ad_permission_p db { module " " } { submodule " " } { action " " } { user_id " " } { group_id " " }What it does:
For groups with basic administration: Returns 1 if user has a role of administrator or all; O otherwise. For groups with advanced administration: Returns 1 if user has authority for the action; 0 otherwise.Defined in: /web/philip/packages/acs-core/user-groups-procs.tcl
Source code:
if { ![empty_string_p $module] && ![empty_string_p $group_id] } { error "specify either module or group_id, not both" } # If no user_id was specified, then use the ID of the logged-in # user. # if [empty_string_p $user_id] { set user_id [ad_verify_and_get_user_id] } # Identify the group. Either the group_id will be explicitly # specified or we derive it from the module by querying to # find out which group is the administration group for the # module. If submodule is specified in addition to module, then # find out which group is the administration group for the # submodule. # if { [empty_string_p $group_id] } { set group_id [ad_administration_group_id $db $module $submodule] # If we fail to find a corresponding group_id, return false. # This probably should raise an error but I (Michael Y) don't # want to risk breaking any more code right now. # if { [empty_string_p $group_id] } { return 0 } } # Next, find out if the group use basic or advanced (a.k.a. # multi-role) administration. # set multi_role_p [database_to_tcl_string $db "select multi_role_p from user_groups where group_id = $group_id"] if { $multi_role_p == "f" } { # If administration is basic, then return true if the user has # either the 'administrator' role or the 'all' role for the # group. # set permission_p [database_to_tcl_string $db "select decode(count(*), 0, 0, 1) from user_group_map where user_id = $user_id and group_id = $group_id and role in ('administrator', 'all')"] } else { # If administration is advanced, then check to see if the # user is an administrator; if not, make sure that action # was specified and then check to see if the user has a # role that is authorized to perform the specified action. # set permission_p [database_to_tcl_string $db "select decode(count(*), 0, 0, 1) from user_group_map where user_id = $user_id and group_id = $group_id and role = 'administrator'"] if { !$permission_p } { if { [empty_string_p $action] } { error "no action specified for group with multi-role administration (ID $group_id)" } set permission_p [database_to_tcl_string $db "select decode(count(*), 0, 0, 1) from user_group_action_role_map where group_id = $group_id and action = '[DoubleApos $action]' and role in (select role from user_group_map where group_id = $group_id and user_id = $user_id)"] } } # If necessary, make a final check to see if the user is a # site-wide administrator. # if { !$permission_p } { set permission_p [ad_administrator_p $db $user_id] } return $permission_p