Index: openacs-4/packages/acs-kernel/acs-kernel.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-kernel/acs-kernel.info,v
diff -u -r1.150.2.47 -r1.150.2.48
--- openacs-4/packages/acs-kernel/acs-kernel.info 30 Jul 2022 12:00:04 -0000 1.150.2.47
+++ openacs-4/packages/acs-kernel/acs-kernel.info 8 Oct 2022 20:07:17 -0000 1.150.2.48
@@ -9,15 +9,15 @@
f
t
-
+
OpenACS Core Team
Routines and data models providing the foundation for OpenACS-based Web services.
2021-09-15
OpenACS
The OpenACS kernel contains the core datamodel create and drop scripts for such things as objects, groups, parties and the supporting PL/SQL and PL/pgSQL procedures.
3
-
+
Index: openacs-4/packages/acs-kernel/sql/postgresql/acs-objects-create.sql
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-kernel/sql/postgresql/acs-objects-create.sql,v
diff -u -r1.71.2.5 -r1.71.2.6
--- openacs-4/packages/acs-kernel/sql/postgresql/acs-objects-create.sql 24 Mar 2021 09:51:12 -0000 1.71.2.5
+++ openacs-4/packages/acs-kernel/sql/postgresql/acs-objects-create.sql 8 Oct 2022 20:07:17 -0000 1.71.2.6
@@ -337,158 +337,6 @@
titles or object_names of package specific tables.
';
------------------------
--- CONTEXT HIERARCHY --
------------------------
-
-create table acs_object_context_index (
- object_id integer not null
- CONSTRAINT acs_obj_context_idx_obj_id_fk
- REFERENCES acs_objects(object_id) ON DELETE CASCADE,
- ancestor_id integer not null
- CONSTRAINT acs_obj_context_idx_anc_id_fk
- REFERENCES acs_objects(object_id) ON DELETE CASCADE,
- n_generations integer not null
- constraint acs_obj_context_idx_n_gen_ck
- check (n_generations >= 0),
- constraint acs_object_context_index_pk
- primary key (object_id, ancestor_id)
-);
-
-create index acs_obj_ctx_idx_ancestor_idx on acs_object_context_index (ancestor_id);
-create index acs_obj_ctx_idx_object_id_idx on acs_object_context_index (object_id);
-
-create view acs_object_paths
-as select object_id, ancestor_id, n_generations
- from acs_object_context_index;
-
-create view acs_object_contexts
-as select object_id, ancestor_id, n_generations
- from acs_object_context_index
- where object_id != ancestor_id;
-
-
-
---
--- procedure acs_objects_context_id_in_tr/0
---
-CREATE OR REPLACE FUNCTION acs_objects_context_id_in_tr(
-
-) RETURNS trigger AS $$
-DECLARE
- security_context_root integer;
-BEGIN
- insert into acs_object_context_index
- (object_id, ancestor_id, n_generations)
- values
- (new.object_id, new.object_id, 0);
-
- if new.context_id is not null and new.security_inherit_p = 't' then
- insert into acs_object_context_index
- (object_id, ancestor_id, n_generations)
- select
- new.object_id as object_id, ancestor_id,
- n_generations + 1 as n_generations
- from acs_object_context_index
- where object_id = new.context_id;
- else
- security_context_root = acs__magic_object_id('security_context_root');
- if new.object_id != security_context_root then
- insert into acs_object_context_index
- (object_id, ancestor_id, n_generations)
- values
- (new.object_id, security_context_root, 1);
- end if;
- end if;
-
- return new;
-
-END;
-$$ LANGUAGE plpgsql;
-
-create trigger acs_objects_context_id_in_tr after insert on acs_objects
-for each row execute procedure acs_objects_context_id_in_tr ();
-
-
-
---
--- procedure acs_objects_context_id_up_tr/0
---
-CREATE OR REPLACE FUNCTION acs_objects_context_id_up_tr(
-
-) RETURNS trigger AS $$
-DECLARE
- pair record;
- outer_record record;
- inner_record record;
- security_context_root integer;
-BEGIN
- if new.object_id = old.object_id
- and ((new.context_id = old.context_id)
- or (new.context_id is null and old.context_id is null))
- and new.security_inherit_p = old.security_inherit_p then
- return new;
- end if;
-
- -- Remove my old ancestors from my descendants.
- for outer_record in select object_id from acs_object_context_index where
- ancestor_id = old.object_id and object_id <> old.object_id loop
- for inner_record in select ancestor_id from acs_object_context_index where
- object_id = old.object_id and ancestor_id <> old.object_id loop
- delete from acs_object_context_index
- where object_id = outer_record.object_id
- and ancestor_id = inner_record.ancestor_id;
- end loop;
- end loop;
-
- -- Kill all my old ancestors.
- delete from acs_object_context_index
- where object_id = old.object_id;
-
- insert into acs_object_context_index
- (object_id, ancestor_id, n_generations)
- values
- (new.object_id, new.object_id, 0);
-
- if new.context_id is not null and new.security_inherit_p = 't' then
- -- Now insert my new ancestors for my descendants.
- for pair in select *
- from acs_object_context_index
- where ancestor_id = new.object_id
- LOOP
- insert into acs_object_context_index
- (object_id, ancestor_id, n_generations)
- select
- pair.object_id, ancestor_id,
- n_generations + pair.n_generations + 1 as n_generations
- from acs_object_context_index
- where object_id = new.context_id;
- end loop;
- else
- security_context_root = acs__magic_object_id('security_context_root');
- if new.object_id != security_context_root then
- -- We need to make sure that new.OBJECT_ID and all of its
- -- children have security_context_root as an ancestor.
- for pair in select *
- from acs_object_context_index
- where ancestor_id = new.object_id
- LOOP
- insert into acs_object_context_index
- (object_id, ancestor_id, n_generations)
- values
- (pair.object_id, security_context_root, pair.n_generations + 1);
- end loop;
- end if;
- end if;
-
- return new;
-
-END;
-$$ LANGUAGE plpgsql;
-
-create trigger acs_objects_context_id_up_tr after update on acs_objects
-for each row execute procedure acs_objects_context_id_up_tr ();
-
----------------------
-- ATTRIBUTE VALUES --
----------------------
@@ -1337,60 +1185,7 @@
---
--- procedure acs_object__check_context_index/3
---
-CREATE OR REPLACE FUNCTION acs_object__check_context_index(
- check_context_index__object_id integer,
- check_context_index__ancestor_id integer,
- check_context_index__n_generations integer
-) RETURNS boolean AS $$
-DECLARE
- n_rows integer;
- n_gens integer;
-BEGIN
- -- Verify that this row exists in the index.
- if check_context_index__object_id is null or check_context_index__ancestor_id is null then
- raise exception 'object_id or ancestor_id is null in acs_object__check_context_index';
- end if;
- select case when count(*) = 0 then 0 else 1 end into n_rows
- from acs_object_context_index
- where object_id = check_context_index__object_id
- and ancestor_id = check_context_index__ancestor_id;
- if n_rows = 1 then
- -- Verify that the count is correct.
- select n_generations into n_gens
- from acs_object_context_index
- where object_id = check_context_index__object_id
- and ancestor_id = check_context_index__ancestor_id;
-
- if n_gens != check_context_index__n_generations then
- PERFORM acs_log__error('acs_object.check_representation',
- 'Ancestor ' ||
- check_context_index__ancestor_id || ' of object ' ||
- check_context_index__object_id ||
- ' reports being generation ' || n_gens ||
- ' when it is actually generation ' ||
- check_context_index__n_generations ||
- '.');
- return 'f';
- else
- return 't';
- end if;
- else
- PERFORM acs_log__error('acs_object.check_representation',
- 'Ancestor ' ||
- check_context_index__ancestor_id ||
- ' of object ' || check_context_index__object_id
- || ' is missing an entry in acs_object_context_index.');
- return 'f';
- end if;
-
-END;
-$$ LANGUAGE plpgsql;
-
-
-- function check_object_ancestors
@@ -1569,109 +1364,7 @@
$$ LANGUAGE plpgsql stable;
--- function check_representation
-
-select define_function_args('acs_object__check_representation','object_id');
-
-
-
--
--- procedure acs_object__check_representation/1
---
-CREATE OR REPLACE FUNCTION acs_object__check_representation(
- check_representation__object_id integer
-) RETURNS boolean AS $$
-DECLARE
- result boolean;
- check_representation__object_type acs_objects.object_type%TYPE;
- n_rows integer;
- v_rec record;
- row record;
-BEGIN
- if check_representation__object_id is null then
- raise exception 'acs_object__check_representation called for null object_id';
- end if;
-
- result := 't';
- PERFORM acs_log__notice('acs_object.check_representation',
- 'Running acs_object.check_representation on object_id = '
- || check_representation__object_id || '.');
-
- select object_type into check_representation__object_type
- from acs_objects
- where object_id = check_representation__object_id;
-
- PERFORM acs_log__notice('acs_object.check_representation',
- 'OBJECT STORAGE INTEGRITY TEST');
-
- for v_rec in select t.object_type, t.table_name, t.id_column
- from acs_object_type_supertype_map m, acs_object_types t
- where m.ancestor_type = t.object_type
- and m.object_type = check_representation__object_type
- union
- select object_type, table_name, id_column
- from acs_object_types
- where object_type = check_representation__object_type
- LOOP
-
- for row in execute 'select case when count(*) = 0 then 0 else 1 end as n_rows from ' || quote_ident(v_rec.table_name) || ' where ' || quote_ident(v_rec.id_column) || ' = ' || check_representation__object_id
- LOOP
- n_rows := row.n_rows;
- exit;
- end LOOP;
-
- if n_rows = 0 then
- result := 'f';
- PERFORM acs_log__error('acs_object.check_representation',
- 'Table ' || v_rec.table_name ||
- ' (primary storage for ' ||
- v_rec.object_type ||
- ') doesn''t have a row for object ' ||
- check_representation__object_id || ' of type ' ||
- check_representation__object_type || '.');
- end if;
-
- end loop;
-
- PERFORM acs_log__notice('acs_object.check_representation',
- 'OBJECT CONTEXT INTEGRITY TEST');
-
- if acs_object__check_object_ancestors(check_representation__object_id,
- check_representation__object_id, 0) = 'f' then
- result := 'f';
- end if;
-
- if acs_object__check_object_descendants(check_representation__object_id,
- check_representation__object_id, 0) = 'f' then
- result := 'f';
- end if;
- for row in select object_id, ancestor_id, n_generations
- from acs_object_context_index
- where object_id = check_representation__object_id
- or ancestor_id = check_representation__object_id
- LOOP
- if acs_object__check_path(row.object_id, row.ancestor_id) = 'f' then
- PERFORM acs_log__error('acs_object.check_representation',
- 'acs_object_context_index contains an extraneous row: '
- || 'object_id = ' || row.object_id ||
- ', ancestor_id = ' || row.ancestor_id ||
- ', n_generations = ' || row.n_generations || '.');
- result := 'f';
- end if;
- end loop;
-
- PERFORM acs_log__notice('acs_object.check_representation',
- 'Done running acs_object.check_representation ' ||
- 'on object_id = ' || check_representation__object_id || '.');
-
- return result;
-
-END;
-$$ LANGUAGE plpgsql;
-
-
-
---
-- procedure acs_object__update_last_modified/3
--
CREATE OR REPLACE FUNCTION acs_object__update_last_modified(
Index: openacs-4/packages/acs-kernel/sql/postgresql/acs-objects-drop.sql
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-kernel/sql/postgresql/acs-objects-drop.sql,v
diff -u -r1.2 -r1.2.20.1
--- openacs-4/packages/acs-kernel/sql/postgresql/acs-objects-drop.sql 18 Jun 2004 18:21:57 -0000 1.2
+++ openacs-4/packages/acs-kernel/sql/postgresql/acs-objects-drop.sql 8 Oct 2022 20:07:17 -0000 1.2.20.1
@@ -15,12 +15,8 @@
drop table acs_attribute_values;
drop view acs_attribute_value_id_seq;
drop sequence t_acs_attribute_value_id_seq;
-drop trigger acs_objects_context_id_del_tr;
-drop trigger acs_objects_context_id_up_tr;
-drop trigger acs_objects_context_id_in_tr;
drop view acs_object_contexts;
drop view acs_object_paths;
-drop table acs_object_context_index;
drop trigger acs_objects_last_mod_update_tr;
drop trigger acs_objects_mod_ip_insert_tr;
drop table acs_objects;
Index: openacs-4/packages/acs-kernel/sql/postgresql/acs-permissions-create.sql
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-kernel/sql/postgresql/acs-permissions-create.sql,v
diff -u -r1.42 -r1.42.2.1
--- openacs-4/packages/acs-kernel/sql/postgresql/acs-permissions-create.sql 1 Nov 2018 08:38:00 -0000 1.42
+++ openacs-4/packages/acs-kernel/sql/postgresql/acs-permissions-create.sql 8 Oct 2022 20:07:17 -0000 1.42.2.1
@@ -18,14 +18,21 @@
-- KNOWLEDGE LEVEL: PRIVILEGES AND ACTIONS --
---------------------------------------------
-create table acs_privileges (
+CREATE TABLE acs_privileges (
privilege varchar(100) not null constraint acs_privileges_privilege_pk
primary key,
pretty_name varchar(100),
pretty_plural varchar(100)
);
-create table acs_privilege_hierarchy (
+COMMENT ON TABLE acs_privileges is '
+ Privileges share a global namespace. This is to avoid a
+ situation where granting the foo privilege on one type of object can
+ have an entirely different meaning than granting the foo privilege on
+ another type of object.
+';
+
+CREATE TABLE acs_privilege_hierarchy (
privilege varchar(100) not null
constraint acs_priv_hier_priv_fk
references acs_privileges (privilege),
@@ -36,47 +43,28 @@
primary key (privilege, child_privilege)
);
-create index acs_priv_hier_child_priv_idx on acs_privilege_hierarchy (child_privilege);
+comment on table acs_privilege_hierarchy is '
+ The acs_privilege_hierarchy gives us an easy way to say: The foo
+ privilege is a superset of the bar privilege.
+';
-create table acs_privilege_hierarchy_index (
- privilege varchar(100) not null
- constraint acs_priv_hier_priv_fk
- references acs_privileges (privilege),
- child_privilege varchar(100) not null
- constraint acs_priv_hier_child_priv_fk
- references acs_privileges (privilege),
- tree_sortkey varbit
-);
+CREATE INDEX acs_priv_hier_child_priv_idx ON acs_privilege_hierarchy (child_privilege);
-create index priv_hier_sortkey_idx on
-acs_privilege_hierarchy_index (tree_sortkey);
--- Added table to materialize view that previously used
--- acs_privilege_descendant_map name
---
--- DanW (dcwickstrom@earthlink.net) 30 Jan, 2003
+CREATE OR REPLACE VIEW acs_privilege_descendant_map AS
+WITH RECURSIVE privilege_desc(parent, child) AS (
+ SELECT child_privilege as parent, child_privilege as child FROM acs_privilege_hierarchy
+UNION ALL
+ SELECT privilege as parent, privilege as child FROM
+ (SELECT privilege FROM acs_privilege_hierarchy
+ EXCEPT
+ SELECT child_privilege FROM acs_privilege_hierarchy) identity
+UNION ALL
+ SELECT h.privilege as parent, pd.child
+ FROM acs_privilege_hierarchy h, privilege_desc pd
+ WHERE pd.parent = h.child_privilege
+) SELECT privilege_desc.parent, privilege_desc.child FROM privilege_desc;
-create table acs_privilege_descendant_map (
- privilege varchar(100) not null
- constraint acs_priv_hier_priv_fk
- references acs_privileges (privilege),
- descendant varchar(100) not null
- constraint acs_priv_hier_child_priv_fk
- references acs_privileges (privilege)
-);
-
--- DRB: Empirical testing showed that even with just 61 entries in the new table
--- this index sped things up by roughly 15%
-
-create index acs_priv_desc_map_idx on acs_privilege_descendant_map(descendant);
-
--- Gustaf (Jan 2009): interesting enough, the index above is never
--- used on openacs.org and can be most likely dropped. The index below
--- (together with acs_obj_ctx_idx_object_id_idx) makes real-world
--- applications more than a factor of 10 faster (openacs/download and
--- openacs/download/one-revision?revision_id=2089636)
-create index acs_priv_desc_map_privilege_idx on acs_privilege_descendant_map (privilege);
-
-- This trigger is used to create a pseudo-tree hierarchy that
-- can be used to emulate tree queries on the acs_privilege_hierarchy table.
-- The acs_privilege_hierarchy table maintains the permissions structure, but
@@ -119,177 +107,6 @@
-- and PostgreSQL.
-
---
--- procedure acs_priv_hier_ins_del_tr/0
---
-CREATE OR REPLACE FUNCTION acs_priv_hier_ins_del_tr(
-
-) RETURNS trigger AS $$
-DECLARE
- new_value integer;
- new_key varbit default null;
- v_rec record;
- deleted_p boolean;
-BEGIN
-
- -- if more than one node was deleted the second trigger call
- -- will error out. This check avoids that problem.
-
- if TG_OP = 'DELETE' then
- select count(*) = 0 into deleted_p
- from acs_privilege_hierarchy_index
- where old.privilege = privilege
- and old.child_privilege = child_privilege;
-
- if deleted_p then
-
- return new;
-
- end if;
- end if;
-
- -- recalculate the table from scratch.
-
- delete from acs_privilege_hierarchy_index;
-
- -- first find the top nodes of the tree
-
- for v_rec in select privilege, child_privilege
- from acs_privilege_hierarchy
- where privilege
- NOT in (select distinct child_privilege
- from acs_privilege_hierarchy)
-
- LOOP
-
- -- top level node, so find the next key at this level.
-
- select max(tree_leaf_key_to_int(tree_sortkey)) into new_value
- from acs_privilege_hierarchy_index
- where tree_level(tree_sortkey) = 1;
-
- -- insert the new node
-
- insert into acs_privilege_hierarchy_index
- (privilege, child_privilege, tree_sortkey)
- values
- (v_rec.privilege, v_rec.child_privilege, tree_next_key(null, new_value));
-
- -- now recurse down from this node
-
- PERFORM priv_recurse_subtree(tree_next_key(null, new_value), v_rec.child_privilege);
-
- end LOOP;
-
- -- materialize the map view to speed up queries
- -- DanW (dcwickstrom@earthlink.net) 30 Jan, 2003
- delete from acs_privilege_descendant_map;
-
- insert into acs_privilege_descendant_map (privilege, descendant)
- select privilege, descendant from acs_privilege_descendant_map_view;
-
- return new;
-
-END;
-$$ LANGUAGE plpgsql;
-
-create trigger acs_priv_hier_ins_del_tr after insert or delete
-on acs_privilege_hierarchy for each row
-execute procedure acs_priv_hier_ins_del_tr ();
-
-CREATE OR REPLACE FUNCTION acs_priv_del_tr () RETURNS trigger AS $$
-BEGIN
-
- delete from acs_privilege_descendant_map
- where privilege = old.privilege;
-
- return old;
-
-END;
-$$ LANGUAGE plpgsql;
-
-create trigger acs_priv_del_tr before delete
-on acs_privileges for each row
-execute procedure acs_priv_del_tr ();
-
-
-
-select define_function_args('priv_recurse_subtree','nkey,child_priv');
-
---
--- procedure priv_recurse_subtree/2
---
-CREATE OR REPLACE FUNCTION priv_recurse_subtree(
- nkey varbit,
- child_priv varchar
-) RETURNS integer AS $$
-DECLARE
- new_value integer;
- v_rec record;
- new_key varbit;
-BEGIN
-
- -- now iterate over all of the children of the
- -- previous node.
-
- for v_rec in select privilege, child_privilege
- from acs_privilege_hierarchy
- where privilege = child_priv
-
- LOOP
-
- -- calculate the next key for this level and parent
-
- select max(tree_leaf_key_to_int(tree_sortkey)) into new_value
- from acs_privilege_hierarchy_index
- where tree_sortkey between nkey and tree_right(nkey)
- and tree_level(tree_sortkey) = tree_level(nkey) + 1;
-
- new_key := tree_next_key(nkey, new_value);
-
- -- insert the new child node.
-
- insert into acs_privilege_hierarchy_index
- (privilege, child_privilege, tree_sortkey)
- values
- (v_rec.privilege, v_rec.child_privilege, new_key);
-
- -- keep recursing down until no more children are found
-
- PERFORM priv_recurse_subtree(new_key, v_rec.child_privilege);
-
- end LOOP;
-
- -- no children found, so insert the child node as its own separate
- -- node.
-
- if NOT FOUND then
- insert into acs_privilege_hierarchy_index
- (privilege, child_privilege, tree_sortkey)
- values
- (child_priv, child_priv, tree_next_key(nkey, null));
- end if;
-
- return null;
-
-END;
-$$ LANGUAGE plpgsql;
-
-comment on table acs_privileges is '
- Privileges share a global namespace. This is to avoid a
- situation where granting the foo privilege on one type of object can
- have an entirely different meaning than granting the foo privilege on
- another type of object.
-';
-
-comment on table acs_privilege_hierarchy is '
- The acs_privilege_hierarchy gives us an easy way to say: The foo
- privilege is a superset of the bar privilege.
-';
-
-
-
select define_function_args('acs_privilege__create_privilege','privilege,pretty_name;null,pretty_plural;null');
--
@@ -417,50 +234,25 @@
create index acs_permissions_privilege_idx on acs_permissions (privilege);
create index acs_permissions_object_id_idx on acs_permissions(object_id);
--- Added table to materialize view that previously used
--- acs_privilege_descendant_map name
--
--- DanW (dcwickstrom@earthlink.net) 30 Jan, 2003
+-- The following view was replaced by acs_permission.permissions_all()
+-- in Jul 6, 2016
+--
+-- create view acs_permissions_all
+-- as select op.object_id, p.grantee_id, p.privilege
+-- from acs_object_paths op, acs_permissions p
+-- where op.ancestor_id = p.object_id;
--- DRB: I switched this to UNION form because the old view was incredibly
--- slow and caused installation of packages to take exponentially increasing
--- time. No code should be querying against this view other than the
--- trigger that recreates the denormalized map anyway ...
+-- create view acs_object_grantee_priv_map
+-- as select a.object_id, a.grantee_id, m.descendant as privilege
+-- from acs_permissions_all a, acs_privilege_descendant_map m
+-- where a.privilege = m.privilege;
-create view acs_privilege_descendant_map_view
-as select distinct h1.privilege, h2.child_privilege as descendant
- from acs_privilege_hierarchy_index h1, acs_privilege_hierarchy_index h2
- where h2.tree_sortkey between h1.tree_sortkey and tree_right(h1.tree_sortkey)
- union
- select privilege, privilege
- from acs_privileges;
-
-create view acs_permissions_all
-as select op.object_id, p.grantee_id, p.privilege
- from acs_object_paths op, acs_permissions p
- where op.ancestor_id = p.object_id;
-
-create view acs_object_grantee_priv_map
-as select a.object_id, a.grantee_id, m.descendant as privilege
- from acs_permissions_all a, acs_privilege_descendant_map m
- where a.privilege = m.privilege;
-
--- New fast version of acs_object_party_privilege_map
-
-create view acs_object_party_privilege_map as
-select c.object_id, pdm.descendant as privilege, pamm.member_id as party_id
-from acs_object_context_index c, acs_permissions p, acs_privilege_descendant_map pdm,
- party_approved_member_map pamm
-where c.ancestor_id = p.object_id
- and pdm.privilege = p.privilege
- and pamm.party_id = p.grantee_id;
-
-
--
-- Obsolete and deprecated view.
--
-create view all_object_party_privilege_map as
-select * from acs_object_party_privilege_map;
+-- create view all_object_party_privilege_map as
+-- select * from acs_object_party_privilege_map;
-- This table acts as a mutex for inserts/deletes from acs_permissions.
Index: openacs-4/packages/acs-kernel/sql/postgresql/acs-permissions-drop.sql
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-kernel/sql/postgresql/acs-permissions-drop.sql,v
diff -u -r1.2 -r1.2.20.1
--- openacs-4/packages/acs-kernel/sql/postgresql/acs-permissions-drop.sql 18 Jun 2004 18:21:57 -0000 1.2
+++ openacs-4/packages/acs-kernel/sql/postgresql/acs-permissions-drop.sql 8 Oct 2022 20:07:17 -0000 1.2.20.1
@@ -9,9 +9,9 @@
--
--drop view acs_object_party_method_map;
-drop view acs_object_party_privilege_map;
-drop view acs_object_grantee_priv_map;
-drop view acs_permissions_all;
+-- drop view acs_object_party_privilege_map;
+-- drop view acs_object_grantee_priv_map;
+-- drop view acs_permissions_all;
drop view acs_privilege_descendant_map;
\t
select drop_package('acs_permission');
Fisheye: Tag 1.1 refers to a dead (removed) revision in file `openacs-4/packages/acs-kernel/sql/postgresql/upgrade/upgrade-5.10.1d11-5.10.1d12.sql'.
Fisheye: No comparison available. Pass `N' to diff?
Index: openacs-4/packages/assessment/www/asm-admin/index.xql
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/assessment/www/asm-admin/index.xql,v
diff -u -r1.5 -r1.5.10.1
--- openacs-4/packages/assessment/www/asm-admin/index.xql 15 May 2007 20:14:17 -0000 1.5
+++ openacs-4/packages/assessment/www/asm-admin/index.xql 8 Oct 2022 20:07:17 -0000 1.5.10.1
@@ -3,17 +3,20 @@
- select ci.item_id as assessment_id, cr.title, ci.publish_status
- from cr_items ci, cr_revisions cr
- where cr.revision_id = ci.latest_revision
- and ci.content_type = 'as_assessments'
- and ci.parent_id = :folder_id
- and exists (select 1 from acs_object_party_privilege_map ppm
- where ppm.object_id = ci.item_id
- and ppm.privilege = 'admin'
- and ppm.party_id = :user_id)
- order by cr.title
-
+ select
+ ci.item_id as assessment_id,
+ cr.title,
+ ci.content_type
+ from cr_folders cf
+ inner join cr_items ci
+ on ci.parent_id = cf.folder_id
+ and cf.package_id = :package_id
+ inner join cr_revisions cr
+ on cr.revision_id = coalesce(ci.latest_revision, content_item__get_latest_revision(ci.item_id))
+ inner join as_assessments a
+ on a.assessment_id = cr.revision_id
+ where ci.latest_revision is not null
+ order by cr.title
Index: openacs-4/packages/assessment/www/asm-admin/sessions.xql
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/assessment/www/asm-admin/sessions.xql,v
diff -u -r1.2 -r1.2.10.1
--- openacs-4/packages/assessment/www/asm-admin/sessions.xql 7 Oct 2007 22:36:54 -0000 1.2
+++ openacs-4/packages/assessment/www/asm-admin/sessions.xql 8 Oct 2022 20:07:17 -0000 1.2.10.1
@@ -15,34 +15,31 @@
cs.percent_score
from (select a.assessment_id, cr.title, cr.item_id, cr.revision_id,
- u.user_id, u.first_names, u.last_name
-
- from as_assessments a, cr_revisions cr, cr_items ci, acs_users_all u
- where a.assessment_id = cr.revision_id
- and cr.revision_id = ci.latest_revision
- and ci.parent_id = :folder_id
- and u.user_id <> 0
- and exists (
- select 1 from acs_object_party_privilege_map
- where object_id = :context_object_id
- and party_id = u.user_id
- and privilege = 'read')) a
+ u.user_id, u.first_names, u.last_name
+
+ from as_assessments a, cr_revisions cr, cr_items ci, acs_users_all u
+ where a.assessment_id = cr.revision_id
+ and cr.revision_id = ci.latest_revision
+ and ci.parent_id = :folder_id
+ and u.user_id <> 0
+ and acs_permission__permission_p(:context_object_id, u.user_id, 'read')
+ ) a
left join (select as_sessions.*, cr.item_id
- from as_sessions, cr_revisions cr
- where session_id in (select max(session_id)
- from as_sessions, acs_objects o
- where not completed_datetime is null
+ from as_sessions, cr_revisions cr
+ where session_id in (select max(session_id)
+ from as_sessions, acs_objects o
+ where not completed_datetime is null
and o.object_id = session_id
and o.package_id = :package_id
- group by subject_id, assessment_id )
+ group by subject_id, assessment_id )
and revision_id=assessment_id) cs
on (a.user_id = cs.subject_id and a.item_id = cs.item_id)
left join (select *
- from as_sessions
- where session_id in (select max(session_id)
- from as_sessions, acs_objects o
- where completed_datetime is null
+ from as_sessions
+ where session_id in (select max(session_id)
+ from as_sessions, acs_objects o
+ where completed_datetime is null
and o.object_id = session_id
and o.package_id = :package_id
group by subject_id, assessment_id)) ns
@@ -51,7 +48,7 @@
where 1=1
[list::filter_where_clauses -and -name "sessions"]
- order by lower(a.title), lower(a.last_name), lower(a.first_names)
+
-
\ No newline at end of file
+
Index: openacs-4/packages/dotlrn/sql/postgresql/custom-permissions.sql
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn/sql/postgresql/custom-permissions.sql,v
diff -u -r1.3 -r1.3.6.1
--- openacs-4/packages/dotlrn/sql/postgresql/custom-permissions.sql 1 Nov 2013 21:08:29 -0000 1.3
+++ openacs-4/packages/dotlrn/sql/postgresql/custom-permissions.sql 8 Oct 2022 20:07:17 -0000 1.3.6.1
@@ -22,50 +22,51 @@
-- If you customize the dotLRN community datamodel and violate any of the
-- above assumptions, rewrite this function.
+-- This function is nowhere called, so deactivate this for now, but
+-- keep it for documentation purposes. The handling of direct
+-- permissions should be done via permission::permission_p, the
+-- handling of the relsegments should be doable over this as well.
+--
+-- select define_function_args('dotlrn_community_admin_p','group_id,party_id');
-
-
--- added
-select define_function_args('dotlrn_community_admin_p','group_id,party_id');
-
--
-- procedure dotlrn_community_admin_p/2
--
-CREATE OR REPLACE FUNCTION dotlrn_community_admin_p(
- p_group_id integer,
- p_party_id integer
-) RETURNS char AS $$
-DECLARE
- BEGIN
- --
- -- direct permissions
- if exists (
- select 1
- from acs_object_grantee_priv_map
- where object_id = p_group_id
- and grantee_id = p_party_id
- and privilege = 'admin')
- then
- return 't';
- end if;
-
- -- check to see if the user belongs to a rel seg that has
- -- the admin priv on the object (in this case a group)
-
-
- if exists (
- select 1
- from acs_object_grantee_priv_map ogpm,
- rel_seg_approved_member_map rs
- where rs.group_id = p_group_id
- and ogpm.object_id = rs.group_id
- and ogpm.privilege = 'admin'
- and ogpm.grantee_id = rs.segment_id
- and rs.member_id = p_party_id)
- then
- return 't';
- end if;
-
- return 'f';
-END;
-$$ LANGUAGE plpgsql;
+-- CREATE OR REPLACE FUNCTION dotlrn_community_admin_p(
+-- p_group_id integer,
+-- p_party_id integer
+-- ) RETURNS char AS $$
+-- DECLARE
+-- BEGIN
+-- --
+-- -- direct permissions
+-- if exists (
+-- select 1
+-- from acs_object_grantee_priv_map
+-- where object_id = p_group_id
+-- and grantee_id = p_party_id
+-- and privilege = 'admin')
+-- then
+-- return 't';
+-- end if;
+--
+-- -- check to see if the user belongs to a rel seg that has
+-- -- the admin priv on the object (in this case a group)
+--
+--
+-- if exists (
+-- select 1
+-- from acs_object_grantee_priv_map ogpm,
+-- rel_seg_approved_member_map rs
+-- where rs.group_id = p_group_id
+-- and ogpm.object_id = rs.group_id
+-- and ogpm.privilege = 'admin'
+-- and ogpm.grantee_id = rs.segment_id
+-- and rs.member_id = p_party_id)
+-- then
+-- return 't';
+-- end if;
+--
+-- return 'f';
+-- END;
+-- $$ LANGUAGE plpgsql;
Index: openacs-4/packages/theme-zen/www/doc/lists/index-postgresql.xql
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/theme-zen/www/doc/lists/index-postgresql.xql,v
diff -u -r1.2.10.1 -r1.2.10.2
--- openacs-4/packages/theme-zen/www/doc/lists/index-postgresql.xql 23 Oct 2020 17:03:05 -0000 1.2.10.1
+++ openacs-4/packages/theme-zen/www/doc/lists/index-postgresql.xql 8 Oct 2022 20:07:17 -0000 1.2.10.2
@@ -30,12 +30,8 @@
end as new_p
from fs_objects
where fs_objects.parent_id = :folder_id
- and exists (select 1
- from acs_object_party_privilege_map m
- where m.object_id = fs_objects.object_id
- and m.party_id = :viewing_user_id
- and m.privilege = 'read')
- $orderby
+ and acs_permission__permission_p(fs_objects.object_id, :viewing_user_id, 'read')
+ $orderby