/******************************************************************************
	Returns the permissions for the specified user for the item.
	Does not support groups.
******************************************************************************/
Permission getPermissions(Item itm, string userName)
{
	Permission perm = null
	AccessRec  ar = null
	Group      grp = null
	User       usr = null
	bool       isDisabled = false
	bool       hasGroupPermissions = false
	
	// loop through access records for item.
	// note that the "all" ensures the loop includes inherited access
	for ar in all itm do
	{	
		if (username(ar) == userName) 
		{
			// user-specific permissions these are the only permissions that apply
			// group membership has no effect.
			perm = none
			
			if (read ar) perm = perm | read
			if (modify ar) perm = perm | modify
			if (create ar) perm = perm | create
			if (delete ar) perm = perm | delete
			if (control ar) perm = perm | control
			
			return(perm)
		}
		else if (null username(ar))
		{
			// default permissions for "Everyone Else".
			// these only apply if the user doies not have any permissions
			// through group membership
			if (!hasGroupPermissions)
			{
				perm = none
				
				if (read ar) perm = perm | read
				if (modify ar) perm = perm | modify
				if (create ar) perm = perm | create
				if (delete ar) perm = perm | delete
				if (control ar) perm = perm | control
			}
		}
		else if (existsGroup(username(ar)))
		{
			grp = find(username(ar))
			
			isDisabled = grp.disabled
		
			if (!isDisabled)
			{
				usr = find(userName)
				
				if (member(grp, usr))
				{
					// if this is the first time we are assigning permissions
					// through group membership, then ensure that default
					// permissions are removed first
					if (!hasGroupPermissions)
					{
						perm = none
					}
					
					// user gets superset of permissions from all groups
					if (read ar) perm = perm | read
					if (modify ar) perm = perm | modify
					if (create ar) perm = perm | create
					if (delete ar) perm = perm | delete
					if (control ar) perm = perm | control
					
					// flag used to preserve permissions and ensure we get
					// a true superset of all the permissions from all groups
					// the user is a member of.
					hasGroupPermissions = true
				}
			}
		}
	}
	
	return(perm)
}

sitemap