Follow up to earlier posting - copy of something posted to ACS development:
On sql separation - I agree it does benefit the programmer to have the full freedom of sql in tcl
pages (or whatever scripting language). But it would be nice (and maybe achievable) if this
were restricted as much as possible to standard SQL. Instead of writing
db_multirow surveys survey_select {
select survey_id, name
from survsimp_surveys, acs_objects
where object_id = survey_id
and acs_permission.permission_p(object_id, $user_id,'survsimp_take_survey') = 't'
and enabled_p = 't'
}
In your tcl pages you'd write something like
db_permitted_multirow $user_id surveys survey_select {
select survey_id, name
from survsimp_surveys, acs_objects
where object_id = survey_id
and enabled_p = 't'
}
The function db_permitted_multirow (or whatever) could still execute the functionality by
tagging the call to acs_permission.permission_p onto the select clauses of the statement. But
only this function would have to be ported, not every page that uses the permissions module.
Which is every page. Cost: one more frame on the call stack. Benefit: much easier to port.
Incidentally, please consider all these postings as an offer of resources to the OpenACS port :)
