... an excerpt from our internal bboard discussion, posted by Tilmann.
To find out all persons that may write in the name of Freddie:
unido-dev=# select person_id from persons where acs_permission__permission_p(16919, person_id, 'unido_write_in_name_of')='t';
person_id
-----------
3105
16917
(2 rows)
(For the fun of it I added Gregor too, who is the 3105). The only problem with this query is that it takes ages to finish - about 30seconds on the test server, which is inaccaptable.
Selecting from the priv map view directly is blazingly fast compared to the previous one:
unido-dev=# select grantee_id from acs_object_grantee_priv_map where object_id=16919 and privilege='unido_write_in_name_of';
grantee_id
------------
3105
16917
(2 rows)
Beware though that these are parties, e.g. one of those id's returned could be a group as well. I think this can be reflected in the UI (e.g. list groups along with individuals) and let's do with it for a start.
What it also leaves out are permissions acquired via a relational segment, of which I have no idea what it is, so no idea how to take care of it. I'd suggest adding a comment to whereever this query is going to reside in the system like that:
# returns party_id's. does not deal with relational segments.
