well, here's grant-2.tcl (slightly mangled by <textarea>) -
# packages/acs-core-ui/www/acs_object/permissions/grant-2.tcl
ad_page_contract {
@author rhs@mit.edu
@creation-date 2000-08-20
@cvs-id $Id: grant-2.tcl,v 1.2 2001/04/22 16:13:15 stevew Exp $
} {
object_id:integer,notnull
party_id:integer,notnull
privilege
}
ad_require_permission $object_id admin
db_exec_plsql grant {
begin
acs_permission.grant_permission(:object_id, :party_id,
:privilege);
end;
}
ad_returnredirect "one?[export_url_vars object_id]"
which doesn't seem to require anything more than a valid
auth cookie. and having just tried it myself, i can tell you it works.
patching this particular page sequence doesn't however fix
the broader problem - a global solution would be preferable to
having to code such checks into every page that carries out
potentially dangerous operations (and audit that it had been
done and done right).
i'm not sure how i'd approach putting together such a global
solution, but i'm pretty confident it deserves further thought...
