edu_subject_admin_security_check db subject_idWhat it does:
This returns the user_id. It determines if the user is allowed to see the subject admin pages by seeing if they have admin in a department that has the subject.Defined in: /web/philip/tcl/education.tclIf the user is not logged in they are redirected to the log in page.
If the user is not logged in as a member of a group, they are redirected to group-select.tcl and asked to select a group.
If they are logged in as a group, the security check is performed. If the user passes, the user_id is returned to the calling environment. If the user fails the security check, a standard UNAUTHORIZED message is displayed and the procedure forces the calling environment to return.
Source code:
# this should be altered if departments go to a multi-roled system
# (e.g. prof, staff, students)
set user_id [ad_verify_and_get_user_id $db]
if { [string compare $user_id "0"] == 0 } {
ns_returnredirect "/register/index?return_url=[ns_urlencode [ns_conn url]?[ns_conn query]]"
ad_script_abort
}
if {[ad_administrator_p $db $user_id]} {
return $user_id
}
# the user is not a site wide admin
set department_id [ad_get_client_property education edu_department]
if {[empty_string_p $department_id]} {
ns_returnredirect "/education/util/group-select?type=edu_department&return_url=[ns_urlencode [ns_conn url]?[ns_conn query]]"
ad_script_abort
} else {
# now, we see if the user is an admin for a department that offers this
# subject. If not, we bounce them to group_select or display an error
# depending on which is appropriate.
set valid_p [database_to_tcl_string $db "select count(map.subject_id)
from edu_subjects,
edu_subject_department_map map,
user_group_map ugmap
where edu_subjects.subject_id = map.subject_id
and map.subject_id = $subject_id
and ugmap.user_id = $user_id
and ugmap.group_id = map.department_id"]
if { $valid_p == 0 } {
edu_display_not_authorized_message
# blow out of 2 levels
return -code return
} else {
return $user_id
}
}