_NOT_ALLOWED')
+            if $src_id == $e->requestor->id;
 
         return $e->die_event unless $e->allowed('MERGE_USERS', $src_user->home_ou);
         if($src_user->home_ou ne $master_user->home_ou) {
diff --git a/Open-ILS/src/templates/staff/circ/patron/index.tt2 b/Open-ILS/src/templates/staff/circ/patron/index.tt2
index 94849f2..dc9c1b2 100644
--- a/Open-ILS/src/templates/staff/circ/patron/index.tt2
+++ b/Open-ILS/src/templates/staff/circ/patron/index.tt2
@@ -76,6 +76,7 @@ angular.module('egCoreMod').run(['egStrings', function(s) {
   s.PAGE_TITLE_PATRON_HOLDS = "[% l('Holds') %]";
   s.PAGE_TITLE_PATRON_ITEMS_OUT = "[% l('Items Out') %]";
   s.PAGE_TITLE_PATRON_EDIT = "[% l('Edit') %]";
+  s.MERGE_SELF_NOT_ALLOWED = "[% l('Logged in account cannot be merged') %]"
 }]);
 </script>
 
diff --git a/Open-ILS/web/js/ui/default/staff/circ/patron/app.js b/Open-ILS/web/js/ui/default/staff/circ/patron/app.js
index fa8a60e..d37ed64 100644
--- a/Open-ILS/web/js/ui/default/staff/circ/patron/app.js
+++ b/Open-ILS/web/js/ui/default/staff/circ/patron/app.js
@@ -691,13 +691,20 @@ function($scope,  $q,  $routeParams,  $timeout,  $window,  $location,  egCore ,
         angular.forEach(items, function(i) {
             patron_ids.push(i.id());
         });
-        egPatronMerge.do_merge(patron_ids).then(function() {
-            // ensure that we're not drawing from cached
-            // resuts, as a successful merge just deleted a
-            // record
-            delete patronSvc.lastSearch;
-            $scope.gridControls.refresh();
-        });
+        egPatronMerge.do_merge(patron_ids).then(
+            function() {
+                // ensure that we're not drawing from cached
+                // resuts, as a successful merge just deleted a
+                // record
+                delete patronSvc.lastSearch;
+                $scope.gridControls.refresh();
+            },
+            function(evt) {
+                if (evt && evt.textcode == 'MERGE_SELF_NOT_ALLOWED') {
+                    ngToast.warning(egCore.strings.MERGE_SELF_NOT_ALLOWED);
+                }
+            }
+        );
     }
    
 }])

-----------------------------------------------------------------------

Summary of changes:
 .../src/perlmods/lib/OpenILS/Application/Actor.pm  |   12 +++++++++++
 Open-ILS/src/templates/staff/circ/patron/index.tt2 |    1 +
 .../web/js/ui/default/staff/circ/patron/app.js     |   21 +++++++++++++------
 3 files changed, 27 insertions(+), 7 deletions(-)


hooks/post-receive
-- 
Evergreen ILS

More information about the open-ils-commits mailing list