OpenILS::Application::Actor should check_perms for CREATE_CLOSED_DATE, not CREATE_CLOSEING

Bug #1240657 reported by Ben Ostrowsky on 2013-10-16
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Evergreen
Low
Unassigned

Bug Description

Line 2647 of OpenILS/Application/Actor.pm says:

$evt = $U->check_perms($user->id, $cd->org_unit, 'CREATE_CLOSEING');

Since that permission doesn't exist in closed_dates.js, I'm guessing this should be:

$evt = $U->check_perms($user->id, $cd->org_unit, 'CREATE_CLOSED_DATE');

Ben Ostrowsky (sylvar) wrote :

The same goes for DELETE_CLOSEING and DELETE_CLOSED_DATE in Actor.pm.

Ben Shum (bshum) wrote :

Actually, I think the proper permission names are:

CREATE_ORG_UNIT_CLOSING
DELETE_ORG_UNIT_CLOSING
UPDATE_ORG_UNIT_CLOSING

The CREATE_CLOSED_DATE appears to be a function to actually perform the action, and not the permission's name.

Changed in evergreen:
status: New → Confirmed
importance: Undecided → Medium
Ben Shum (bshum) wrote :

Marking confirmed though, does seem to be a mismatched perm check in Open-ILS/src/perlmods/lib/OpenILS/Application/Actor.pm

Working Branch added to fix this issue
user/stompro/lp1240657_closing_permissions
http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/stompro/lp1240657_closing_permissions

Josh

tags: added: pullrequest
Galen Charlton (gmc) wrote :

Noting that the affected methods, open-ils.actor.org_unit.closed_date.create and open-ils.actor.org_unit.closed_date.delete, aren't used. Instead, the closed date editor currently uses open-ils.actor.org_unit.closed.{create,date,update,retrieve}, and those are defined in ClosedDates.pm.

For the sake of bookkeeping, I've gone ahead and pushed Josh's patch to master (thanks!), but I won't bother backporting it. I'll open a separate bug for removing the unused methods.

Changed in evergreen:
importance: Medium → Low
status: Confirmed → Fix Committed
Galen Charlton (gmc) wrote :

The new bug is bug 1545178.

Galen Charlton (gmc) on 2016-03-04
Changed in evergreen:
milestone: none → 2.10-beta
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers