proc require
::xowiki::policy5 proc require {-url {-package_id 0} {-parameter ""} {-user_id -1} {-actual_query " "} {-keep_cc false}} {
set exists_cc [my isobject ::xo::cc]
# if we have a connection context and we want to keep it, do
# nothing and return.
if {$exists_cc && $keep_cc} {
return
}
if {![info exists url]} {
#my log "--CONN ns_conn url"
set url [ns_conn url]
}
set package_id [my require_package_id_from_url -package_id $package_id $url]
#my log "--i [self args] URL='$url', pkg=$package_id"
# get locale; TODO at some time, we should get rid of the ad_conn init problem
if {[ns_conn isconnected]} {
# This can be called, before ad_conn is initialized.
# Since it is not possible to pass the user_id and ad_conn barfs
# when it tries to detect it, we use the catch and reset it later
if {[catch {set locale [lang::conn::locale -package_id $package_id]}]} {
set locale en_US
}
} else {
set locale [lang::system::locale -package_id $package_id]
}
if {!$exists_cc} {
my create ::xo::cc -package_id $package_id [list -parameter_declaration $parameter] -user_id $user_id -actual_query $actual_query -locale $locale -url $url
#::xo::show_stack
#my msg "--cc ::xo::cc created $url [::xo::cc serialize]"
::xo::cc destroy_on_cleanup
} else {
#my msg "--cc ::xo::cc reused $url -package_id $package_id"
::xo::cc configure -url $url -actual_query $actual_query -locale $locale [list -parameter_declaration $parameter]
#if {$package_id ne ""} {
# ::xo::cc package_id $package_id
#}
::xo::cc package_id $package_id
::xo::cc set_user_id $user_id
::xo::cc process_query_parameter
}
# simple mobile detection
::xo::cc mobile 0
if {[ns_conn isconnected]} {
set user_agent [string tolower [ns_set get [ns_conn headers] User-Agent]]
::xo::cc mobile [regexp (android|webos|iphone|ipad) $user_agent]
}
if {![info exists ::ad_conn(charset)]} {
set ::ad_conn(charset) [lang::util::charset_for_locale $locale]
set ::ad_conn(language) [::xo::cc lang]
set ::ad_conn(file) ""
}
}
proc require_package_id_from_url
::xowiki::policy5 proc require_package_id_from_url {{-package_id 0} url} {
# get package_id from url in case it is not known
if {$package_id == 0} {
array set "" [site_node::get_from_url -url $url]
set package_id $(package_id)
}
if {![info exists ::ad_conn(node_id)]} {
#
# The following should not be necessary, but is is here for
# cases, where some oacs-code assumes wrongly it is running in a
# connection thread (e.g. the site master requires to have a
# node_id and a url accessible via ad_conn)
#
if {![info exists (node_id)]} {
if {$url eq ""} {
set url [lindex [site_node::get_url_from_object_id -object_id $package_id] 0]
}
array set "" [site_node::get_from_url -url $url]
}
set ::ad_conn(node_id) $(node_id)
set ::ad_conn(url) $url
set ::ad_conn(extra_url) [string range $url [string length $(url)] end]
}
return $package_id
}
instproc cache
::xowiki::policy5 instproc cache cmd {
set key cache($cmd)
if {![my exists $key]} {my set $key [my uplevel $cmd]}
return [my set $key]
}
instproc cache_exists
::xowiki::policy5 instproc cache_exists cmd {
return [my exists cache($cmd)]
}
instproc cache_get
::xowiki::policy5 instproc cache_get cmd {
return [my set cache($cmd)]
}
instproc cache_set
::xowiki::policy5 instproc cache_set {cmd value} {
return [my set cache($cmd) $value]
}
instproc cache_unset
::xowiki::policy5 instproc cache_unset cmd {
return [my unset cache($cmd)]
}
instproc exists_form_parameter
::xowiki::policy5 instproc exists_form_parameter name {
my instvar form_parameter
if {![info exists form_parameter]} {
my load_form_parameter
}
my exists form_parameter($name)
}
instproc exists_parameter
::xowiki::policy5 instproc exists_parameter name {
my exists perconnectionparam($name)
}
instproc form_parameter
::xowiki::policy5 instproc form_parameter {name {default {}}} {
my instvar form_parameter form_parameter_multiple
if {![info exists form_parameter]} {
my load_form_parameter
}
if {[info exists form_parameter($name)]} {
if {[info exists form_parameter_multiple($name)]} {
return $form_parameter($name)
} else {
return [lindex $form_parameter($name) 0]
}
} else {
return $default
}
}
instproc get_all_form_parameter
::xowiki::policy5 instproc get_all_form_parameter {} {
return [my array get form_parameter]
}
instproc get_parameter
::xowiki::policy5 instproc get_parameter {name {default {}}} {
my instvar perconnectionparam
return [expr {[info exists perconnectionparam($name)] ? $perconnectionparam($name) : $default}]
}
instproc get_user_id
::xowiki::policy5 instproc get_user_id {} {
#
# If the untrusted user_id exists, return it. This will return
# consistently the user_id also in situations, where the login
# cookie was expired. If no untrusted_user_id exists Otherwise
# (maybe in a remoting setup), return the user_id.
#
if {[my exists untrusted_user_id]} {
return [my set untrusted_user_id]
}
return [my user_id]
}
instproc init
::xowiki::policy5 instproc init {} {
my instvar requestor user user_id
my set_user_id $user_id
set pa [expr {[ns_conn isconnected] ? [ad_conn peeraddr] : "nowhere"}]
if {[my user_id] != 0} {
set requestor $user_id
} else {
# for requests bypassing the ordinary connection setup (resources in oacs 5.2+)
# we have to get the user_id by ourselves
if { [catch {
if {[info command ad_cookie] ne ""} {
# we have the xotcl-based cookie code
set cookie_list [ad_cookie get_signed_with_expr "ad_session_id"]
} else {
set cookie_list [ad_get_signed_cookie_with_expr "ad_session_id"]
}
set cookie_data [split [lindex $cookie_list 0] {,}]
set untrusted_user_id [lindex $cookie_data 1]
set requestor $untrusted_user_id
} errmsg] } {
set requestor 0
}
}
# if user not authorized, use peer address as requestor key
if {$requestor == 0} {
set requestor $pa
set user "client from $pa"
} else {
set user "<a href='/acs-admin/users/one?user_id=$requestor'>$requestor</a>"
}
#my log "--i requestor = $requestor"
my process_query_parameter
}
instproc lang
::xowiki::policy5 instproc lang {} {
return [string range [my locale] 0 1]
}
instproc load_form_parameter
::xowiki::policy5 instproc load_form_parameter {} {
my instvar form_parameter
if {[ns_conn isconnected] && [ns_conn method] eq "POST"} {
#array set form_parameter [ns_set array [ns_getform]]
foreach {att value} [ns_set array [ns_getform]] {
# For some unknown reasons, Safari 3.* returns sometimes
# entries with empty names... We ignore these for now
if {$att eq ""} continue
if {[info exists form_parameter($att)]} {
my set form_parameter_multiple($att) 1
}
lappend form_parameter($att) $value
}
} else {
array set form_parameter {}
}
}
<instance of ::xo::ConnectionContext![[i]](/resources/acs-subsite/ZoomIn16.gif)
> permission \
-object_id object_id -privilege privilege [ -party_id party_id ]
call ::permission::permission_p but avoid multiple calls in the same
session through caching in the connection context
- Switches:
- -object_id (required)
- -privilege (required)
- -party_id (optional)
::xowiki::policy5 instproc permission {-object_id:required -privilege:required -party_id} {
if {![info exists party_id]} {
set party_id [my user_id]
}
# my log "-- context permission user_id=$party_id uid=[::xo::cc user_id] untrusted=[::xo::cc set untrusted_user_id]"
if {$party_id == 0} {
set key permission($object_id,$privilege,$party_id)
if {[my exists $key]} {return [my set $key]}
set granted [permission::permission_p -no_login -party_id $party_id -object_id $object_id -privilege $privilege]
#my msg "--p lookup $key ==> $granted uid=[my user_id] uuid=[my set untrusted_user_id]"
if {$granted || [my user_id] == [my set untrusted_user_id]} {
my set $key $granted
return $granted
}
# The permission is not granted for the public.
# We force the user to login
#my log "-- require login"
#auth::require_login
return 0
}
set key permission($object_id,$privilege,$party_id)
if {[my exists $key]} {return [my set $key]}
#my msg "--p lookup $key"
my set $key [permission::permission_p -no_login -party_id $party_id -object_id $object_id -privilege $privilege]
#my log "-- context return [my set $key]"
#my set $key
}
instproc returnredirect
::xowiki::policy5 instproc returnredirect {-allow_complete_url:switch url} {
#my log "--rp"
my set __continuation [expr {$allow_complete_url
? [list ad_returnredirect -allow_complete_url $url]
: [list ad_returnredirect $url]}]
return ""
}
instproc role=admin
::xowiki::policy5 instproc role=admin {-user_id:required -package_id:required} {
return [my permission -object_id $package_id -privilege admin -party_id $user_id]
}
instproc role=all
::xowiki::policy5 instproc role=all {-user_id:required -package_id} {
return 1
}
instproc role=app_group_member
::xowiki::policy5 instproc role=app_group_member {-user_id:required -package_id} {
return [my cache [list application_group::contains_party_p -party_id $user_id -package_id $package_id]]
}
instproc role=community_member
::xowiki::policy5 instproc role=community_member {-user_id:required -package_id} {
if {[info command ::dotlrn_community::get_community_id] ne ""} {
set community_id [my cache [list [dotlrn_community::get_community_id -package_id $package_id]]]
if {$community_id ne ""} {
return [my cache [list dotlrn::user_is_community_member_p -user_id $user_id -community_id $community_id]]
}
}
return 0
}
instproc role=creator
::xowiki::policy5 instproc role=creator {-user_id:required -package_id -object:required} {
$object instvar creation_user
return [expr {$creation_user == $user_id}]
}
instproc role=registered_user
::xowiki::policy5 instproc role=registered_user {-user_id:required -package_id} {
return [expr {$user_id != 0}]
}
instproc role=swa
::xowiki::policy5 instproc role=swa {-user_id:required -package_id} {
return [my cache [list acs_user::site_wide_admin_p -user_id $user_id]]
}
instproc role=unregistered_user
::xowiki::policy5 instproc role=unregistered_user {-user_id:required -package_id} {
return [expr {$user_id == 0}]
}
instproc set_parameter
::xowiki::policy5 instproc set_parameter {name value} {
set key [list get_parameter $name]
if {[my cache_exists $key]} {my cache_unset $key}
my set perconnectionparam($name) $value
}
instproc set_user_id
::xowiki::policy5 instproc set_user_id user_id {
if {$user_id == -1} { ;# not specified
if {[info exists ::ad_conn(user_id)]} {
my set user_id [ad_conn user_id]
if {[catch {my set untrusted_user_id [ad_conn untrusted_user_id]}]} {
my set untrusted_user_id [my user_id]
}
} else {
my set user_id 0
my set untrusted_user_id 0
array set ::ad_conn [list user_id $user_id untrusted_user_id $user_id session_id ""]
}
} else {
my set user_id $user_id
my set untrusted_user_id $user_id
if {![info exists ::ad_conn(user_id)]} {
array set ::ad_conn [list user_id $user_id untrusted_user_id $user_id session_id ""]
}
}
}