Index: openacs-4/packages/xotcl-core/tcl/policy-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xotcl-core/tcl/policy-procs.tcl,v
diff -u -r1.22 -r1.23
--- openacs-4/packages/xotcl-core/tcl/policy-procs.tcl	29 Jun 2013 22:42:56 -0000	1.22
+++ openacs-4/packages/xotcl-core/tcl/policy-procs.tcl	27 Oct 2014 16:42:01 -0000	1.23
@@ -80,7 +80,7 @@
       set condition [lindex $p 0]
       if {[llength $condition]>1} {
         # we have a condition
-	foreach {cond value} $condition break
+        lassign $condition cond value
         if {[$object condition=$cond $query_context $value]} {
           return [my get_privilege [list [lrange $p 1 end]] $object $method]
         }
@@ -96,6 +96,7 @@
   }
 
   Policy instproc get_permission {{-check_classes true} object method} {
+    # ns_log notice "[self] [self proc] [self args] // object=$object"
     set permission ""
     set o [self]::[namespace tail $object]
     set key require_permission($method)
@@ -105,12 +106,13 @@
       set permission [$o set default_permission]
     } elseif {$check_classes} {
       # we have no object specific policy information, check the classes
+      #ns_log notice "---check [list $object info class]"
       set c [$object info class]
       foreach class [concat $c [$c info heritage]] {
-	set c [self]::[namespace tail $class]
-	if {![my isclass $c]} continue
-	set permission [my get_permission -check_classes false $class $method]
-	if {$permission ne ""} break
+        set c [self]::[namespace tail $class]
+        if {![my isclass $c]} continue
+        set permission [my get_permission -check_classes false $class $method]
+        if {$permission ne ""} break
       }
     }
     return $permission
@@ -143,19 +145,19 @@
 
     #my log "--     user_id=$user_id uid=[::xo::cc user_id] untrusted=[::xo::cc set untrusted_user_id]"
     if {$permission ne ""} {
-      foreach {kind p} [my get_privilege -query_context $ctx $permission $object $method] break
+      lassign [my get_privilege -query_context $ctx $permission $object $method] kind p
       #my msg "--privilege = $p kind = $kind"
       switch -- $kind {
-	primitive {return [my check_privilege -login false \
-			       -package_id $package_id -user_id $user_id \
-			       $p $object $method]}
-	complex {
-	  foreach {attribute privilege} $p break
-	  set id [$object set $attribute]
-	  #my msg "--p checking permission -object_id /$id/ -privilege $privilege -party_id $user_id\
-	  #	==> [::xo::cc permission -object_id $id -privilege $privilege -party_id $user_id]"
-	  return [::xo::cc permission -object_id $id -privilege $privilege -party_id $user_id]
-	}
+        primitive {return [my check_privilege -login false \
+                               -package_id $package_id -user_id $user_id \
+                               $p $object $method]}
+        complex {
+          lassign $p attribute privilege
+          set id [$object set $attribute]
+          #my msg "--p checking permission -object_id /$id/ -privilege $privilege -party_id $user_id\
+              #    ==> [::xo::cc permission -object_id $id -privilege $privilege -party_id $user_id]"
+          return [::xo::cc permission -object_id $id -privilege $privilege -party_id $user_id]
+        }
       }
     }
     return 0
@@ -177,21 +179,21 @@
     set allowed 0
     set permission [my get_permission $object $method]
     if {$permission ne ""} {
-      foreach {kind p} [my get_privilege $permission $object $method] break
+      lassign [my get_privilege $permission $object $method] kind p
       switch -- $kind {
-	primitive {
-	  set allowed [my check_privilege \
-			   -user_id $user_id -package_id $package_id \
-			   $p $object $method]
-	  set privilege $p
-	}
-	complex {
-	  foreach {attribute privilege} $p break
-	  set id [$object set $attribute]
-	  set allowed [::xo::cc permission -object_id $id \
-			   -privilege $privilege \
-			   -party_id $user_id]
+        primitive {
+          set allowed [my check_privilege \
+                           -user_id $user_id -package_id $package_id \
+                           $p $object $method]
+          set privilege $p
         }
+        complex {
+          lassign $p attribute privilege
+          set id [$object set $attribute]
+          set allowed [::xo::cc permission -object_id $id \
+                           -privilege $privilege \
+                           -party_id $user_id]
+        }
       }
     }
 
@@ -200,18 +202,25 @@
     if {!$allowed} {
       set untrusted_user_id [::xo::cc set untrusted_user_id]
       if {$permission eq ""} {
-	ns_log notice "enforce_permissions: no permission for $object->$method defined"
+        ns_log notice "enforce_permissions: no permission for $object->$method defined"
       } elseif {$user_id == 0 && $untrusted_user_id} {
         ns_log notice "enforce_permissions: force login, user_id=0 and untrusted_id=$untrusted_user_id"
         auth::require_login
       } else {
-	ns_log notice "enforce_permissions: $user_id doesn't have $privilege on $object"
+        ns_log notice "enforce_permissions: $user_id doesn't have $privilege on $object"
       }
-	ad_return_forbidden  "[_ xotcl-core.permission_denied]" [_ xotcl-core.policy-error-insufficient_permissions]
+      ad_return_forbidden  "[_ xotcl-core.permission_denied]" [_ xotcl-core.policy-error-insufficient_permissions]
       ad_script_abort
     }
-  
+    
     return $allowed
   }
 
-}
\ No newline at end of file
+}
+
+#
+# Local variables:
+#    mode: tcl
+#    tcl-indent-level: 2
+#    indent-tabs-mode: nil
+# End: