Forum OpenACS Q&A: A question about the Request Processor

Quoting from the docs:
... the RP checks if the user has "read" priviledges on the object in 
the site map specified by the URL. This object is typically a package 
instance, but it could easily be something more granular, such as 
whehter the user can view a particular piece of content within a 
package instance... 
How can I tell the RP to check if a user has the permission to use a particular script of my package? Should I define this script as an acs_object or is there a simpler way?

TIA,
Claudio Pasolini

Collapse
Posted by Don Baccus on
The traditional way to do this is the check if the user has an appropriate privilege on some object associated with the script.

For instance, if the script creates new data in the content repository, you might check to see if the user has "write" privileges on the directory your package set up to hold content items.

If the script displays sensitive data, and that data's stored as an acs object, you might check to see if the user has permission to read the object holding that data.

If there's no convenient object available that the script works on, then the easiest thing to do is probably what you describe, i.e. define it as an object and mount it in the site map.

Collapse
Posted by Andrew Piskorski on
In addition to checking a standard permission on a custom object, you
could instead check a custom permission on the package_id.  E.g.,
define a custom "script_foo_execute" privilege for your package, and
set/check whether the user has that permission on the package_id.  I'm
not sure which way would be better (cleaner or faster) in what cases.
Collapse
Posted by Claudio Pasolini on
Thank You Don and Andrew for the useful hints!