::xotcl::Class![[i]](/resources/acs-subsite/ZoomIn16.gif)
::xo::Policy
Class Hierarchy of ::xo::Policy
- ::xotcl::Object
- Meta-class:
- ::xotcl::Class
- Methods for instances:
- __api_make_doc, __api_make_forward_doc, __timediff, abstract, ad_doc, ad_forward, ad_proc, appendC, arrayC, asHTML, autonameC, check, classC, cleanupC, configureC, containsC, copyC, db_0or1rowC, db_1rowC, debug, defaultmethodC, destroyC, destroy_on_cleanup, ds, evalC, existsC, extractConfigureArg, filterC, filterguardC, filtersearch, forward, hasclass, incrC, infoC, init, instvarC, invarC, isclass, ismetaclass, ismixin, isobject, istype, lappendC, log, method, mixinC, mixinguardC, moveC, msg, noinitC, objectparameter, parametercmdC, proc, procsearch, qn, requireNamespaceC, residualargsC, self, serialize, setC, set_instance_vars_defaults, show-object, substC, traceC, unknown, unsetC, uplevelC, upvarC, volatileC, vwait
- Methods to be applied on the class (in addition to the methods provided by the meta-class):
- getExitHandler, setExitHandler, unsetExitHandler
- ::xo::Policy
- Meta-class:
- ::xotcl::Class
- Methods for instances:
- check_permissions, check_privilege, defined_methods, enforce_permissions, get_permission, get_privilege
- Methods to be applied on the class:
- Methods provided by the meta-class
Class Relations
- superclass: ::xotcl::Object
- subclass: ::xowiki::Policy
::xotcl::Class create ::xo::Policy \
-superclass ::xotcl::Object
Methods
<instance of ::xo::Policy> check_permissions \
[ -user_id user_id ] [ -package_id package_id ] [ -link link ] \
object method
This method checks whether the current user is allowed
or not to invoke a method based on the given policy.
This method is purely checking and does not force logins
or other side effects. It can be safely used for example
to check whether links should be shown or not.
- Switches:
- -user_id (optional)
- -package_id (optional)
- -link (optional)
- Parameters:
-
object
method
- Returns:
- 0 or 1
See Also:
::891604 instproc check_permissions {-user_id -package_id {-link ""} object method} {
if {![info exists user_id]} {set user_id [::xo::cc user_id]}
if {![info exists package_id]} {set package_id [::xo::cc package_id]}
#my msg [info exists package_id]=>$package_id-[my exists logical_package_id]
set ctx "::xo::cc"
if {$link ne ""} {
set query [lindex [split $link ?] 1]
set ctx [::xo::Context new -destroy_on_cleanup -actual_query $query]
$ctx process_query_parameter
}
set permission [my get_permission $object $method]
#my log "--permission for o=$object, m=$method => $permission"
#my log "-- user_id=$user_id uid=[::xo::cc user_id] untrusted=[::xo::cc set untrusted_user_id]"
if {$permission ne ""} {
foreach {kind p} [my get_privilege -query_context $ctx $permission $object $method] break
#my msg "--privilege = $p kind = $kind"
switch -- $kind {
primitive {return [my check_privilege -login false -package_id $package_id -user_id $user_id $p $object $method]}
complex {
foreach {attribute privilege} $p break
set id [$object set $attribute]
#my msg "--p checking permission -object_id /$id/ -privilege $privilege -party_id $user_id # ==> [::xo::cc permission -object_id $id -privilege $privilege -party_id $user_id]"
return [::xo::cc permission -object_id $id -privilege $privilege -party_id $user_id]
}
}
}
return 0
}
<instance of ::xo::Policy> enforce_permissions \
[ -user_id user_id ] [ -package_id package_id ] object method
This method checks whether the current user is allowed
or not to invoke a method based on the given policy and
forces logins if required.
- Switches:
- -user_id (optional)
- -package_id (optional)
- Parameters:
-
object
method
- Returns:
- 0 or 1
See Also:
::891604 instproc enforce_permissions {-user_id -package_id object method} {
if {![info exists user_id]} {set user_id [::xo::cc user_id]}
if {![info exists package_id]} {set package_id [::xo::cc package_id]}
set allowed 0
set permission [my get_permission $object $method]
if {$permission ne ""} {
foreach {kind p} [my get_privilege $permission $object $method] break
switch -- $kind {
primitive {
set allowed [my check_privilege -user_id $user_id -package_id $package_id $p $object $method]
set privilege $p
}
complex {
foreach {attribute privilege} $p break
set id [$object set $attribute]
set allowed [::xo::cc permission -object_id $id -privilege $privilege -party_id $user_id]
}
}
}
#my log "--p enforce_permissions {$object $method} : $permission ==> $allowed"
if {!$allowed} {
set untrusted_user_id [::xo::cc set untrusted_user_id]
if {$permission eq ""} {
ns_log notice "enforce_permissions: no permission for $object->$method defined"
} elseif {$user_id == 0 && $untrusted_user_id} {
ns_log notice "enforce_permissions: force login, user_id=0 and untrusted_id=$untrusted_user_id"
auth::require_login
} else {
ns_log notice "enforce_permissions: $user_id doesn't have $privilege on $object"
}
ad_return_forbidden "[_ xotcl-core.permission_denied]" [_ xotcl-core.policy-error-insufficient_permissions]
ad_script_abort
}
return $allowed
}
Variables
::xo::Policy set __default_metaclass ::xotcl::Class
::xo::Policy set __default_superclass ::xotcl::Object