Index: openacs-4/packages/acs-subsite/www/admin/groups/elements-by-rel-type.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/admin/groups/elements-by-rel-type.tcl,v diff -u -r1.11 -r1.12 --- openacs-4/packages/acs-subsite/www/admin/groups/elements-by-rel-type.tcl 28 Nov 2018 15:55:47 -0000 1.11 +++ openacs-4/packages/acs-subsite/www/admin/groups/elements-by-rel-type.tcl 29 Nov 2018 10:01:42 -0000 1.12 @@ -1,29 +1,33 @@ -# /packages/subsite/www/admin/groups/elements-by-rel-type.tcl -# -# Datasource for elements-by-rel-type.adp -# (meant to be included by other templates) -# -# Shows the user a summary of elements (components or members) of the -# given group, provided that the user has permission to see the -# element. The elements are summarized by their relationship to the -# given group. -# -# NOTE: -# There is no scope check done here to ensure that the element "belongs" to -# the subsite. The pages that use this template already check that the -# given group_id is in scope; therefore, all of its elements must be in -# scope. And even if a developer screws up and uses this template without -# checking that the give group_id belongs to the current subsite, the user -# would only be able to see elements that they have permission to see. -# Thus we take the lazy (and efficient) approach of not checking the -# scope of the elements returned by this datasource. -# -# Params: group_id -# -# @author oumi@arsdigita.com -# @creation-date 2001-2-6 -# @cvs-id $Id$ +ad_include_contract { + /packages/subsite/www/admin/groups/elements-by-rel-type.tcl + + Datasource for elements-by-rel-type.adp + (meant to be included by other templates) + + Shows the user a summary of elements (components or members) of the + given group, provided that the user has permission to see the + element. The elements are summarized by their relationship to the + given group. + + NOTE: + There is no scope check done here to ensure that the element "belongs" to + the subsite. The pages that use this template already check that the + given group_id is in scope; therefore, all of its elements must be in + scope. And even if a developer screws up and uses this template without + checking that the give group_id belongs to the current subsite, the user + would only be able to see elements that they have permission to see. + Thus we take the lazy (and efficient) approach of not checking the + scope of the elements returned by this datasource. + + @author oumi@arsdigita.com + @creation-date 2001-2-6 + @cvs-id $Id$ + +} { + group_id:integer +} + set user_id [ad_conn user_id] set admin_p [permission::permission_p -object_id $group_id -privilege "admin"] set create_p [permission::permission_p -object_id $group_id -privilege "create"]