git.evergreen-ils.org Git - Evergreen.git/commit

author	Galen Charlton <gmc@esilibrary.com>
	Thu, 19 Feb 2015 19:38:19 +0000 (19:38 +0000)
committer	Bill Erickson <berickxx@gmail.com>
	Fri, 20 Feb 2015 21:58:18 +0000 (16:58 -0500)
commit	8125ece809a046715314d1c58c61f36feb66460c
tree	b6d2a596e71cc784d74568dc945d421b2fda3de5	tree
parent	66185ad790663bb1293ab546556d3e4c69edede3	commit \| diff

LP#1410369: add a new view to restrict arbitrary editing access

The previous commit now allows owning_user in fm_IDL.xml to
specify that patrons can access their own messages, saving
the need to write some copy-and-paste middle-layer code.

However, we don't necessarily want a patron who figures
out how to use pcrud directly to change the content
of messages that are sent to them. To avoid that, this
patch adds a new view, actor.usr_message_limited, that is
allows updates of the read_date and deleted columns in
the underlying table, but nothing else.

This patch also fixes a couple typos.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Kathy Lussier <klussier@masslnc.org>

Open-ILS/examples/fm_IDL.xml		diff \| blob \| history
Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm		diff \| blob \| history
Open-ILS/src/sql/Pg/005.schema.actors.sql		diff \| blob \| history
Open-ILS/src/sql/Pg/upgrade/XXXX.schema.message-center.sql		diff \| blob \| history