From: Mitch Jackson <mitch@freeside.biz>
Date: Wed, 18 Jul 2018 03:14:07 +0000 (-0500)
Subject: RT# 32234 Change unmask_ss from global conf to group access right
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=81fe2b6311b181a32a81fa81fcccfff1c7d471d1

RT# 32234 Change unmask_ss from global conf to group access right
---

diff --git a/FS/FS/Conf.pm b/FS/FS/Conf.pm
index 9bdd67f7a..1b25cb5f0 100644
--- a/FS/FS/Conf.pm
+++ b/FS/FS/Conf.pm
@@ -2193,7 +2193,7 @@ and customer address. Include units.',
 
   {
     'key'         => 'unmask_ss',
-    'section'     => 'e-checks',
+    'section'     => 'deprecated',
     'description' => "Don't mask social security numbers in the web interface.",
     'type'        => 'checkbox',
   },
diff --git a/FS/FS/Upgrade.pm b/FS/FS/Upgrade.pm
index 3e0412795..1f4721754 100644
--- a/FS/FS/Upgrade.pm
+++ b/FS/FS/Upgrade.pm
@@ -192,6 +192,19 @@ If you need to continue using the old Form 477 report, turn on the
       $lh->maketext($_) if length($_);
     }
   }
+
+  unless ( FS::upgrade_journal->is_done('deprecate_unmask_ss') ) {
+    if ( $conf->config_bool( 'unmask_ss' )) {
+      warn "'unmask_ssn' deprecated from global configuration\n";
+      for my $access_group ( qsearch( access_group => {} )) {
+        $access_group->grant_access_right( 'Unmask customer SSN' );
+        warn " - 'Unmask customer SSN' access right granted to '" .
+             $access_group->groupname . "' employee group\n";
+      }
+    }
+    FS::upgrade_journal->set_done('deprecate_unmask_ss');
+  }
+
 }
 
 sub upgrade_overlimit_groups {
diff --git a/FS/FS/access_group.pm b/FS/FS/access_group.pm
index a2b977409..4f6c85b45 100644
--- a/FS/FS/access_group.pm
+++ b/FS/FS/access_group.pm
@@ -2,6 +2,7 @@ package FS::access_group;
 use base qw( FS::m2m_Common FS::m2name_Common FS::Record );
 
 use strict;
+use Carp qw( croak );
 use FS::Record qw( qsearch qsearchs );
 use FS::access_right;
 
@@ -137,6 +138,54 @@ sub access_right {
           );
 }
 
+=item grant_access_right RIGHTNAME
+
+Grant the specified specified FS::access_right record to this group.
+Return the FS::access_right record.
+
+=cut
+
+sub grant_access_right {
+  my ( $self, $rightname ) = @_;
+
+  croak "grant_access_right() requires \$rightname"
+    unless $rightname;
+
+  my $access_right = $self->access_right( $rightname );
+  return $access_right if $access_right;
+
+  $access_right = FS::access_right->new({
+    righttype   => 'FS::access_group',
+    rightobjnum => $self->groupnum,
+    rightname   => $rightname,
+  });
+  if ( my $error = $access_right->insert ) {
+    die "grant_access_right() error: $error";
+  }
+
+  $access_right;
+}
+
+=item revoke_access_right RIGHTNAME
+
+Revoke the specified FS::access_right record from this group.
+
+=cut
+
+sub revoke_access_right {
+  my ( $self, $rightname ) = @_;
+
+  croak "revoke_access_right() requires \$rightname"
+    unless $rightname;
+
+  my $access_right = $self->access_right( $rightname )
+    or return;
+
+  if ( my $error = $access_right->delete ) {
+    die "revoke_access_right() error: $error";
+  }
+}
+
 =back
 
 =head1 BUGS
@@ -148,4 +197,3 @@ L<FS::Record>, schema.html from the base documentation.
 =cut
 
 1;
-