• Publicity: Public Only All

forums-security-procs.tcl

Forums Security Library

Location:
packages/forums/tcl/forums-security-procs.tcl
Created:
2002-05-25
Author:
Ben Adida
CVS Identification:
$Id: forums-security-procs.tcl,v 1.25.2.1 2019/12/27 16:00:17 antoniop Exp $

Procedures in this file

Detailed information

forum::security::can_admin_forum_p (public, deprecated)

 forum::security::can_admin_forum_p [ -user_id user_id ] \
    -forum_id forum_id
Deprecated. Invoking this procedure generates a warning.

DEPRECATED: admin == moderate!

Switches:
-user_id (optional)
-forum_id (required)
See Also:
  • forum::security::can_moderate_p

Partial Call Graph (max 5 caller/called nodes):
%3 ad_log_deprecated ad_log_deprecated (public) forum::security::can_admin_forum_p forum::security::can_admin_forum_p forum::security::can_admin_forum_p->ad_log_deprecated

Testcases:
No testcase defined.

forum::security::can_moderate_forum_p (public, deprecated)

 forum::security::can_moderate_forum_p [ -user_id user_id ] \
    -forum_id forum_id
Deprecated. Invoking this procedure generates a warning.

Deprecated: just another wrapper to permission::permission_p

Switches:
-user_id (optional)
-forum_id (required)
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 ad_log_deprecated ad_log_deprecated (public) permission::permission_p permission::permission_p (public) forum::security::can_moderate_forum_p forum::security::can_moderate_forum_p forum::security::can_moderate_forum_p->ad_log_deprecated forum::security::can_moderate_forum_p->permission::permission_p

Testcases:
No testcase defined.

forum::security::can_moderate_message_p (public, deprecated)

 forum::security::can_moderate_message_p [ -user_id user_id ] \
    -message_id message_id
Deprecated. Invoking this procedure generates a warning.

DEPRECATED: permissions will now be checked on the forum itself

Switches:
-user_id (optional)
-message_id (required)
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 ad_log_deprecated ad_log_deprecated (public) forum::message::get forum::message::get (public) permission::permission_p permission::permission_p (public) forum::security::can_moderate_message_p forum::security::can_moderate_message_p forum::security::can_moderate_message_p->ad_log_deprecated forum::security::can_moderate_message_p->forum::message::get forum::security::can_moderate_message_p->permission::permission_p

Testcases:
No testcase defined.

forum::security::can_post_forum_p (public)

 forum::security::can_post_forum_p [ -user_id user_id ] \
    -forum_id forum_id
Switches:
-user_id (optional)
-forum_id (required)
Returns:
1 if the user can post in the forum, 0 otherwise.

Partial Call Graph (max 5 caller/called nodes):
%3 test_web_forums_message_and_reply web_forums_message_and_reply (test forums) forum::security::can_post_forum_p forum::security::can_post_forum_p test_web_forums_message_and_reply->forum::security::can_post_forum_p ad_conn ad_conn (public) forum::security::can_post_forum_p->ad_conn forum::get forum::get (public) forum::security::can_post_forum_p->forum::get permission::permission_p permission::permission_p (public) forum::security::can_post_forum_p->permission::permission_p forum::security::can_post_message_p forum::security::can_post_message_p (public, deprecated) forum::security::can_post_message_p->forum::security::can_post_forum_p forum::security::permissions forum::security::permissions (public) forum::security::permissions->forum::security::can_post_forum_p forum::security::require_post_forum forum::security::require_post_forum (public) forum::security::require_post_forum->forum::security::can_post_forum_p packages/forums/www/message-post.tcl packages/forums/ www/message-post.tcl packages/forums/www/message-post.tcl->forum::security::can_post_forum_p

Testcases:
web_forums_message_and_reply

forum::security::can_post_message_p (public, deprecated)

 forum::security::can_post_message_p [ -user_id user_id ] \
    -message_id message_id
Deprecated. Invoking this procedure generates a warning.

DEPRECATED: permissions will now be checked on the forum itself

Switches:
-user_id (optional)
-message_id (required)
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 ad_log_deprecated ad_log_deprecated (public) forum::message::get forum::message::get (public) forum::security::can_post_forum_p forum::security::can_post_forum_p (public) forum::security::can_post_message_p forum::security::can_post_message_p forum::security::can_post_message_p->ad_log_deprecated forum::security::can_post_message_p->forum::message::get forum::security::can_post_message_p->forum::security::can_post_forum_p

Testcases:
No testcase defined.

forum::security::can_read_forum_p (public, deprecated)

 forum::security::can_read_forum_p [ -user_id user_id ] \
    -forum_id forum_id
Deprecated. Invoking this procedure generates a warning.

Deprecated: just another wrapper to permission::permission_p

Switches:
-user_id (optional)
-forum_id (required)
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 ad_log_deprecated ad_log_deprecated (public) permission::permission_p permission::permission_p (public) forum::security::can_read_forum_p forum::security::can_read_forum_p forum::security::can_read_forum_p->ad_log_deprecated forum::security::can_read_forum_p->permission::permission_p

Testcases:
No testcase defined.

forum::security::can_read_message_p (public, deprecated)

 forum::security::can_read_message_p [ -user_id user_id ] \
    -message_id message_id
Deprecated. Invoking this procedure generates a warning.

DEPRECATED: permissions will now be checked on the forum itself

Switches:
-user_id (optional)
-message_id (required)
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 ad_log_deprecated ad_log_deprecated (public) forum::message::get forum::message::get (public) permission::permission_p permission::permission_p (public) forum::security::can_read_message_p forum::security::can_read_message_p forum::security::can_read_message_p->ad_log_deprecated forum::security::can_read_message_p->forum::message::get forum::security::can_read_message_p->permission::permission_p

Testcases:
No testcase defined.

forum::security::permissions (public)

 forum::security::permissions -forum_id forum_id [ -user_id user_id ] \
    array_name

Retrieve all relevant forum permissions in a single array of fields {admin_p moderate_p post_p}. admin_p and moderate_p are in fact just synonyms and will have the same value.

Switches:
-forum_id (required)
-user_id (optional)
user to check permissions for. Defaults to currently connected user.
Parameters:
array_name (required)
name of array in the caller namespace that will contain proc results after the call.

Partial Call Graph (max 5 caller/called nodes):
%3 test_web_forums_message_and_reply web_forums_message_and_reply (test forums) forum::security::permissions forum::security::permissions test_web_forums_message_and_reply->forum::security::permissions ad_conn ad_conn (public) forum::security::permissions->ad_conn forum::security::can_post_forum_p forum::security::can_post_forum_p (public) forum::security::permissions->forum::security::can_post_forum_p permission::permission_p permission::permission_p (public) forum::security::permissions->permission::permission_p packages/forums/www/forum-view.tcl packages/forums/ www/forum-view.tcl packages/forums/www/forum-view.tcl->forum::security::permissions packages/forums/www/message-view.tcl packages/forums/ www/message-view.tcl packages/forums/www/message-view.tcl->forum::security::permissions

Testcases:
web_forums_message_and_reply

forum::security::require_admin_forum (public, deprecated)

 forum::security::require_admin_forum [ -user_id user_id ] \
    -forum_id forum_id
Deprecated. Invoking this procedure generates a warning.

DEPRECATED: admin == moderate!

Switches:
-user_id (optional)
-forum_id (required)
See Also:
  • forum::security::can_moderate_p

Partial Call Graph (max 5 caller/called nodes):
%3 ad_log_deprecated ad_log_deprecated (public) forum::security::do_abort forum::security::do_abort (private) permission::permission_p permission::permission_p (public) forum::security::require_admin_forum forum::security::require_admin_forum forum::security::require_admin_forum->ad_log_deprecated forum::security::require_admin_forum->forum::security::do_abort forum::security::require_admin_forum->permission::permission_p

Testcases:
No testcase defined.

forum::security::require_moderate_forum (public)

 forum::security::require_moderate_forum [ -user_id user_id ] \
    -forum_id forum_id

Abort if the user doesn't have 'forum_moderate' permissions in the forum.

Switches:
-user_id (optional)
-forum_id (required)

Partial Call Graph (max 5 caller/called nodes):
%3 test_web_forums_message_and_reply web_forums_message_and_reply (test forums) forum::security::require_moderate_forum forum::security::require_moderate_forum test_web_forums_message_and_reply->forum::security::require_moderate_forum forum::security::do_abort forum::security::do_abort (private) forum::security::require_moderate_forum->forum::security::do_abort permission::permission_p permission::permission_p (public) forum::security::require_moderate_forum->permission::permission_p forum::security::require_moderate_message forum::security::require_moderate_message (public, deprecated) forum::security::require_moderate_message->forum::security::require_moderate_forum packages/forums/www/moderate/forum.tcl packages/forums/ www/moderate/forum.tcl packages/forums/www/moderate/forum.tcl->forum::security::require_moderate_forum packages/forums/www/moderate/message-approve.tcl packages/forums/ www/moderate/message-approve.tcl packages/forums/www/moderate/message-approve.tcl->forum::security::require_moderate_forum packages/forums/www/moderate/message-delete.tcl packages/forums/ www/moderate/message-delete.tcl packages/forums/www/moderate/message-delete.tcl->forum::security::require_moderate_forum packages/forums/www/moderate/message-move.tcl packages/forums/ www/moderate/message-move.tcl packages/forums/www/moderate/message-move.tcl->forum::security::require_moderate_forum

Testcases:
web_forums_message_and_reply

forum::security::require_moderate_message (public, deprecated)

 forum::security::require_moderate_message [ -user_id user_id ] \
    -message_id message_id
Deprecated. Invoking this procedure generates a warning.

DEPRECATED: permissions will now be checked on the forum itself

Switches:
-user_id (optional)
-message_id (required)
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 ad_log_deprecated ad_log_deprecated (public) forum::message::get forum::message::get (public) forum::security::require_moderate_forum forum::security::require_moderate_forum (public) forum::security::require_moderate_message forum::security::require_moderate_message forum::security::require_moderate_message->ad_log_deprecated forum::security::require_moderate_message->forum::message::get forum::security::require_moderate_message->forum::security::require_moderate_forum

Testcases:
No testcase defined.

forum::security::require_post_forum (public)

 forum::security::require_post_forum [ -user_id user_id ] \
    -forum_id forum_id

Abort if the user doesn't have permissions to post in the forum.

Switches:
-user_id (optional)
-forum_id (required)

Partial Call Graph (max 5 caller/called nodes):
%3 test_web_forums_message_and_reply web_forums_message_and_reply (test forums) forum::security::require_post_forum forum::security::require_post_forum test_web_forums_message_and_reply->forum::security::require_post_forum forum::security::can_post_forum_p forum::security::can_post_forum_p (public) forum::security::require_post_forum->forum::security::can_post_forum_p forum::security::do_abort forum::security::do_abort (private) forum::security::require_post_forum->forum::security::do_abort forum::security::require_post_message forum::security::require_post_message (public, deprecated) forum::security::require_post_message->forum::security::require_post_forum packages/forums/www/message-post.tcl packages/forums/ www/message-post.tcl packages/forums/www/message-post.tcl->forum::security::require_post_forum

Testcases:
web_forums_message_and_reply

forum::security::require_post_message (public, deprecated)

 forum::security::require_post_message [ -user_id user_id ] \
    -message_id message_id
Deprecated. Invoking this procedure generates a warning.

DEPRECATED: permissions will now be checked on the forum itself

Switches:
-user_id (optional)
-message_id (required)
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 ad_log_deprecated ad_log_deprecated (public) forum::message::get forum::message::get (public) forum::security::require_post_forum forum::security::require_post_forum (public) forum::security::require_post_message forum::security::require_post_message forum::security::require_post_message->ad_log_deprecated forum::security::require_post_message->forum::message::get forum::security::require_post_message->forum::security::require_post_forum

Testcases:
No testcase defined.

forum::security::require_read_forum (public)

 forum::security::require_read_forum [ -user_id user_id ] \
    -forum_id forum_id

Abort if the user doesn't have 'read' permissions in the forum.

Switches:
-user_id (optional)
-forum_id (required)

Partial Call Graph (max 5 caller/called nodes):
%3 test_web_forums_message_and_reply web_forums_message_and_reply (test forums) forum::security::require_read_forum forum::security::require_read_forum test_web_forums_message_and_reply->forum::security::require_read_forum forum::security::do_abort forum::security::do_abort (private) forum::security::require_read_forum->forum::security::do_abort permission::permission_p permission::permission_p (public) forum::security::require_read_forum->permission::permission_p forum::security::require_read_message forum::security::require_read_message (public, deprecated) forum::security::require_read_message->forum::security::require_read_forum packages/forums/www/forum-view.tcl packages/forums/ www/forum-view.tcl packages/forums/www/forum-view.tcl->forum::security::require_read_forum packages/forums/www/message-email.tcl packages/forums/ www/message-email.tcl packages/forums/www/message-email.tcl->forum::security::require_read_forum packages/forums/www/message-view.tcl packages/forums/ www/message-view.tcl packages/forums/www/message-view.tcl->forum::security::require_read_forum packages/forums/www/messages-get.tcl packages/forums/ www/messages-get.tcl packages/forums/www/messages-get.tcl->forum::security::require_read_forum

Testcases:
web_forums_message_and_reply

forum::security::require_read_message (public, deprecated)

 forum::security::require_read_message [ -user_id user_id ] \
    -message_id message_id
Deprecated. Invoking this procedure generates a warning.

DEPRECATED: permissions will now be checked on the forum itself

Switches:
-user_id (optional)
-message_id (required)
See Also:

Partial Call Graph (max 5 caller/called nodes):
%3 ad_log_deprecated ad_log_deprecated (public) forum::message::get forum::message::get (public) forum::security::require_read_forum forum::security::require_read_forum (public) forum::security::require_read_message forum::security::require_read_message forum::security::require_read_message->ad_log_deprecated forum::security::require_read_message->forum::message::get forum::security::require_read_message->forum::security::require_read_forum

Testcases:
No testcase defined.
[ hide source ] | [ make this the default ]

Content File Source

ad_library {

    Forums Security Library

    @creation-date 2002-05-25
    @author Ben Adida <ben@openforce.biz>
    @cvs-id $Id: forums-security-procs.tcl,v 1.25.2.1 2019/12/27 16:00:17 antoniop Exp $

}

namespace eval forum::security {

    ad_proc -private do_abort {} {
        Do an abort if security violation.
    } {
        if { [ad_conn user_id] == 0 } {
            ad_redirect_for_registration
        } else {
            ad_returnredirect "not-allowed"
        }
        ad_script_abort
    }

    d_proc -deprecated -public can_read_forum_p {
        {-user_id ""}
        {-forum_id:required}
    } {
        Deprecated: just another wrapper to permission::permission_p

        @see permission::permission_p
    } {
        return [permission::permission_p -party_id $user_id -object_id $forum_id -privilege read]
    }

    d_proc -public require_read_forum {
        {-user_id ""}
        {-forum_id:required}
    } {
        Abort if the user doesn't have 'read' permissions in the forum.
    } {
        # Probably this whole proc could be replaced by just permission::require_permission
        if { ![permission::permission_p -party_id $user_id -object_id $forum_id -privilege "read"] } {
            do_abort
        }
    }

    d_proc -public can_post_forum_p {
        {-user_id ""}
        {-forum_id:required}
    } {
        @return 1 if the user can post in the forum, 0 otherwise.
    } {
        set user_id [expr {$user_id eq "" ? [ad_conn user_id] : $user_id}]

        # Moderators can always post
        if { [permission::permission_p \
                -party_id  $user_id \
                -object_id $forum_id \
                -privilege "forum_moderate"] } {
            return true
        }

        forum::get -forum_id $forum_id -array forum

        # Others can post if forum is not closed. The public can post
        # only if anonymous posting is enabled.
        return [expr {$forum(posting_policy) ne "closed" &&
                      ($user_id != 0 || $forum(anonymous_allowed_p))}]
    }

    d_proc -public require_post_forum {
        {-user_id ""}
        {-forum_id:required}
    } {
        Abort if the user doesn't have permissions to post in the forum.
    } {
        if {![can_post_forum_p -user_id $user_id -forum_id $forum_id]} {
            do_abort
        }
    }

    d_proc -deprecated -public can_moderate_forum_p {
        {-user_id ""}
        {-forum_id:required}
    } {
        Deprecated: just another wrapper to permission::permission_p

        @see permission::permission_p
    } {
        return [permission::permission_p -party_id $user_id -object_id $forum_id -privilege forum_moderate]
    }

    d_proc -public require_moderate_forum {
        {-user_id ""}
        {-forum_id:required}
    } {
        Abort if the user doesn't have 'forum_moderate' permissions in the forum.
    } {
        # Probably this whole proc could be replaced by just permission::require_permission
        if { ![permission::permission_p \
                -party_id  $user_id \
                -object_id $forum_id \
                -privilege "forum_moderate"] } {
            do_abort
        }
    }

    d_proc -public permissions {
        {-forum_id:required}
        {-user_id ""}
        array_name
    } {        
        Retrieve all relevant forum permissions in a single array of
        fields {admin_p moderate_p post_p}.
        admin_p and moderate_p are in fact just synonyms and will have
        the same value.

        @param user_id user to check permissions for. Defaults to
                       currently connected user.        
        @param array_name name of array in the caller namespace that will
                        contain proc results after the call.
    } {
        upvar $array_name array

        set user_id [expr {$user_id eq "" ? [ad_conn user_id] : $user_id}]

        set array(admin_p)    [permission::permission_p -object_id $forum_id -party_id $user_id -privilege "forum_moderate"]
        set array(moderate_p) $array(admin_p)
        set array(post_p)     [expr {$array(admin_p) || [forum::security::can_post_forum_p -forum_id $forum_id -user_id $user_id]}]
    }

    ### Deprecated procs ###
    # 2017-09-26:
    # we decided to simplify forums management and unwire dependency
    # with the registered_users group. This prevented forums package
    # to be ever used in a subsite aware context. Now posting policy
    # and new-threads-allowed won't be managed via setting
    # permsissions, but through plain table columns. Forum will also
    # decide for permissions on the messages.

    d_proc -deprecated -public can_read_message_p {
        {-user_id ""}
        {-message_id:required}
    } {
        DEPRECATED: permissions will now be checked on the forum itself
        @see permission::permission_p
    } {
        forum::message::get -message_id $message_id -array message
        return [permission::permission_p -party_id $user_id -object_id $forum_id -privilege "read"]
    }

    d_proc -deprecated -public require_read_message {
        {-user_id ""}
        {-message_id:required}
    } {
        DEPRECATED: permissions will now be checked on the forum itself
        @see forum::security::require_read_forum
    } {
        forum::message::get -message_id $message_id -array message
        return [require_read_forum -forum_id $message(forum_id) -user_id $user_id]
    }

    d_proc -deprecated -public can_post_message_p {
        {-user_id ""}
        {-message_id:required}
    } {
        DEPRECATED: permissions will now be checked on the forum itself
        @see forum::security::can_post_forum_p
    } {
        forum::message::get -message_id $message_id -array message
        return [can_post_forum_p -forum_id $message(forum_id) -user_id $user_id]
    }

    d_proc -deprecated -public require_post_message {
        {-user_id ""}
        {-message_id:required}
    } {
        DEPRECATED: permissions will now be checked on the forum itself
        @see forum::security::require_post_forum
    } {
        forum::message::get -message_id $message_id -array message
        return [require_post_forum -forum_id $message(forum_id) -user_id $user_id]
    }

    d_proc -deprecated -public can_moderate_message_p {
        {-user_id ""}
        {-message_id:required}
    } {
        DEPRECATED: permissions will now be checked on the forum itself
        @see forum::security::can_moderate_forum_p
    } {
        forum::message::get -message_id $message_id -array message
        return [permission::permission_p -party_id $user_id -object_id $message(forum_id) -privilege "forum_moderate"]
    }

    d_proc -deprecated -public require_moderate_message {
        {-user_id ""}
        {-message_id:required}
    } {
        DEPRECATED: permissions will now be checked on the forum itself
        @see forum::security::require_moderate_forum
    } {
        forum::message::get -message_id $message_id -array message
        return [require_moderate_forum -forum_id $message(forum_id) -user_id $user_id]
    }

    d_proc -deprecated -public can_admin_forum_p {
        {-user_id ""}
        {-forum_id:required}
    } {
        DEPRECATED: admin == moderate!

        @see forum::security::can_moderate_p
    } {
        return [can_moderate_p -user_id $user_id -forum_id $forum_id]
    }

    d_proc -deprecated -public require_admin_forum {
        {-user_id ""}
        {-forum_id:required}
    } {
        DEPRECATED: admin == moderate!

        @see forum::security::can_moderate_p
    } {
        if { ![permission::permission_p \
                -party_id  $user_id \
                -object_id $forum_id \
                -privilege "forum_moderate"] } {
            do_abort
        }
    }

    ###
}

# Local variables:
#    mode: tcl
#    tcl-indent-level: 4
#    indent-tabs-mode: nil
# End: