perm-modify.tcl

Modify permissions on an object.

Location:
/packages/acs-subsite/www/permissions/perm-modify.tcl

Related Files

[ hide source ] | [ make this the default ]

File Contents

ad_page_contract {

    Modify permissions on an object.

} {
    object_id:object_id,notnull
    {perm:token,multiple {[list]}}
    {privs:token,notnull}
    return_url:localurl
} -validate {
    privs_exists_p -requires {privs} {
        foreach priv $privs {
            if {![db_0or1row get_priv {select 1 from acs_privileges where privilege = :priv}]} {
                ad_complain "privilege [ns_quotehtml $priv] doesn't exist"
            }
        }
    }
    perm_is_valid -requires {perm} {
        foreach elm $perm {
            lassign [split $elm ","] party_id priv
            if {![string is integer -strict $party_id] ||
                ![db_0or1row party_exists {select 1 from parties where party_id = :party_id}] ||
                ($priv ne "remove" && ![db_0or1row priv_exists {select 1 from acs_privileges where privilege = :priv}])
            } {
                ad_complain "perm [ns_quotehtml $elm] is not valid"
            }
        }
    }
}


permission::require_permission -object_id $object_id -privilege admin

set mainsite_p [expr {$object_id eq [subsite::main_site_id]}]

#
# Entries in 'perm' have the form "${party_id}_${privilege}"
#
foreach elm $perm {
    lassign [split $elm ","] party_id priv
    if { $priv ne "remove" } {
        set perm_array($elm) add
    }
}

foreach elm $perm {
    lassign [split $elm ","] party_id priv
    if {$priv eq "remove"} {
        foreach priv $privs {
            if { [info exists perm_array(${party_id},${priv})] } {
                if {$mainsite_p && $party_id == "-1"} {
                    util_user_message "#acs-kernel.The_Public# $priv: #acs-subsite.perm_cannot_be_removed#"
                } else {
                    unset perm_array(${party_id},${priv})
                }
            }
        }
    }
}

# Don't want them to remove themselves as admins
if { ![info exists perm_array([ad_conn user_id],admin)] && ![acs_user::site_wide_admin_p] } {
    set perm_array([ad_conn user_id],admin) add
}

set changes_p false
db_transaction {
    db_foreach permissions_in_db {} {

        if { ![info exists perm_array(${grantee_id},${privilege})] } {
            # If they're not in the modified list, remove them
            set perm_array(${grantee_id},${privilege}) remove
        } else {
            # If they are in the modified list, make a note that they're also in the database
            set perm_array(${grantee_id},${privilege}) nothing
        }
    }

    # run through the perm_array, and depending on the value
    #  remove:  Remove the privilege
    #  nothing: Do nothing
    #  add:     Add the privilege
    foreach elm [array names perm_array] {
        lassign [split $elm ","] party_id privilege

        switch -- $perm_array($elm) {
            remove {
                permission::revoke -party_id $party_id -object_id $object_id -privilege $privilege
                set changes_p true
            }
            add {
                permission::grant -party_id $party_id -object_id $object_id -privilege $privilege
                set changes_p true
            }
        }
    }
} on_error {
    ad_return_complaint 1 "[_ acs-tcl.The] $errmsg<p> $::errorInfo"
    ad_script_abort
}

set message [expr {$changes_p ? [_ acs-subsite.Permissions_Updated] : ""}]

ad_returnredirect -message $message $return_url
ad_script_abort

# Local variables:
#    mode: tcl
#    tcl-indent-level: 4
#    indent-tabs-mode: nil
# End: