permission::permission_p (public)

 permission::permission_p [ -no_login ] [ -no_cache ] \
    [ -party_id party_id ] -object_id object_id -privilege privilege

Defined in packages/acs-tcl/tcl/acs-permissions-procs.tcl

Does the provided party have the requested privilege on the given object?

Switches:

-no_login (optional, boolean)

Don't bump to registration to refresh authentication, if the user's authentication is expired. This is specifically required in the case where you're calling this from the proc that gets the login page.

-no_cache (optional, boolean)

force loading from db even if cached (flushes cache as well)

-party_id (optional)

if null then it is the current user_id

-object_id (required)

The object you want to check permissions on.

-privilege (required)

The privilege you want to check for.

Returns:

Boolean value expressing if the user has the required privilege on the given object

Partial Call Graph (max 5 caller/called nodes):

Testcases:

acs_admin_merge_MergeUserInfo, ad_proc_permission_grant_and_revoke, ad_proc_permission_permission_p, test_inheritance_and_custom_permissions

Source code:

    if { $party_id eq "" } {
        set party_id [ad_conn user_id]
    }

    set caching_activated [permission::cache_p]

    if { $no_cache_p || !$caching_activated } {
        #
        # No caching wanted (either per-call or configured)
        #
        if { $no_cache_p } {
            #
            # Avoid all caches.
            #
            permission::permission_thread_cache_flush
        }

        if {$caching_activated} {
            #
            # Only flush the cache, when caching is activated.
            # Frequent cache flushing can cause a flood of
            # intra-server talk in a cluster configuration (see bug
            # #2398);
            #
            permission::cache_flush  -party_id $party_id  -object_id $object_id  -privilege $privilege
        }

        set permission_p [permission::permission_p_not_cached  -party_id $party_id  -object_id $object_id  -privilege $privilege]
    } else {
        #
        # Permission caching is activated
        #
        set permission_p [permission::cache_eval  -party_id $party_id  -object_id $object_id  -privilege $privilege]
    }

    if {
        !$no_login_p
        && $party_id == 0
        && [ad_conn user_id] == 0
        && [ad_conn untrusted_user_id] != 0
        && ![string is true -strict $permission_p]
    } {
        #
        # In case, permission was granted above, the party and ad_conn
        # user_id are 0, and the permission is NOT granted based on
        # the untrusted_user_id, require login unless this is
        # deactivated for this call.
        #
        set untrusted_permission_p [permission_p_not_cached  -party_id [ad_conn untrusted_user_id]  -object_id $object_id  -privilege $privilege]
        if { $permission_p != $untrusted_permission_p } {
            # Bump to registration page
            ns_log Debug "permission_p: party_id=$party_id ([acs_object_name $party_id]),"  "object_id=$object_id ([acs_object_name $object_id]),"  "privilege=$privilege. Result=>$permission_p."  "Untrusted-Result=>$untrusted_permission_p\n[ad_get_tcl_call_stack]"
            if { ![ad_login_page] } {
                auth::require_login
            }
        }
    }

    return $permission_p

Generic XQL file:

packages/acs-tcl/tcl/acs-permissions-procs.xql

PostgreSQL XQL file:

packages/acs-tcl/tcl/acs-permissions-procs-postgresql.xql

Oracle XQL file:

packages/acs-tcl/tcl/acs-permissions-procs-oracle.xql