auth::can_admin_system_without_authority_p (public)

 auth::can_admin_system_without_authority_p -authority_id authority_id

Defined in packages/acs-authentication/tcl/authentication-procs.tcl

Before disabling or deleting an authority we need to check that there is at least one site-wide admin in a different authority that can administer the system.

Switches:

-authority_id

(required)

Returns:

boolean

Author:

Peter Marklund

Partial Call Graph (max 5 caller/called nodes):

Testcases:

auth__can_admin_system_without_authority_p

Source code:

    #
    # Is there a user from other authorities having swa admins (having
    # admin rights on the magic object 'security_context_root')?
    #
    return [db_0or1row admins_left_p {
        select 1 from dual where exists
        (
          select 1
          from acs_permissions p,
             party_approved_member_map m,
             acs_magic_objects amo,
             cc_users u
          where amo.name = 'security_context_root'
          and p.object_id = amo.object_id
          and p.grantee_id = m.party_id
          and u.user_id = m.member_id
          and u.member_state = 'approved'
          and u.authority_id <> :authority_id
          and acs_permission.permission_p(amo.object_id, u.user_id, 'admin') = 't'
        )
    }]

Generic XQL file:

packages/acs-authentication/tcl/authentication-procs.xql

PostgreSQL XQL file:

packages/acs-authentication/tcl/authentication-procs-postgresql.xql

Oracle XQL file:

packages/acs-authentication/tcl/authentication-procs-oracle.xql