The permissions on an item can be specific or inherited. A user can be granted permissions in the following ways:
1. Explicitly. i.e. the user name appears on the access tab of the item properties. If this is the case then the user does not get any extra access rights through group membership.
2. By group membership. The user gets a superset of all permissions from the groups they are a member of.
3. Default. If the user has no explicit permissions and no permissions via group membership, then they get whatever is set for “Everyone Else”.
This function allows you to find the permissions a particular user has on an item. The function takes an Item handle and a user name as parameters and return the permissions that the user has on the item. This includes permissions the user has through inherited access, group membership etc. The function does not support groups.
/***************************************************
Returns the permissions for the specified user for the item.
Does not support groups.
***************************************************/
Permission getPermissions(Item itm, string userName)
{
Permission perm = null
AccessRec ar = null
Group grp = null
User usr = null
bool isDisabled = false
bool hasGroupPermissions = false
// loop through access records for item.
// note that the "all" ensures the loop includes inherited access
for ar in all itm do
{
if (username(ar) == userName)
{
// user-specific permissions these are the only permissions that apply
// group membership has no effect.
perm = none
if (read ar) perm = perm | read
if (modify ar) perm = perm | modify
if (create ar) perm = perm | create
if (delete ar) perm = perm | delete
if (control ar) perm = perm | control
return(perm)
}
else if (null username(ar))
{
// default permissions for "Everyone Else".
// these only apply if the user doies not have any permissions
// through group membership
if (!hasGroupPermissions)
{
perm = none
if (read ar) perm = perm | read
if (modify ar) perm = perm | modify
if (create ar) perm = perm | create
if (delete ar) perm = perm | delete
if (control ar) perm = perm | control
}
}
else if (existsGroup(username(ar)))
{
grp = find(username(ar))
isDisabled = grp.disabled
if (!isDisabled)
{
usr = find(userName)
if (member(grp, usr))
{
// if this is the first time we are assigning permissions
// through group membership, then ensure that default
// permissions are removed first
if (!hasGroupPermissions)
{
perm = none
}
// user gets superset of permissions from all groups
if (read ar) perm = perm | read
if (modify ar) perm = perm | modify
if (create ar) perm = perm | create
if (delete ar) perm = perm | delete
if (control ar) perm = perm | control
// flag used to preserve permissions and ensure we get
// a true superset of all the permissions from all groups
// the user is a member of.
hasGroupPermissions = true
}
}
}
}
return(perm)
}
The following is an example of using this function. This example also makes use of a simple function stringOf(Permission) which allows you to print the results.
Item i = item(fullName(current Module)) Permission perm = getPermissions(i, "fredbrooks") print stringOf(perm)
And the stringOf function is defined here:
string stringOf(Permission p)
{
string str = ""
if (p == none)
{
return("None")
}
else
{
if (p & read != none)
{
str = str "R"
}
if (p & modify != none)
{
str = str "M"
}
if (p & create != none)
{
str = str "C"
}
if (p & delete != none)
{
str = str "D"
}
if (p & control != none)
{
str = str "A"
}
}
return(str)
}