oilsEvent* oilsUtilsCheckPerms( int userid, int orgid, char* permissions[], int size ) { if (!permissions) return NULL; int i; oilsEvent* evt = NULL; // Find the root org unit, i.e. the one with no parent. // Assumption: there is only one org unit with no parent. if (orgid == -1) { jsonObject* where_clause = jsonParse( "{\"parent_ou\":null}" ); jsonObject* org = oilsUtilsQuickReq( "open-ils.cstore", "open-ils.cstore.direct.actor.org_unit.search", where_clause ); jsonObjectFree( where_clause ); orgid = (int)jsonObjectGetNumber( oilsFMGetObject( org, "id" ) ); jsonObjectFree(org); } for( i = 0; i < size && permissions[i]; i++ ) { char* perm = permissions[i]; jsonObject* params = jsonParseFmt("[%d, \"%s\", %d]", userid, perm, orgid); jsonObject* o = oilsUtilsQuickReq( "open-ils.storage", "open-ils.storage.permission.user_has_perm", params ); char* r = jsonObjectToSimpleString(o); if(r && !strcmp(r, "0")) evt = oilsNewEvent3( OSRF_LOG_MARK, OILS_EVENT_PERM_FAILURE, perm, orgid ); jsonObjectFree(params); jsonObjectFree(o); free(r); if(evt) break; } return evt; }
oilsEvent* oilsUtilsCheckPerms( int userid, int orgid, char* permissions[], int size ) { if (!permissions) return NULL; int i; // Check perms against the root org unit if no org unit is provided. if (orgid == -1) orgid = oilsUtilsGetRootOrgId(); for( i = 0; i < size && permissions[i]; i++ ) { oilsEvent* evt = NULL; char* perm = permissions[i]; jsonObject* params = jsonParseFmt( "{\"from\":[\"permission.usr_has_perm\",\"%d\",\"%s\",\"%d\"]}", userid, perm, orgid ); // Execute the query jsonObject* result = oilsUtilsCStoreReq( "open-ils.cstore.json_query", params); const jsonObject* hasPermStr = jsonObjectGetKeyConst(result, "permission.usr_has_perm"); if (!oilsUtilsIsDBTrue(jsonObjectGetString(hasPermStr))) { evt = oilsNewEvent3( OSRF_LOG_MARK, OILS_EVENT_PERM_FAILURE, perm, orgid); } jsonObjectFree(params); jsonObjectFree(result); // return first failed permission check. if (evt) return evt; } return NULL; // all perm checks succeeded }