From 8c55772891585cab525770d89e6e1ec1a39a405b Mon Sep 17 00:00:00 2001
From: miker <miker@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Wed, 1 Feb 2006 18:39:54 +0000
Subject: [PATCH] simplified/corrected usr_has_perm for grantable; added
 usr_can_grant_perm

git-svn-id: svn://svn.open-ils.org/ILS/trunk@2924 dcc99617-32d9-48b4-a31d-7c20da2025e4
---
 .../src/sql/Pg/006.schema.permissions.sql     | 77 ++++++++++---------
 1 file changed, 41 insertions(+), 36 deletions(-)

diff --git a/Open-ILS/src/sql/Pg/006.schema.permissions.sql b/Open-ILS/src/sql/Pg/006.schema.permissions.sql
index 00c7f18091..3ec6ed9c90 100644
--- a/Open-ILS/src/sql/Pg/006.schema.permissions.sql
+++ b/Open-ILS/src/sql/Pg/006.schema.permissions.sql
@@ -142,53 +142,58 @@ CREATE OR REPLACE FUNCTION permission.grp_ancestors ( INT ) RETURNS SETOF permis
 		END, a.name;
 $$ LANGUAGE SQL STABLE;
 
-CREATE OR REPLACE FUNCTION permission.usr_perms ( iuser INT ) RETURNS SETOF permission.usr_perm_map AS $$
+CREATE OR REPLACE FUNCTION permission.usr_perms ( INT ) RETURNS SETOF permission.usr_perm_map AS $$
+	SELECT	DISTINCT ON (usr,perm) *
+	  FROM	(
+			(SELECT * FROM permission.usr_perm_map WHERE usr = $1)
+        				UNION ALL
+			(SELECT	-p.id, 1 AS usr, p.perm, p.depth, p.grantable
+			  FROM	permission.grp_perm_map p
+			  WHERE	p.grp = (SELECT profile FROM actor.usr WHERE id = $1 LIMIT 1))
+        				UNION ALL
+			(SELECT	-p.id, 1 AS usr, p.perm, p.depth, p.grantable
+			  FROM	permission.grp_perm_map p 
+			  WHERE	p.grp IN (SELECT (permission.grp_ancestors(m.grp)).id FROM permission.usr_grp_map m WHERE usr = 1))
+		) AS x
+	  ORDER BY 2, 3, 1 DESC, 5 DESC ;
+$$ LANGUAGE SQL STABLE;
+
+CREATE OR REPLACE FUNCTION permission.usr_can_grant_perm ( iuser INT, tperm TEXT, target_ou INT ) RETURNS BOOL AS $$
 DECLARE
-	u_perm	permission.usr_perm_map%ROWTYPE;
-	grp	permission.usr_grp_map%ROWTYPE;
-	g_list	permission.grp_tree%ROWTYPE;
+	r_usr	actor.usr%ROWTYPE;
+	r_perm	permission.usr_perm_map%ROWTYPE;
 BEGIN
-	FOR u_perm IN SELECT * FROM permission.usr_perm_map WHERE usr = iuser LOOP
-		RETURN NEXT u_perm;
-	END LOOP;
-
-	FOR g_list IN	SELECT	*
-			  FROM	permission.grp_ancestors(
-			  	  (	SELECT	u.profile
-					  FROM	actor.usr u
-					  WHERE	u.id = iuser
-				  )
-				)
-		LOOP
-
-		FOR u_perm IN	SELECT	DISTINCT -p.id, iuser AS usr, p.perm, p.depth, p.grantable
-				  FROM	permission.grp_perm_map p
-				  WHERE	p.grp = g_list.id LOOP
 
-			RETURN NEXT u_perm;
+	SELECT * INTO r_usr FROM actor.usr WHERE id = iuser;
 
-		END LOOP;
-	END LOOP;
+	IF r_usr.active = FALSE THEN
+		RETURN FALSE;
+	END IF;
 
-	FOR grp IN	SELECT	*
-			  FROM	permission.usr_grp_map
-			  WHERE	usr = iuser LOOP
+	IF r_usr.super_user = TRUE THEN
+		RETURN TRUE;
+	END IF;
 
-		FOR g_list IN	SELECT	*
-				  FROM	permission.grp_ancestors( grp.grp ) LOOP
 
-			FOR u_perm IN	SELECT	DISTINCT -p.id, iuser AS usr, p.perm, p.depth, p.grantable
-					  FROM	permission.grp_perm_map p
-						JOIN permission.usr_grp_map m ON (m.grp = p.grp)
-					  WHERE	m.grp = g_list.id LOOP
+	FOR r_perm IN	SELECT	*
+			  FROM	permission.usr_perms(iuser) p
+				JOIN permission.perm_list l
+					ON (l.id = p.perm)
+			  WHERE	(l.code = tperm AND p.grantable IS TRUE)
+		LOOP
 
-				RETURN NEXT u_perm;
+		PERFORM	*
+		  FROM	actor.org_unit_descendants(target_ou,r_perm.depth)
+		  WHERE	id = r_usr.home_ou;
 
-			END LOOP;
-		END LOOP;
+		IF FOUND THEN
+			RETURN TRUE;
+		ELSE
+			RETURN FALSE;
+		END IF;
 	END LOOP;
 
-	RETURN;
+	RETURN FALSE;
 END;
 $$ LANGUAGE PLPGSQL;
 
-- 
2.43.2