ad_scope_authorize

ad_scope_authorize_dan

one of the documented procedures in this installation of the ACS

Usage:

ad_scope_authorize_dan db scope public_permissions group_permissions user_permissions { group_id_name "" } { user_id_name "" }

What it does:

this procedure will check whether the visitor has the right to view the page. if authorization fails, procedure will returns not_authorized message to the user; if authorization suceeds, procedure will return user_id of the visitor if user is logged in or 0 otherwise. if user needs to be registered in order to view the page, procedure will automatically redirect the user. in the case, user is not authorized or he i s redirected, procedure will return from the topmost environment. public_permission gives permissions used for public scope: all, registered, admin (site-wide-administrator) and none (scope=public does not apply for this page, so nobody can see the page). group_permissions gives permission used for scope group: all (all users), registered (registered users only), group_member (group members only), group_admin (group administrators), admin (site wide administrators) and none (scope=group does not apply for this page, so nobody in the group can see the page). user_permissions gives permission used for scope user: all (all users), registered (registered users only) and user (only the user with user_id specified by the variable user_id_name has full privileges), and none (scope=user does not apply for this page, so page cannot be accessed for scope user). if group_id_name (name of the group_id variable against which, we are testing the authorization) is not provided and scope=group, procedure assumes that group_id is set in the topmost environment. if user_id_name (name of the user_id variable against which, we are testing the authorization) is not provided and scope=group, procedure assumes that user_id is set in the topmost environment.

Defined in: /web/philip/tcl/ad-scope.tcl

Source code:



    # set the appropriated id for the ad_scope_authorization_status procedure
    switch $scope {
	public {
	    set id 0
	}
	group {
	    if { [empty_string_p $group_id_name] } {
		upvar [ad_scope_upvar_level] group_id id
	    } else {
		upvar [ad_scope_upvar_level] group_id_name id
	    }
	}
	user {
	    if { [empty_string_p $user_id_name] } {
		upvar [ad_scope_upvar_level] user_id id
	    } else {
		upvar [ad_scope_upvar_level] user_id_name id
	    }
	}
    }
    
    set authorization_status [ad_scope_authorization_status $db $scope $public_permissions $group_permissions $user_permissions $id]
    set user_id [ad_verify_and_get_user_id]
    switch $authorization_status {
	authorized {
	    return $user_id
	}
	not_authorized {
	    ad_return_warning "Not authorized" "You are not authorized to see this page"
            return -code return
	}
	reg_required {
	    ad_redirect_for_registration
	    ad_script_abort
	}
    }

philg@mit.edu