[open-ils-commits] [GIT] Evergreen ILS branch rel_3_1 updated. 5d40327d79fd2f913944aaeca858c72f95cc702b

Evergreen Git git at git.evergreen-ils.org
Mon Aug 13 14:30:27 EDT 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".

The branch, rel_3_1 has been updated
       via  5d40327d79fd2f913944aaeca858c72f95cc702b (commit)
      from  5268e48c08c0f5684792a1ac420403c7b052a543 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5d40327d79fd2f913944aaeca858c72f95cc702b
Author: Bill Erickson <berickxx at gmail.com>
Date:   Tue Aug 7 14:27:47 2018 -0400

    LP#1718032 Patron merge honors group perms; no self-merge
    
    Ensure the staff performing a patron merge have sufficient permission to
    edit all users involved in the merge process, in addition the
    MERGE_USERS permssion.
    
    Prevent staff from merging their own logged in account.
    
    Signed-off-by: Bill Erickson <berickxx at gmail.com>
    Signed-off-by: Michele Morgan <mmorgan at noblenet.org>

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
index e62982e..8a3ca18 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm
@@ -3377,7 +3377,13 @@ sub merge_users {
     my $colls = $e->search_money_collections_tracker({usr => $user_ids}, {idlist => 1});
     return OpenILS::Event->new('MERGED_USER_IN_COLLECTIONS', payload => $user_ids) if @$colls;
 
+    return OpenILS::Event->new('MERGE_SELF_NOT_ALLOWED')
+        if $master_id == $e->requestor->id;
+
     my $master_user = $e->retrieve_actor_user($master_id) or return $e->die_event;
+    my $evt = group_perm_failed($e, $e->requestor, $master_user);
+    return $evt if $evt;
+
     my $del_addrs = ($U->ou_ancestor_setting_value(
         $master_user->home_ou, 'circ.user_merge.delete_addresses', $e)) ? 't' : 'f';
     my $del_cards = ($U->ou_ancestor_setting_value(
@@ -3386,7 +3392,13 @@ sub merge_users {
         $master_user->home_ou, 'circ.user_merge.deactivate_cards', $e)) ? 't' : 'f';
 
     for my $src_id (@$user_ids) {
+
         my $src_user = $e->retrieve_actor_user($src_id) or return $e->die_event;
+        my $evt = group_perm_failed($e, $e->requestor, $src_user);
+        return $evt if $evt;
+
+        return OpenILS::Event->new('MERGE_SELF_NOT_ALLOWED')
+            if $src_id == $e->requestor->id;
 
         return $e->die_event unless $e->allowed('MERGE_USERS', $src_user->home_ou);
         if($src_user->home_ou ne $master_user->home_ou) {
diff --git a/Open-ILS/src/templates/staff/circ/patron/index.tt2 b/Open-ILS/src/templates/staff/circ/patron/index.tt2
index 94849f2..dc9c1b2 100644
--- a/Open-ILS/src/templates/staff/circ/patron/index.tt2
+++ b/Open-ILS/src/templates/staff/circ/patron/index.tt2
@@ -76,6 +76,7 @@ angular.module('egCoreMod').run(['egStrings', function(s) {
   s.PAGE_TITLE_PATRON_HOLDS = "[% l('Holds') %]";
   s.PAGE_TITLE_PATRON_ITEMS_OUT = "[% l('Items Out') %]";
   s.PAGE_TITLE_PATRON_EDIT = "[% l('Edit') %]";
+  s.MERGE_SELF_NOT_ALLOWED = "[% l('Logged in account cannot be merged') %]"
 }]);
 </script>
 
diff --git a/Open-ILS/web/js/ui/default/staff/circ/patron/app.js b/Open-ILS/web/js/ui/default/staff/circ/patron/app.js
index fa8a60e..d37ed64 100644
--- a/Open-ILS/web/js/ui/default/staff/circ/patron/app.js
+++ b/Open-ILS/web/js/ui/default/staff/circ/patron/app.js
@@ -691,13 +691,20 @@ function($scope,  $q,  $routeParams,  $timeout,  $window,  $location,  egCore ,
         angular.forEach(items, function(i) {
             patron_ids.push(i.id());
         });
-        egPatronMerge.do_merge(patron_ids).then(function() {
-            // ensure that we're not drawing from cached
-            // resuts, as a successful merge just deleted a
-            // record
-            delete patronSvc.lastSearch;
-            $scope.gridControls.refresh();
-        });
+        egPatronMerge.do_merge(patron_ids).then(
+            function() {
+                // ensure that we're not drawing from cached
+                // resuts, as a successful merge just deleted a
+                // record
+                delete patronSvc.lastSearch;
+                $scope.gridControls.refresh();
+            },
+            function(evt) {
+                if (evt && evt.textcode == 'MERGE_SELF_NOT_ALLOWED') {
+                    ngToast.warning(egCore.strings.MERGE_SELF_NOT_ALLOWED);
+                }
+            }
+        );
     }
    
 }])

-----------------------------------------------------------------------

Summary of changes:
 .../src/perlmods/lib/OpenILS/Application/Actor.pm  |   12 +++++++++++
 Open-ILS/src/templates/staff/circ/patron/index.tt2 |    1 +
 .../web/js/ui/default/staff/circ/patron/app.js     |   21 +++++++++++++------
 3 files changed, 27 insertions(+), 7 deletions(-)


hooks/post-receive
-- 
Evergreen ILS

More information about the open-ils-commits mailing list