acs-permissions-procs.tcl

Publicity: Public Only All

acs-permissions-procs.tcl

Tcl procs for the acs permissioning system.

Location:

packages/acs-tcl/tcl/acs-permissions-procs.tcl
Created:

2000-08-17
Author:

rhs@mit.edu
CVS Identification:

$Id: acs-permissions-procs.tcl,v 1.49 2024/09/11 06:15:48 gustafn Exp $

Procedures in this file

permission::cache_eval (private)
permission::cache_flush (public)
permission::cache_p (private)
permission::get_parties_with_permission (public)
permission::grant (public)
permission::inherit_p (public)
permission::permission_p (public)
permission::permission_p_not_cached (private)
permission::permission_thread_cache_flush (private)
permission::require_permission (public)
permission::require_write_permission (public)
permission::revoke (public)
permission::set_inherit (public)
permission::set_not_inherit (public)
permission::toggle_inherit (public)
permission::write_permission_p (public)

Detailed information

permission::cache_eval (private)

 permission::cache_eval [ -party_id party_id ] [ -object_id object_id ] \
    [ -privilege privilege ]

Run permission call and cache the result.

Switches:

-party_id (optional)
-object_id (optional)
-privilege (optional)

See Also:

permission::permission_p

Testcases:
No testcase defined.

permission::cache_flush (public)

 permission::cache_flush [ -party_id party_id ] \
    [ -object_id object_id ] [ -privilege privilege ]

Flush permissions from the cache. Either specify all three parameters or only party_id

Switches:

-party_id (optional)
-object_id (optional)
-privilege (optional)

See Also:

permission::permission_p

Testcases:
test_inheritance_and_custom_permissions

permission::cache_p (private)

 permission::cache_p

Check, if permission_p caching is enabled or disabled. By default caching is disabled.

Returns:
Boolean value expressing whether permission caching is enabled

Testcases:
No testcase defined.

permission::get_parties_with_permission (public)

 permission::get_parties_with_permission -object_id object_id \
    [ -privilege privilege ]

Return a list of lists of party_id and acs_object.title, having a given privilege on the given object

Switches:

-object_id (required)
-privilege (optional, defaults to "admin")

See Also:

permission::permission_p

Testcases:
test_inheritance_and_custom_permissions

permission::grant (public)

 permission::grant -party_id party_id -object_id object_id \
    -privilege privilege

grant privilege Y to party X on object Z

Switches:

-party_id (required)
-object_id (required)
-privilege (required)

Testcases:
acs_admin_merge_MergeUserInfo, acs_subsite_expose_bug_775, ad_proc_permission_grant_and_revoke, ad_proc_permission_permission_p, test_inheritance_and_custom_permissions

permission::inherit_p (public)

 permission::inherit_p -object_id object_id

Does this object inherit permissions?

Switches:

-object_id (required)

Returns:
Boolean value expression whether permussions are inherited.

Testcases:
test_inheritance_and_custom_permissions

permission::permission_p (public)

 permission::permission_p [ -no_login ] [ -no_cache ] \
    [ -party_id party_id ] -object_id object_id -privilege privilege

Does the provided party have the requested privilege on the given object?

Switches:

-no_login (optional, boolean)
Don't bump to registration to refresh authentication, if the user's authentication is expired. This is specifically required in the case where you're calling this from the proc that gets the login page.
-no_cache (optional, boolean)
force loading from db even if cached (flushes cache as well)
-party_id (optional)
if null then it is the current user_id
-object_id (required)
The object you want to check permissions on.
-privilege (required)
The privilege you want to check for.

Returns:
Boolean value expressing if the user has the required privilege on the given object

Testcases:
acs_admin_merge_MergeUserInfo, ad_proc_permission_grant_and_revoke, ad_proc_permission_permission_p, test_inheritance_and_custom_permissions

permission::permission_p_not_cached (private)

 permission::permission_p_not_cached [ -no_cache ] \
    [ -party_id party_id ] -object_id object_id -privilege privilege

does party X have privilege Y on object Z This function accepts "-no_cache" just to match the permission_p signature since we alias it to permission::permission_p when caching is disabled.

Switches:

-no_cache (optional, boolean)
-party_id (optional)
-object_id (required)
-privilege (required)

See Also:

permission::permission_p

Testcases:
No testcase defined.

permission::permission_thread_cache_flush (private)

 permission::permission_thread_cache_flush

Flush thread cache

Testcases:
No testcase defined.

permission::require_permission (public)

 permission::require_permission [ -party_id party_id ] \
    -object_id object_id -privilege privilege

require that party X have privilege Y on object Z

Switches:

-party_id (optional)
-object_id (required)
-privilege (required)

Testcases:
No testcase defined.

permission::require_write_permission (public)

 permission::require_write_permission -object_id object_id \
    [ -creation_user creation_user ] [ -party_id party_id ] \
    [ -action action ]

If the user is not allowed to edit this object, returns a permission denied page.

Switches:

-object_id (required)
-creation_user (optional)
Optionally specify creation_user directly as an optimization. Otherwise a query will be executed.
-party_id (optional)
The party to have or not have write permission.
-action (optional, defaults to "edit")

See Also:

permission::write_permission_p

Testcases:
No testcase defined.

permission::revoke (public)

 permission::revoke -party_id party_id -object_id object_id \
    -privilege privilege

revoke privilege Y from party X on object Z

Switches:

-party_id (required)
-object_id (required)
-privilege (required)

Testcases:
ad_proc_permission_grant_and_revoke, ad_proc_permission_permission_p

permission::set_inherit (public)

 permission::set_inherit -object_id object_id

set inherit to true

Switches:

-object_id (required)

Testcases:
test_inheritance_and_custom_permissions

permission::set_not_inherit (public)

 permission::set_not_inherit -object_id object_id

set inherit to false

Switches:

-object_id (required)

Testcases:
test_inheritance_and_custom_permissions, fs_publish_file

permission::toggle_inherit (public)

 permission::toggle_inherit -object_id object_id

toggle whether or not this object inherits permissions from its parent

Switches:

-object_id (required)

Testcases:
test_inheritance_and_custom_permissions

permission::write_permission_p (public)

 permission::write_permission_p -object_id object_id \
    [ -party_id party_id ] [ -creation_user creation_user ]

Returns whether a party is allowed to edit an object. The logic is that this party must have either write permission, or it must be the one who created the object.

Switches:

-object_id (required)
The object you want to check write permissions for.
-party_id (optional)
The party to have or not have write permission.
-creation_user (optional)
Optionally specify creation_user directly as an optimization. Otherwise a query will be executed.

Returns:
Boolean value expressing if the user has permission to edit the object

See Also:

permission::require_write_permission

Testcases:
No testcase defined.

[ show source ]