edu_subject_admin_security_check db subject_idWhat it does:
This returns the user_id. It determines if the user is allowed to see the subject admin pages by seeing if they have admin in a department that has the subject.Defined in: /web/philip/tcl/education.tclIf the user is not logged in they are redirected to the log in page.
If the user is not logged in as a member of a group, they are redirected to group-select.tcl and asked to select a group.
If they are logged in as a group, the security check is performed. If the user passes, the user_id is returned to the calling environment. If the user fails the security check, a standard UNAUTHORIZED message is displayed and the procedure forces the calling environment to return.
Source code:
# this should be altered if departments go to a multi-roled system # (e.g. prof, staff, students) set user_id [ad_verify_and_get_user_id $db] if { [string compare $user_id "0"] == 0 } { ns_returnredirect "/register/index?return_url=[ns_urlencode [ns_conn url]?[ns_conn query]]" ad_script_abort } if {[ad_administrator_p $db $user_id]} { return $user_id } # the user is not a site wide admin set department_id [ad_get_client_property education edu_department] if {[empty_string_p $department_id]} { ns_returnredirect "/education/util/group-select?type=edu_department&return_url=[ns_urlencode [ns_conn url]?[ns_conn query]]" ad_script_abort } else { # now, we see if the user is an admin for a department that offers this # subject. If not, we bounce them to group_select or display an error # depending on which is appropriate. set valid_p [database_to_tcl_string $db "select count(map.subject_id) from edu_subjects, edu_subject_department_map map, user_group_map ugmap where edu_subjects.subject_id = map.subject_id and map.subject_id = $subject_id and ugmap.user_id = $user_id and ugmap.group_id = map.department_id"] if { $valid_p == 0 } { edu_display_not_authorized_message # blow out of 2 levels return -code return } else { return $user_id } }