Index: openacs-4/packages/acs-core-docs/www/permissions-tediously-explained.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/permissions-tediously-explained.html,v diff -u -r1.46.2.12 -r1.46.2.13 --- openacs-4/packages/acs-core-docs/www/permissions-tediously-explained.html 19 Nov 2016 09:21:54 -0000 1.46.2.12 +++ openacs-4/packages/acs-core-docs/www/permissions-tediously-explained.html 6 Jan 2017 09:18:42 -0000 1.46.2.13 @@ -105,7 +105,7 @@

Context Hierarchy

Suppose objects A, B, ..., and F form the following hierarchy. -

Table 11.2. Context Hierarchy Example

+

Table 11.2. Context Hierarchy Example

A

object_id=10 @@ -139,7 +139,7 @@ This can be represented in the acs_objects table by the following entries: -

Table 11.3. acs_objects example data

object_idcontext_id
2010
3010
4020
5020
6030

+

Table 11.3. acs_objects example data

object_idcontext_id
2010
3010
4020
5020
6030

The first entry tells us that object 20 is the descendant of object 10, and the third entry shows that object 40 is the descendant of object 20. By running a CONNECT BY query, @@ -152,7 +152,7 @@ ..., and F can be derived by ascertaining that these objects are children of A by traversing the context hierarchy. As it turns out, hierarchical queries are expensive. As - Rafael Schloming put it so aptly, Oracle can't deal with hierarchies for shit. + Rafael Schloming put it so aptly, Oracle can't deal with hierarchies for shit.

One way to solve this problem is to cache a flattened view of the context tree like so:

objectancestorn_generations
AA0
BB0
BA1
CC0
CA1
DD0
DB1
DA2
EE0
EB1
EA2
FF0
FC1
FA2

@@ -223,7 +223,7 @@

One final note about acs_objects. By setting - an object's security_inherit_p column to 'f', you can stop permissions + an object's security_inherit_p column to 'f', you can stop permissions from cascading down the context tree. In the following example, Joe does not have the read permissions on C and F.

@@ -615,7 +615,7 @@ as exists_p char(1); begin - -- XXX This must be fixed: -1 shouldn't be hardcoded (it is the public) + -- XXX This must be fixed: -1 shouldn't be hardcoded (it is the public) select decode(count(*),0,'f','t') into exists_p from acs_object_party_privilege_map where object_id = permission_p.object_id