The pg code for the public-like check is a little more transparent.
Here is the logic in pseudo-code:
IF (permission is granted to "the public") AND
( (person is logged in) OR (person is not logged in) )
THEN
return "true"
The pg code and oracle code compute the same results, the
former with one block and the latter with two.
This is moderately confusing because we have an odd mix of
data model logic and application logic. The auth system uses
user_id=0 to designate someone who is not logged in*. The
data model uses party_id=-1 to designate "the public" which
includes everyone, logged-in or not.
Whether "non-logged-in person" and "the public" are
semantically equivalent is an interesting debate but besides the
point. Anyone with a rudimentary understanding of logic will
quickly see that "a AND (b OR (not b))" is just "a". Thus we can
elminate this part of the logic from both incarnations.
The only other significant difference between oracle and pg
versions is ordering. Pg puts the fast stuff up front
- public
- direct
- group
- relseg
...which I think is the way to go.
*this despite the fact that select count(*) from users where
user_id=0 returns no rows
