xo::Policy instproc enforce_permissions (public)
<instance of xo::Policy> enforce_permissions \ [ -user_id user_id ] [ -package_id package_id ] object method
Defined in /var/www/openacs.org/packages/xotcl-core/tcl/policy-procs.tcl
This method checks whether the current user is allowed or not to invoke a method based on the given policy and forces logins if required.
- Switches:
- -user_id (optional, integer)
- -package_id (optional, integer)
- Parameters:
- object (required, object)
- method (required)
- Returns:
- 0 or 1
- See Also:
- check_permissions
- Testcases:
- xowiki_test_cases
Source code: if {![info exists user_id]} {set user_id [::xo::cc user_id]} if {![info exists package_id]} {set package_id [::xo::cc package_id]} set allowed 0 set permission [:get_permission $object $method] if {$permission ne ""} { lassign [:get_privilege $permission $object $method] kind p switch -- $kind { primitive { set allowed [:check_privilege -user_id $user_id -package_id $package_id $p $object $method] set privilege $p } complex { lassign $p attribute privilege set id [$object set $attribute] set allowed [::xo::cc permission -object_id $id -privilege $privilege -party_id $user_id] } } } #:log "--p enforce_permissions {$object $method} : $permission ==> $allowed" if {!$allowed} { # # In case the request does not come from a connected client # (e.g. via some magic way via background processing) then # just abort in the call (raising an exception). # if {[ns_conn isconnected]} { set untrusted_user_id [::xo::cc set untrusted_user_id] if {$permission eq ""} { ns_log notice "enforce_permissions: no permission for $object->$method defined" } elseif {$user_id == 0 && $untrusted_user_id} { ns_log notice "enforce_permissions: force login, user_id=0 and untrusted_id=$untrusted_user_id" auth::require_login } else { ns_log notice "enforce_permissions: $user_id doesn't have $privilege on $object" } ad_return_forbidden [_ xotcl-core.permission_denied] [_ xotcl-core.policy-error-insufficient_permissions] } else { ns_log warning "enforce_permissions: $user_id has no right to $method on $object in background operation" } ad_script_abort } return $allowedXQL Not present: Generic, PostgreSQL, Oracle