Here's an example of how
not to implement group scoping
of the bboard module.
closedACS 3.2 (the glorious "MIT sucks!"
release) comes with this glorious kludge: At the bottom of
ad-custom.tcl.postload hides a filter that defines the
function bboard_restrict_access_to_group for all URLs
of the kind /bboard/*. Within this function, there is
some logic of the kind of:
set has_access_p 0
if { $user_id > 0 } {
.
.
.
do some stuff to check group_id, and
if everything is ok, set has_access_p 1
.
.
}
if has_access_p is still 1, return filter_ok.
else, give a nasty "you are not allowed in the group that is
allowed to see this bboard" message.
This guarantees two things: First, it guarantees that anyone
just clicking through the site without logging in
(i.e., with user_id = 0)
will not be granted access to any bboards. They will not be taken
to a login screen. They will just be rejected.
But perhaps more importantly, this guarantees that the sysadmin trying
to figure out why the heck non-registered users cannot see any bboards and looking in the normal places -- the bboard-related tcl
library files -- will end up scratching their head: there is nothing there talking about how bboards are being scoped. The documentation doesn't
talk about it, and the admin page for user groups doesn't list
bboard as among the modules you can associate with any user group.
Nothing like a few minutes of grepping to provide me
with a cheap sense of accomplishment!