From 7c8e0372f8230e304cfd26a776803f3cb827c606 Mon Sep 17 00:00:00 2001
From: miker <miker@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Thu, 7 Feb 2008 19:36:16 +0000
Subject: [PATCH] cross-port the per-object perm scheme from the acq branch

git-svn-id: svn://svn.open-ils.org/ILS/trunk@8689 dcc99617-32d9-48b4-a31d-7c20da2025e4
---
 Open-ILS/examples/fm_IDL.xml                  | 51 +++++++++++++++++++
 .../src/sql/Pg/006.schema.permissions.sql     | 45 ++++++++++++++++
 2 files changed, 96 insertions(+)

diff --git a/Open-ILS/examples/fm_IDL.xml b/Open-ILS/examples/fm_IDL.xml
index be0110d556..333a03135d 100644
--- a/Open-ILS/examples/fm_IDL.xml
+++ b/Open-ILS/examples/fm_IDL.xml
@@ -287,6 +287,16 @@
 			<link field="dest" reltype="has_a" key="id" map="" class="aou"/>
 			<link field="target_copy" reltype="has_a" key="id" map="" class="acp"/>
 		</links>
+        <permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
+            <actions>
+                <create permission="TRANSIT_COPY" context_field="owner">
+                    <context link="target_copy" field="circ_lib"/>
+                </create>
+                <retrieve/>
+                <update permission="UPDATE_TRANSIT" context_field="dest|source"/>
+                <delete permission="DELETE_TRANSIT" context_field="dest|source"/>
+            </actions>
+        </permacrud>
 	</class>
 	<class id="asvr" controller="open-ils.cstore" oils_obj:fieldmapper="action::survey_response" oils_persist:tablename="action.survey_response" reporter:label="Survey Response">
 		<fields oils_persist:primary="id" oils_persist:sequence="action.survey_response_id_seq">
@@ -1824,6 +1834,20 @@
 			<link field="stat_cat_entries" reltype="has_many" key="owning_copy" map="stat_cat_entry" class="ascecm"/>
 			<link field="circulations" reltype="has_many" key="target_copy" map="" class="circ"/>
 		</links>
+        <permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
+            <actions>
+                <create permission="CREATE_COPY">
+                    <context link="call_number" field="owning_lib"/>
+                </create>
+                <retrieve/>
+                <update permission="UPDATE_COPY">
+                    <context link="call_number" field="owning_lib"/>
+                </update>
+                <delete permission="DELETE_COPY">
+                    <context link="call_number" field="owning_lib"/>
+                </delete>
+            </actions>
+        </permacrud>
 	</class>
 	<class id="crahp" controller="open-ils.cstore" oils_obj:fieldmapper="config::rules::age_hold_protect" oils_persist:tablename="config.rule_age_hold_protect" reporter:label="Age Hold Protection Rule">
 		<fields oils_persist:primary="id" oils_persist:sequence="config.rule_age_hold_protect_id_seq">
@@ -2026,6 +2050,23 @@
 			<link field="perm" reltype="has_a" key="id" map="" class="ppl"/>
 		</links>
 	</class>
+	<class id="puopm" controller="open-ils.cstore" oils_obj:fieldmapper="permission::usr_object_perm_map" oils_persist:tablename="permission.usr_object_perm_map">
+		<fields oils_persist:primary="id" oils_persist:sequence="permission.usr_object_perm_map_id_seq">
+			<field name="isnew" oils_obj:array_position="0" oils_persist:virtual="true" />
+			<field name="ischanged" oils_obj:array_position="1" oils_persist:virtual="true" />
+			<field name="isdeleted" oils_obj:array_position="2" oils_persist:virtual="true" />
+			<field name="object_id" oils_obj:array_position="3" oils_persist:virtual="false" reporter:datatype="text"/>
+			<field name="grantable" oils_obj:array_position="4" oils_persist:virtual="false" reporter:datatype="bool"/>
+			<field name="id" oils_obj:array_position="5" oils_persist:virtual="false" reporter:datatype="id" />
+			<field name="perm" oils_obj:array_position="6" oils_persist:virtual="false" reporter:datatype="link"/>
+			<field name="usr" oils_obj:array_position="7" oils_persist:virtual="false" reporter:datatype="link"/>
+			<field name="object_type" oils_obj:array_position="8" oils_persist:virtual="false" reporter:datatype="text"/>
+		</fields>
+		<links>
+			<link field="usr" reltype="has_a" key="id" map="" class="au"/>
+			<link field="perm" reltype="has_a" key="id" map="" class="ppl"/>
+		</links>
+	</class>
 	<class id="mp" controller="open-ils.cstore" oils_obj:fieldmapper="money::payment" oils_persist:tablename="money.payment_view" reporter:core="true" reporter:label="Payments: All">
 		<fields oils_persist:primary="id" oils_persist:sequence="">
 			<field name="isnew" oils_obj:array_position="0" oils_persist:virtual="true" />
@@ -2193,6 +2234,16 @@
 			<link field="dest" reltype="has_a" key="id" map="" class="aou"/>
 			<link field="hold" reltype="has_a" key="id" map="" class="ahr"/>
 		</links>
+        <permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
+            <actions>
+                <create permission="TRANSIT_COPY" context_field="owner">
+                    <context link="target_copy" field="circ_lib"/>
+                </create>
+                <retrieve/>
+                <update permission="UPDATE_TRANSIT" context_field="dest|source"/>
+                <delete permission="DELETE_TRANSIT" context_field="dest|source"/>
+            </actions>
+        </permacrud>
 	</class>
 	<class id="mb" controller="open-ils.cstore" oils_obj:fieldmapper="money::billing" oils_persist:tablename="money.billing" reporter:label="Billing Line Item">
 		<fields oils_persist:primary="id" oils_persist:sequence="money.billing_id_seq">
diff --git a/Open-ILS/src/sql/Pg/006.schema.permissions.sql b/Open-ILS/src/sql/Pg/006.schema.permissions.sql
index 37c5d2a3f2..b8b42eb387 100644
--- a/Open-ILS/src/sql/Pg/006.schema.permissions.sql
+++ b/Open-ILS/src/sql/Pg/006.schema.permissions.sql
@@ -39,6 +39,16 @@ CREATE TABLE permission.usr_perm_map (
 		CONSTRAINT perm_usr_once UNIQUE (usr,perm)
 );
 
+CREATE TABLE permission.usr_object_perm_map (
+	id		SERIAL	PRIMARY KEY,
+	usr		INT	NOT NULL REFERENCES actor.usr (id) ON DELETE CASCADE,
+	perm		INT	NOT NULL REFERENCES permission.perm_list (id) ON DELETE CASCADE,
+    object_type TEXT NOT NULL,
+    object_id   TEXT NOT NULL,
+	grantable	BOOL	NOT NULL DEFAULT FALSE,
+		CONSTRAINT perm_usr_obj_once UNIQUE (usr,perm,object_type,object_id)
+);
+
 CREATE TABLE permission.usr_grp_map (
 	id	SERIAL	PRIMARY KEY,
 	usr	INT	NOT NULL REFERENCES actor.usr (id) ON DELETE CASCADE,
@@ -208,6 +218,41 @@ BEGIN
 END;
 $$ LANGUAGE PLPGSQL;
 
+CREATE OR REPLACE FUNCTION permission.usr_has_object_perm ( iuser INT, tperm TEXT, obj_type TEXT, obj_id TEXT, target_ou INT ) RETURNS BOOL AS $$
+DECLARE
+	r_usr	actor.usr%ROWTYPE;
+    res     BOOL;
+BEGIN
+
+	SELECT * INTO r_usr FROM actor.usr WHERE id = iuser;
+
+	IF r_usr.active = FALSE THEN
+		RETURN FALSE;
+	END IF;
+
+	IF r_usr.super_user = TRUE THEN
+		RETURN TRUE;
+	END IF;
+
+    SELECT TRUE INTO res FROM permission.usr_object_perm_map WHERE usr = r_usr.id AND object_type = obj_type AND object_id = obj_id;
+
+    IF FOUND THEN
+        RETURN TRUE;
+    END IF;
+
+    IF target_ou > -1 THEN
+        RETURN permission.usr_has_perm( iuser, tperm, target_ou);
+	END IF;
+
+    RETURN FALSE;
+
+END;
+$$ LANGUAGE PLPGSQL;
+
+CREATE OR REPLACE FUNCTION permission.usr_has_object_perm ( INT, TEXT, TEXT, TEXT ) RETURNS BOOL AS $$
+    SELECT permission.usr_has_object_perm( $1, $2, $3, $4, -1 );
+$$ LANGUAGE SQL;
+
 CREATE OR REPLACE FUNCTION permission.usr_has_perm ( INT, TEXT, INT ) RETURNS BOOL AS $$
 	SELECT	CASE
 			WHEN permission.usr_has_home_perm( $1, $2, $3 ) THEN TRUE
-- 
2.43.2