Index: openacs-4/packages/acs-core-docs/www/permissions-tediously-explained.adp =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/permissions-tediously-explained.adp,v diff -u -r1.1.2.10 -r1.1.2.11 --- openacs-4/packages/acs-core-docs/www/permissions-tediously-explained.adp 21 Jun 2016 07:44:36 -0000 1.1.2.10 +++ openacs-4/packages/acs-core-docs/www/permissions-tediously-explained.adp 23 Jun 2016 08:32:46 -0000 1.1.2.11 @@ -130,8 +130,8 @@ Context Hierarchy

Suppose objects A, B, ..., and F form the following hierarchy.

-

Table 11.2. Context -Hierarchy Example

+

Table 11.2. Context Hierarchy +Example

@@ -156,8 +156,8 @@

This can be represented in the acs_objects table by the following entries:

-

Table 11.3. acs_objects -example data

+

Table 11.3. acs_objects example +data

@@ -195,8 +195,8 @@

The fact that Joe can also read B, C, ..., and F can be derived by ascertaining that these objects are children of A by traversing the context hierarchy. As it turns out, hierarchical queries are expensive. As Rafael -Schloming put it so aptly, Oracle can't -deal with hierarchies for shit. +Schloming put it so aptly, Oracle +can't deal with hierarchies for shit.

One way to solve this problem is to cache a flattened view of the context tree like so:

@@ -295,9 +295,9 @@ end if; end;

One final note about acs_objects. -By setting an object's security_inherit_p column to 'f', you can -stop permissions from cascading down the context tree. In the -following example, Joe does not have the read permissions on +By setting an object's security_inherit_p column to 'f', +you can stop permissions from cascading down the context tree. In +the following example, Joe does not have the read permissions on C and F.

@@ -663,7 +663,7 @@ as exists_p char(1); begin - -- XXX This must be fixed: -1 shouldn't be hardcoded (it is the public) + -- XXX This must be fixed: -1 shouldn't be hardcoded (it is the public) select decode(count(*),0,'f','t') into exists_p from acs_object_party_privilege_map where object_id = permission_p.object_id