oilsEvent* oilsUtilsCheckPerms( int userid, int orgid, char* permissions[], int size ) {
if (!permissions) return NULL;
int i;
oilsEvent* evt = NULL;
// Find the root org unit, i.e. the one with no parent.
// Assumption: there is only one org unit with no parent.
if (orgid == -1) {
jsonObject* where_clause = jsonParse( "{\"parent_ou\":null}" );
jsonObject* org = oilsUtilsQuickReq(
"open-ils.cstore",
"open-ils.cstore.direct.actor.org_unit.search",
where_clause
);
jsonObjectFree( where_clause );
orgid = (int)jsonObjectGetNumber( oilsFMGetObject( org, "id" ) );
jsonObjectFree(org);
}
for( i = 0; i < size && permissions[i]; i++ ) {
char* perm = permissions[i];
jsonObject* params = jsonParseFmt("[%d, \"%s\", %d]", userid, perm, orgid);
jsonObject* o = oilsUtilsQuickReq( "open-ils.storage",
"open-ils.storage.permission.user_has_perm", params );
char* r = jsonObjectToSimpleString(o);
if(r && !strcmp(r, "0"))
evt = oilsNewEvent3( OSRF_LOG_MARK, OILS_EVENT_PERM_FAILURE, perm, orgid );
jsonObjectFree(params);
jsonObjectFree(o);
free(r);
if(evt)
break;
}
return evt;
}
oilsEvent* oilsUtilsCheckPerms( int userid, int orgid, char* permissions[], int size ) {
if (!permissions) return NULL;
int i;
// Check perms against the root org unit if no org unit is provided.
if (orgid == -1)
orgid = oilsUtilsGetRootOrgId();
for( i = 0; i < size && permissions[i]; i++ ) {
oilsEvent* evt = NULL;
char* perm = permissions[i];
jsonObject* params = jsonParseFmt(
"{\"from\":[\"permission.usr_has_perm\",\"%d\",\"%s\",\"%d\"]}",
userid, perm, orgid
);
// Execute the query
jsonObject* result = oilsUtilsCStoreReq(
"open-ils.cstore.json_query", params);
const jsonObject* hasPermStr =
jsonObjectGetKeyConst(result, "permission.usr_has_perm");
if (!oilsUtilsIsDBTrue(jsonObjectGetString(hasPermStr))) {
evt = oilsNewEvent3(
OSRF_LOG_MARK, OILS_EVENT_PERM_FAILURE, perm, orgid);
}
jsonObjectFree(params);
jsonObjectFree(result);
// return first failed permission check.
if (evt) return evt;
}
return NULL; // all perm checks succeeded
}
