git.evergreen-ils.org Git - working/Evergreen.git/commit

author	Galen Charlton <gmc@esilibrary.com>
	Thu, 19 Feb 2015 19:38:19 +0000 (19:38 +0000)
committer	Kathy Lussier <klussier@masslnc.org>
	Fri, 20 Feb 2015 21:17:24 +0000 (16:17 -0500)
commit	28db84eef25d8df25e2030ab59c910f7be3b6054
tree	6618a473a041e5d217c583d5169aa6ff63ea1d9c	tree
parent	be922352bd5b483663f2c9298be78945996f823f	commit \| diff

LP#1410369: add a new view to restrict arbitrary editing access

The previous commit now allows owning_user in fm_IDL.xml to
specify that patrons can access their own messages, saving
the need to write some copy-and-paste middle-layer code.

However, we don't necessarily want a patron who figures
out how to use pcrud directly to change the content
of messages that are sent to them. To avoid that, this
patch adds a new view, actor.usr_message_limited, that is
allows updates of the read_date and deleted columns in
the underlying table, but nothing else.

This patch also fixes a couple typos.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Kathy Lussier <klussier@masslnc.org>

Open-ILS/examples/fm_IDL.xml		diff \| blob \| history
Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm		diff \| blob \| history
Open-ILS/src/sql/Pg/005.schema.actors.sql		diff \| blob \| history
Open-ILS/src/sql/Pg/upgrade/XXXX.schema.message-center.sql		diff \| blob \| history