Bureaucrats, editor, reviewer, Administrators
13,550
edits
Changes
Jump to navigation
Jump to search
If several permission functions are available that match the user request, all of them will be evaluated. The function with the shorted path argument will be called first.
let $allow := $map?allow where not(user:list-details($user)/@permission = $perm?allow)
→Checking permissions
* The first path argument ensures that the function will only be called if the request path starts with the given string.
* The second argument binds the permission strings of the invoked function, and some other request information, to a variable.
An example:
: Permissions: Admin area.
: Checks if the current user is admin; if not, redirects to the main page.
: @param $map perm map with permission data
:)
declare %perm:check('/main/admin', '{$perm}') function local:check-admin($perm) {
let $user := Session:get('id')
return web:redirect('/main')
};
</pre>
If several permission functions are available that match the user request, all of them will be called one by one. The function with the shorted path argument will be called first. Accordingly, in the example, if the {{Code|/main/admin}} URL is requested, all three security functions will be run.
If a security function raises an error or returns any result (which can be a redirection or any other XQuery value), no other functions will be invoked. This means that the actually invoked function will only be evaluated if all security functions yield no result or error.
The map bound to {{Code|$perm}} has the following keys:
{| class="wikitable" width="100%"
|- valign="top"
! Key
! Description
|-
| {{Code|allow}}
| Permission strings attached to the requested function.
|-
| {{Code|path}}
| Original path of the client request.
|-
| {{Code|method}}
| Method of the client request ({{Code|GET}}, {{Code|POST}}, …)
|}
