Forum OpenACS Development: Response to permission_p revisited

Posted by Andrew Grumet on
The pg code for the public-like check is a little more transparent. Here is the logic in pseudo-code:
   IF (permission is granted to "the public") AND
      ( (person is logged in) OR (person is not logged in) )
     return "true"
The pg code and oracle code compute the same results, the former with one block and the latter with two.

This is moderately confusing because we have an odd mix of data model logic and application logic. The auth system uses user_id=0 to designate someone who is not logged in*. The data model uses party_id=-1 to designate "the public" which includes everyone, logged-in or not.

Whether "non-logged-in person" and "the public" are semantically equivalent is an interesting debate but besides the point. Anyone with a rudimentary understanding of logic will quickly see that "a AND (b OR (not b))" is just "a". Thus we can elminate this part of the logic from both incarnations.

The only other significant difference between oracle and pg versions is ordering. Pg puts the fast stuff up front

  1. public
  2. direct
  3. group
  4. relseg
...which I think is the way to go.

*this despite the fact that select count(*) from users where user_id=0 returns no rows