LP#1920815 Item edit link displayed for all users

The Angular catalog item table doesn't check UPDATE_COPY perm
before displaying an edit link. The back-end checks, so this is
a display issue only. This commit grabs a list of org Ids where
the user has UPDATE_COPY perm and checks the copy circ lib or
cn owning lib is in the list before displaying the edit link.

To test:
1. Search for a record with items you don't have perm to edit
2. Note the edit link shows on every item
3. Apply patch
4. Repeat steps 1-2
5. Note edit link displays if you have perm to edit

Signed-off-by: Dan Briem <dbriem@wlsmail.org>
Signed-off-by: Michele Morgan <mmorgan@noblenet.org>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>

diff --git a/Open-ILS/src/eg2/src/app/staff/catalog/record/copies.component.html b/Open-ILS/src/eg2/src/app/staff/catalog/record/copies.component.html
index 55c4e65..94795fe 100644 (file)
--- a/Open-ILS/src/eg2/src/app/staff/catalog/record/copies.component.html
+++ b/Open-ILS/src/eg2/src/app/staff/catalog/record/copies.component.html
@@ -4,14 +4,16 @@
   {{copy.call_number_suffix_label}}
 </ng-template>
 
-<ng-template #barcodeTemplate let-copy="row">
+<ng-template #barcodeTemplate let-copy="row" let-context="userContext">
   <div>{{copy.barcode}}</div>
   <div>
-  <a class="pl-1" target="_blank" 
-    href="/eg/staff/cat/item/{{copy.id}}" i18n>View</a>
-  | 
-  <a class="pl-1" href="javascript:;"
-    (click)="openHoldingsEditor(copy.id)" i18n>Edit</a>
+    <a class="pl-1" target="_blank" 
+      href="/eg/staff/cat/item/{{copy.id}}" i18n>View</a>
+    <ng-container *ngIf="context.editable(copy)">
+      | 
+      <a class="pl-1" href="javascript:;"
+        (click)="openHoldingsEditor(copy.id)" i18n>Edit</a>
+    </ng-container>
   </div>
 </ng-template>
 
@@ -58,7 +60,7 @@
     <eg-grid-column i18n-label label="Part" path="part_label" name="monograph_part">
     </eg-grid-column>
     <eg-grid-column i18n-label label="Barcode" name="barcode"
-      [cellTemplate]="barcodeTemplate">
+      [cellTemplate]="barcodeTemplate" [cellContext]="copyContext">
     </eg-grid-column>
     <eg-grid-column i18n-label label="Shelving Location" path="copy_location">
     </eg-grid-column>

diff --git a/Open-ILS/src/eg2/src/app/staff/catalog/record/copies.component.ts b/Open-ILS/src/eg2/src/app/staff/catalog/record/copies.component.ts
index 3ad8322..bb53591 100644 (file)
--- a/Open-ILS/src/eg2/src/app/staff/catalog/record/copies.component.ts
+++ b/Open-ILS/src/eg2/src/app/staff/catalog/record/copies.component.ts
@@ -9,6 +9,7 @@ import {GridDataSource, GridColumn, GridCellTextGenerator} from '@eg/share/grid/
 import {GridComponent} from '@eg/share/grid/grid.component';
 import {BroadcastService} from '@eg/share/util/broadcast.service';
 import {CourseService} from '@eg/staff/share/course.service';
+import {PermService} from '@eg/core/perm.service';
 
 @Component({
   selector: 'eg-catalog-copies',
@@ -19,6 +20,7 @@ export class CopiesComponent implements OnInit {
     recId: number;
     initDone = false;
     usingCourseModule = false;
+    editableCopyLibs: number[] = [];
     gridDataSource: GridDataSource;
     copyContext: any; // grid context
     @ViewChild('copyGrid', { static: true }) copyGrid: GridComponent;
@@ -41,7 +43,8 @@ export class CopiesComponent implements OnInit {
         private net: NetService,
         private org: OrgService,
         private staffCat: StaffCatalogService,
-        private broadcaster: BroadcastService
+        private broadcaster: BroadcastService,
+        private perm: PermService
     ) {
         this.gridDataSource = new GridDataSource();
     }
@@ -52,12 +55,23 @@ export class CopiesComponent implements OnInit {
             this.usingCourseModule = res;
         });
 
+        this.perm.hasWorkPermAt(['UPDATE_COPY'], true)
+            .then(result => {
+                this.editableCopyLibs = result.UPDATE_COPY as number[];
+            });
+
         this.gridDataSource.getRows = (pager: Pager, sort: any[]) => {
             // sorting not currently supported
             return this.fetchCopies(pager);
         };
 
         this.copyContext = {
+            editable: (copy: any) => {
+                return this.editableCopyLibs.some(lib => {
+                    return copy.circ_lib === lib
+                        || copy.call_number_owning_lib === lib;
+                });
+            },
             holdable: (copy: any) => {
                 return copy.holdable === 't'
                     && copy.location_holdable === 't'