Index: openacs-4/packages/acs-tcl/tcl/acs-permissions-procs-oracle.xql =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/acs-permissions-procs-oracle.xql,v diff -u -r1.5 -r1.6 --- openacs-4/packages/acs-tcl/tcl/acs-permissions-procs-oracle.xql 13 Mar 2002 22:54:44 -0000 1.5 +++ openacs-4/packages/acs-tcl/tcl/acs-permissions-procs-oracle.xql 18 Mar 2002 21:59:14 -0000 1.6 @@ -3,42 +3,49 @@ oracle8.1.6 - - - declare begin - acs_permission.grant_permission(object_id => :object_id, - grantee_id => :user_id, - privilege => :privilege); - end; - - + + + declare + begin + acs_permission.grant_permission( + object_id => :object_id, + grantee_id => :party_id, + privilege => :privilege + ); + end; + + - - - declare begin - acs_permission.revoke_permission(object_id => :object_id, - grantee_id => :user_id, - privilege => :privilege); - end; - - + + + declare + begin + acs_permission.revoke_permission( + object_id => :object_id, + grantee_id => :party_id, + privilege => :privilege + ); + end; + + - - - - select count(*) - from dual - where acs_permission.permission_p(:object_id, :user_id, :privilege) = 't' - - - - - - - select acs_object.name(:object_id) from dual - - + + + select count(*) + from dual + where exists (select 1 + from dual + where 't' = acs_permission.permission_p(:object_id, :party_id, :privilege)) + + + + + select acs_object.name(:object_id) + from dual + + + update acs_objects Index: openacs-4/packages/acs-tcl/tcl/acs-permissions-procs-postgresql.xql =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/acs-permissions-procs-postgresql.xql,v diff -u -r1.4 -r1.5 --- openacs-4/packages/acs-tcl/tcl/acs-permissions-procs-postgresql.xql 13 Mar 2002 22:54:44 -0000 1.4 +++ openacs-4/packages/acs-tcl/tcl/acs-permissions-procs-postgresql.xql 18 Mar 2002 21:59:14 -0000 1.5 @@ -1,39 +1,49 @@ -postgresql7.1 + postgresql7.1 - - - select - acs_permission__grant_permission(:object_id, - :user_id, - :privilege); - - + + + declare + begin + acs_permission__grant_permission( + object_id => :object_id, + grantee_id => :party_id, + privilege => :privilege + ); + end; + + - - - select - acs_permission__revoke_permission(:object_id, - :user_id, - :privilege); - - + + + declare + begin + acs_permission__revoke_permission( + object_id => :object_id, + grantee_id => :party_id, + privilege => :privilege + ); + end; + + - - - select count(*) - from dual - where acs_permission__permission_p(:object_id, :user_id, :privilege) = -'t' - - + + + select count(*) + from dual + where exists (select 1 + from dual + where 't' = acs_permission__permission_p(:object_id, :party_id, :privilege)) + + - - - select acs_object__name(:object_id) - - + + + select acs_object__name(:object_id) + from dual + + Index: openacs-4/packages/acs-tcl/tcl/acs-permissions-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/acs-permissions-procs.tcl,v diff -u -r1.4 -r1.5 --- openacs-4/packages/acs-tcl/tcl/acs-permissions-procs.tcl 13 Mar 2002 22:54:44 -0000 1.4 +++ openacs-4/packages/acs-tcl/tcl/acs-permissions-procs.tcl 18 Mar 2002 21:59:14 -0000 1.5 @@ -1,9 +1,9 @@ ad_library { - Tcl procs for the acs permissioning system. + Tcl procs for the acs permissioning system. - @author rhs@mit.edu - @creation-date 2000-08-17 - @cvs-id $Id$ + @author rhs@mit.edu + @creation-date 2000-08-17 + @cvs-id $Id$ } ad_proc -public ad_permission_grant { @@ -15,7 +15,7 @@ @author ben@openforce } { - db_exec_plsql grant_permission {} + permission::grant -party_id $user_id -object_id $object_id -privilege $privilege } ad_proc -public ad_permission_revoke { @@ -27,72 +27,99 @@ @author ben@openforce } { - db_exec_plsql revoke_permission {} + permission::revoke -party_id $user_id -object_id $object_id -privilege $privilege } ad_proc -public ad_permission_p { - {-user_id ""} - object_id - privilege + {-user_id ""} + object_id + privilege } { - if {[empty_string_p $user_id]} { - set user_id [ad_verify_and_get_user_id] - } - - if { [db_string result { - select count(*) - from dual - where acs_permission.permission_p(:object_id, :user_id, :privilege) = 't' - }] } { - return 1 - } - - # This user doesn't have permission. If we're not in performance mode, - # Let's check the name of the privilege and throw an error if no - # such privilege exists. - if { ![rp_performance_mode] && ![db_string n_privs { - select count(*) - from acs_privileges - where privilege = :privilege - }] } { - error "$privilege isn't a valid privilege" - } - - return 0 + return [permission::permission_p -party_id $user_id -object_id $object_id -privilege $privilege] } ad_proc -public ad_require_permission { object_id privilege } { - set user_id [ad_verify_and_get_user_id] - if {![ad_permission_p $object_id $privilege]} { - if {$user_id == 0} { - ad_maybe_redirect_for_registration - } else { - ns_log Notice "$user_id doesn't have $privilege on object $object_id" - ad_return_forbidden "Security Violation" "
- You don't have permission to $privilege [db_string name {select acs_object.name(:object_id) from dual}]. -

- This incident has been logged. -

" - } - ad_script_abort - } + permission::require_permission -object_id $object_id -privilege $privilege } ad_proc -private ad_admin_filter {} { - ad_require_permission [ad_conn object_id] admin - return filter_ok + permission::require_permission -object_id [ad_conn object_id] -privilege "admin" + return filter_ok } ad_proc -private ad_user_filter {} { - ad_require_permission [ad_conn object_id] read - return filter_ok + permission::require_permission -object_id [ad_conn object_id] -privilege "read" + return filter_ok } namespace eval permission { + ad_proc -public grant { + {-party_id:required} + {-object_id:required} + {-privilege:required} + } { + grant privilege Y to party X on object Z + } { + db_exec_plsql grant_permission {} + } + + ad_proc -public revoke { + {-party_id:required} + {-object_id:required} + {-privilege:required} + } { + revoke privilege Y from party X on object Z + } { + db_exec_plsql revoke_permission {} + } + + ad_proc -public permission_p { + {-party_id ""} + {-object_id:required} + {-privilege:required} + } { + does party X have privilege Y on object Z + } { + if {[empty_string_p $party_id]} { + set party_id [ad_conn user_id] + } + + return [db_string select_permission_p {}] + } + + ad_proc -public require_permission { + {-party_id ""} + {-object_id:required} + {-privilege:required} + } { + require that party X have privilege Y on object Z + } { + if {[empty_string_p $party_id]} { + set party_id [ad_conn user_id] + } + + if {![permission_p -party_id $party_id -object_id $object_id -privilege $privilege]} { + if {!${party_id}} { + ad_maybe_redirect_for_registration + } else { + ns_log notice "$party_id doesn't have $privilege on object $object_id" + ad_return_forbidden \ + "Security Violation" \ + "
+ You don't have permission to $privilege [db_string name {}]. +
+ This incident has been logged. +
" + } + + ad_script_abort + } + } + ad_proc -public toggle_inherit { {-object_id:required} } {