edu_user_security_check

edu_user_security_check   db

determines if the user's requested page should be displayed -- under /education/class. this is different from admin page security. Returns {user_id group_id group_name}

Source code:

    set user_id [ad_verify_and_get_user_id]
    
    if { [string compare $user_id "0"] == 0 } {
	ns_returnredirect "/register/index?return_url=[ns_urlencode [ns_conn url]?[ns_conn query]]"
	ad_script_abort
    }

    set class_id [ad_get_client_property education edu_class]

    # we want to get the group name and make sure that the id was the correct type
    set group_name [database_to_tcl_string_or_null $db "select group_name from user_groups where group_id = '$class_id' and group_type = 'edu_class'"]
    
    if {[empty_string_p $class_id] || [empty_string_p $group_name]} {
	ns_returnredirect "/education/util/group-select?group_type=edu_class&return_url=[ns_urlencode [ns_conn url]?[ns_conn query]]"
	ad_script_abort
    } else {
	# check if the class is public, if so just display the page
	# otherwise check if the user is a member of the class with
	# role != dropped
	if {[database_to_tcl_string $db "select public_p from edu_class_info where group_id=$class_id"]=="t"} {
	    return [list $user_id $class_id "$group_name"]
	} elseif {[database_to_tcl_string $db "select count(*) from user_group_map where user_id=$user_id and group_id=$class_id and role!='dropped'"]>0} {
		return [list $user_id $class_id "$group_name"]
	} else {
	    edu_display_not_authorized_message
	    ad_script_abort
	} 
    }