ad_scope_authorization

ad_scope_authorization_status

one of the documented procedures in this installation of the ACS

Usage:

ad_scope_authorization_status db scope public_permissions group_permissions user_permissions { id "0" }

What it does:

this procedure will check whether the visitor has the right to view the page. if authorization fails, procedure returns not_authorized; if authorization suceeds, procedure will return authorized, and if user needs to be registered in order to view the page, procedure will return reg_required. public_permission gives permissions used for public scope: all, registered, admin (site-wide-administrator) and none (scope=public does not apply for this page, so nobody can see the page). group_permissions gives permission used for scope group: all (all users), registered (registered users only), group_member (group members only), group_admin (group administrators), admin (site wide administrators) and none (scope=group does not apply for this page, so nobody in the group can see the page). user_permissions gives permission used for scope user: all (all users), registered (registered users only) and user (only the user with user_id specified by the variable user_id_name has full privileges), and none (scope=user does not apply for this page, so page cannot be accessed for scope user). if scope=group, id is the group_id of the group against which, we are performing the authorization). if scope=user, id is the user_id of the user against whom, we are performing the authorization. if scope=public, id is irrelevant.

Defined in: /web/philip/tcl/ad-scope.tcl

Source code:


    
    set visitor_id [ad_verify_and_get_user_id]

    switch $scope {
	public {
	    switch $public_permissions {
		all {
		    return authorized
		}
		registered {
		    return [ad_decode $visitor_id 0 reg_required authorized]
		}
		admin {
		    if { $visitor_id==0 } {
			return reg_required
		    }
		    return [ad_decode [ad_administrator_p $db $visitor_id] 1 authorized not_authorized]
		}
		none {
		    return not_authorized
		}
		default {
		    return not_authorized
		}
	    }
	}
	group {
	    switch $group_permissions {
		all {
		    return authorized
		}
		registered {
		    return [ad_decode $visitor_id 0 reg_required authorized]
		}
		group_member {
		    if { $visitor_id==0 } {
			return reg_required
		    }
		    return [ad_decode [ad_user_group_member $db $id $visitor_id] 1 authorized not_authorized]
		}
		group_admin {
		    if { $visitor_id==0 } {
			return reg_required
		    }
		    return [ad_decode [ad_user_group_authorized_admin $visitor_id $id $db] 1 authorized not_authorized]
		}
		admin {
		    if { $visitor_id==0 } {
			return reg_required
		    }
		    return [ad_decode [ad_administrator_p $db $visitor_id] 1 authorized not_authorized]
		}
		none {
		    return not_authorized
		}
		default {
		    return not_authorized
		}
	    }
	}
	user {
	    switch $user_permissions {
		all {
		    return authorized
		}
		registered {
		    return [ad_decode $visitor_id 0 reg_required authorized]
		}
		user {
		    if { $visitor_id==0 } {
			return reg_required
		    }
		    return [ad_decode $id $visitor_id authorized not_authorized]
		}
		admin {
		    if { $visitor_id==0 } {
			return reg_required
		    }
		    return [ad_decode [ad_administrator_p $db $visitor_id] 1 authorized not_authorized]
		}
		none {
		    return not_authorized
		}
		default {
		    return not_authorized
		}
	    }
	}
	default {
	    return not_authorized
	}
    }

philg@mit.edu