ad_permission_p

Philip Greenspun's Homepage : Philip Greenspun's Homepage Discussion Forums : 6916 : One Thread
Notify me of new responses
If I want to check whether a user has permission to perform an
operation, I use ad_permission_p. It seems the only way I can use
this procedure with my groups is be specifying the group_id in the
funtion call. For example, if I want to check if the current user is
in my Publisher group, I use:

ad_permission_p $db "" "" "" "" 21

Using a "magic number" like this bothers me. To find out what this
code does one must look in the user_groups table, or rely on
a comment in the code. However, since group_name is not unique in the
user_groups table, I see no way around this.

Does anyone know of a better way?

-- Michael Harder, October 25, 1999

Answers

Avoiding Magic Numbers

You could try making a proc that returns the group number, or make a proc that returns the group number after querying the database. Look at how the Administrator procs in the permissions module takes "module" and "submodule" for examples.

-- Jesse Koontz, October 27, 1999

You should make these group have a group_type of administration.

If your group_type is of type administration, you get around this problem. Each of these groups is labeled with a module and possibly a submodule. You then call ad_permission_p with the module/submodule label instead of the group_id.

-- Tracy Adams, November 14, 1999