news_admin_authorize

one of the documented procedures in this installation of the ACS
Usage:
news_admin_authorize   db   news_item_id
What it does:
given news_item_id, this procedure will check whether the user can administer this news item (e.g. for scope=group, this proc will check whether the user is group administrator). if news doesn't exist page is served to the user informing him that the news item doesn't exist. if successfull it will return user_id of the administrator.
Defined in: /web/philip/tcl/news-defs.tcl

Source code:


    set selection [ns_db 0or1row $db "
    select news_item_id, scope, group_id
    from news_items, newsgroups
    where news_item_id=$news_item_id
    and news_items.newsgroup_id = newsgroups.newsgroup_id"]

    if { [empty_string_p $selection] } {
	# faq doesn't exist
	uplevel {
	    ns_return 200 text/html "
	    [ad_scope_admin_header "News Item Does not Exist" $db]
	    [ad_scope_admin_page_title "News Item Does not Exist" $db]
	    [ad_scope_admin_context_bar [list index.tcl?[export_url_scope_vars]  "News Admin"] "No News Item"]
	    <hr>
	    <blockquote>
	    Requested News Item does not exist.
	    </blockquote>
	    [ad_scope_admin_footer]
	    "
	}
	ad_script_abort
    }
 
    # faq exists
    set_variables_after_query
    
    set id 0
    switch $scope {
	public {
	    set id 0
	}
	group {
	    set id $group_id
	}
    }

    set authorization_status [ad_scope_authorization_status $db $scope admin group_admin none $id]

    set user_id [ad_verify_and_get_user_id]

    switch $authorization_status {
	authorized {
	    return $user_id
	}
	not_authorized {
	    ad_return_warning "Not authorized" "You are not authorized to see this page"
	    ad_script_abort
	}
	reg_required {
	    ad_redirect_for_registration
	    ad_script_abort
	}
    }


philg@mit.edu