permission::permission_p (public)

 permission::permission_p [ -no_login ] [ -no_cache ] \
    [ -party_id party_id ] -object_id object_id -privilege privilege

Defined in packages/acs-tcl/tcl/acs-permissions-procs.tcl

Does the provided party have the requested privilege on the given object?

Switches:
-no_login
(boolean) (optional)
Don't bump to registration to refresh authentication, if the user's authentication is expired. This is specifically required in the case where you're calling this from the proc that gets the login page.
-no_cache
(boolean) (optional)
force loading from db even if cached (flushes cache as well)
-party_id
(optional)
if null then it is the current user_id
-object_id
(required)
The object you want to check permissions on.
-privilege
(required)
The privilege you want to check for.
Returns:
Boolean value expressing if the user has the required privilege on the given object

Partial Call Graph (max 5 caller/called nodes):
%3 test_acs_admin_merge_MergeUserInfo acs_admin_merge_MergeUserInfo (test acs-admin) permission::permission_p permission::permission_p test_acs_admin_merge_MergeUserInfo->permission::permission_p test_ad_proc_permission_grant_and_revoke ad_proc_permission_grant_and_revoke (test acs-tcl) test_ad_proc_permission_grant_and_revoke->permission::permission_p test_ad_proc_permission_permission_p ad_proc_permission_permission_p (test acs-tcl) test_ad_proc_permission_permission_p->permission::permission_p acs_object_name acs_object_name (public) permission::permission_p->acs_object_name ad_conn ad_conn (public) permission::permission_p->ad_conn ad_get_tcl_call_stack ad_get_tcl_call_stack (public) permission::permission_p->ad_get_tcl_call_stack ad_login_page ad_login_page (private) permission::permission_p->ad_login_page auth::require_login auth::require_login (public) permission::permission_p->auth::require_login Class ::xo::lti::LTI Class ::xo::lti::LTI (public) Class ::xo::lti::LTI->permission::permission_p Class ::xowiki::includelet::kibana Class ::xowiki::includelet::kibana (public) Class ::xowiki::includelet::kibana->permission::permission_p acs_privacy::user_can_read_private_data_p acs_privacy::user_can_read_private_data_p (public, deprecated) acs_privacy::user_can_read_private_data_p->permission::permission_p acs_user::site_wide_admin_p acs_user::site_wide_admin_p (public) acs_user::site_wide_admin_p->permission::permission_p bug_tracker::get_related_files_links bug_tracker::get_related_files_links (public) bug_tracker::get_related_files_links->permission::permission_p

Testcases:
acs_admin_merge_MergeUserInfo, ad_proc_permission_grant_and_revoke, ad_proc_permission_permission_p
Source code:
    if { $party_id eq "" } {
        set party_id [ad_conn user_id]
    }

    set caching_activated [permission::cache_p]

    if { $no_cache_p || !$caching_activated } {
        #
        # No caching wanted (either per-call or configured)
        #
        if { $no_cache_p } {
            #
            # Avoid all caches.
            #
            permission::permission_thread_cache_flush
        }

        if {$caching_activated} {
            #
            # Only flush the cache, when caching is activated.
            # Frequent cache flushing can cause a flood of
            # intra-server talk in a cluster configuration (see bug
            # #2398);
            #
            permission::cache_flush  -party_id $party_id  -object_id $object_id  -privilege $privilege
        }

        set permission_p [permission::permission_p_not_cached  -party_id $party_id  -object_id $object_id  -privilege $privilege]
    } else {
        #
        # Permission caching is activated
        #
        set permission_p [permission::cache_eval  -party_id $party_id  -object_id $object_id  -privilege $privilege]
    }

    if {
        !$no_login_p
        && $party_id == 0
        && [ad_conn user_id] == 0
        && [ad_conn untrusted_user_id] != 0
        && ![string is true -strict $permission_p]
    } {
        #
        # In case, permission was granted above, the party and ad_conn
        # user_id are 0, and the permission is NOT granted based on
        # the untrusted_user_id, require login unless this is
        # deactivated for this call.
        #
        set untrusted_permission_p [permission_p_not_cached  -party_id [ad_conn untrusted_user_id]  -object_id $object_id  -privilege $privilege]
        if { $permission_p != $untrusted_permission_p } {
            # Bump to registration page
            ns_log Debug "permission_p: party_id=$party_id ([acs_object_name $party_id]),"  "object_id=$object_id ([acs_object_name $object_id]),"  "privilege=$privilege. Result=>$permission_p."  "Untrusted-Result=>$untrusted_permission_p\n[ad_get_tcl_call_stack]"
            if { ![ad_login_page] } {
                auth::require_login
            }
        }
    }

    return $permission_p
Generic XQL file:
packages/acs-tcl/tcl/acs-permissions-procs.xql

PostgreSQL XQL file:
packages/acs-tcl/tcl/acs-permissions-procs-postgresql.xql

Oracle XQL file:
packages/acs-tcl/tcl/acs-permissions-procs-oracle.xql

[ hide source ] | [ make this the default ]
Show another procedure: