The permissions on an item can be specific or inherited. A user can be granted permissions in the following ways:
1. Explicitly. i.e. the user name appears on the access tab of the item properties. If this is the case then the user does not get any extra access rights through group membership.
2. By group membership. The user gets a superset of all permissions from the groups they are a member of.
3. Default. If the user has no explicit permissions and no permissions via group membership, then they get whatever is set for “Everyone Else”.
This function allows you to find the permissions a particular user has on an item. The function takes an Item handle and a user name as parameters and return the permissions that the user has on the item. This includes permissions the user has through inherited access, group membership etc. The function does not support groups.
/*************************************************** Returns the permissions for the specified user for the item. Does not support groups. ***************************************************/ Permission getPermissions(Item itm, string userName) { Permission perm = null AccessRec ar = null Group grp = null User usr = null bool isDisabled = false bool hasGroupPermissions = false // loop through access records for item. // note that the "all" ensures the loop includes inherited access for ar in all itm do { if (username(ar) == userName) { // user-specific permissions these are the only permissions that apply // group membership has no effect. perm = none if (read ar) perm = perm | read if (modify ar) perm = perm | modify if (create ar) perm = perm | create if (delete ar) perm = perm | delete if (control ar) perm = perm | control return(perm) } else if (null username(ar)) { // default permissions for "Everyone Else". // these only apply if the user doies not have any permissions // through group membership if (!hasGroupPermissions) { perm = none if (read ar) perm = perm | read if (modify ar) perm = perm | modify if (create ar) perm = perm | create if (delete ar) perm = perm | delete if (control ar) perm = perm | control } } else if (existsGroup(username(ar))) { grp = find(username(ar)) isDisabled = grp.disabled if (!isDisabled) { usr = find(userName) if (member(grp, usr)) { // if this is the first time we are assigning permissions // through group membership, then ensure that default // permissions are removed first if (!hasGroupPermissions) { perm = none } // user gets superset of permissions from all groups if (read ar) perm = perm | read if (modify ar) perm = perm | modify if (create ar) perm = perm | create if (delete ar) perm = perm | delete if (control ar) perm = perm | control // flag used to preserve permissions and ensure we get // a true superset of all the permissions from all groups // the user is a member of. hasGroupPermissions = true } } } } return(perm) }
The following is an example of using this function. This example also makes use of a simple function stringOf(Permission) which allows you to print the results.
Item i = item(fullName(current Module)) Permission perm = getPermissions(i, "fredbrooks") print stringOf(perm)
And the stringOf function is defined here:
string stringOf(Permission p) { string str = "" if (p == none) { return("None") } else { if (p & read != none) { str = str "R" } if (p & modify != none) { str = str "M" } if (p & create != none) { str = str "C" } if (p & delete != none) { str = str "D" } if (p & control != none) { str = str "A" } } return(str) }