| 1 | USRLA ; SLC/JER,MA - Authorization Library functions ;6/29/01 11:19
|
|---|
| 2 | ;;1.0;AUTHORIZATION/SUBSCRIPTION;**15,20**;Jun 20, 1997
|
|---|
| 3 | CANDO(DOCTYPE,STATUS,EVENT,USER,USRROLE) ; Evaluate Authorization
|
|---|
| 4 | ; 18 JUNE 2001 MA added a change to check for "OR" logic
|
|---|
| 5 | ; when checking roles.
|
|---|
| 6 | ; Receives: DOCTYPE = Pointer to TIU DOCMT DEF FILE (8925.1)
|
|---|
| 7 | ; STATUS = Pointer to TIU STATUS FILE (8925.6)
|
|---|
| 8 | ; EVENT = Pointer to USR EVENT FILE (8930.8)
|
|---|
| 9 | ; USER = Pointer to NEW PERSON FILE (200)
|
|---|
| 10 | ; [USRROLE] = Pointer to USER ROLE FILE (8930.2)
|
|---|
| 11 | ; Role, if received, is a particular role
|
|---|
| 12 | ; already known to belong to USER for docmt
|
|---|
| 13 | ; being checked. See CANDO^TIULP.
|
|---|
| 14 | ; DBIA 2321 ^TIU(8925.1)
|
|---|
| 15 | N USRC,USRCY,USRRY,USRR,USRY,USRFALSE
|
|---|
| 16 | ; First, loop thru Class xref "AC" to determine whether USER
|
|---|
| 17 | ; is a member of any subclasses which are authorized to perform
|
|---|
| 18 | ; EVENT on DOCTYPE with STATUS.
|
|---|
| 19 | ;
|
|---|
| 20 | ; Class Section
|
|---|
| 21 | ;
|
|---|
| 22 | S (USRC,USRY,USRFALSE)=0
|
|---|
| 23 | F S USRC=$O(^USR(8930.1,"AC",DOCTYPE,STATUS,EVENT,USRC)) Q:+USRC'>0!(+$G(USRCY)>0&(USRY>0)) D
|
|---|
| 24 | . N USRADA,USRAND S USRADA=0
|
|---|
| 25 | . F S USRADA=+$O(^USR(8930.1,"AC",DOCTYPE,STATUS,EVENT,USRC,USRADA)) Q:+USRADA'>0!(+$G(USRY)>0) D
|
|---|
| 26 | . . S USRCY=+$$ISA^USRLM(USER,USRC)
|
|---|
| 27 | . . ; If user is NOT a member of the class for which a rule has been
|
|---|
| 28 | . . ; defined, set USRFALSE to indicate evaluation of a rule that
|
|---|
| 29 | . . ; was NOT satisfied.
|
|---|
| 30 | . . I +USRCY'>0 S USRFALSE=1
|
|---|
| 31 | . . ; If a match is obtained on user class, check to see whether
|
|---|
| 32 | . . ; additional conditions on user role exist.
|
|---|
| 33 | . . I +USRCY>0 D
|
|---|
| 34 | . . . S USRFALSE=0
|
|---|
| 35 | . . . I $P($G(^USR(8930.1,USRADA,0)),U,5)="&",($G(USRROLE)=$P($G(^(0)),U,6)) S USRY=1
|
|---|
| 36 | . . . I $P($G(^USR(8930.1,USRADA,0)),U,5)'="&" S USRY=1
|
|---|
| 37 | ; In the event that authorization is granted to users with a
|
|---|
| 38 | ; particular role with respect to the document, without concern
|
|---|
| 39 | ; for class membership, check the Role xref "AR".
|
|---|
| 40 | ;
|
|---|
| 41 | ; Role Section.
|
|---|
| 42 | ;
|
|---|
| 43 | I +USRY'>0,+$G(USRROLE) D
|
|---|
| 44 | . S USRR=0
|
|---|
| 45 | . F S USRR=$O(^USR(8930.1,"AR",DOCTYPE,STATUS,EVENT,USRROLE,USRR)) Q:+USRR'>0!(USRY>0) D
|
|---|
| 46 | . . ; Check for "&" condition
|
|---|
| 47 | . . I $P($G(^USR(8930.1,+USRR,0)),U,5)="&",+$P($G(^(0)),U,4) D
|
|---|
| 48 | . . . I +$$ISA^USRLM(+$G(USER),+$P($G(^USR(8930.1,+USRR,0)),U,4)) S USRY=1 ; **15** Changed DUZ to USER.
|
|---|
| 49 | . . ; Check for only a role needed
|
|---|
| 50 | . . I '+USRY,'+$P($G(^USR(8930.1,+USRR,0)),U,4) S USRY=1
|
|---|
| 51 | . . ; Check for an "OR" condition
|
|---|
| 52 | . . I '+USRY,$P($G(^USR(8930.1,+USRR,0)),U,5)="!" D
|
|---|
| 53 | . . . N USRCLS
|
|---|
| 54 | . . . S USRCLS=+$P($G(^USR(8930.1,+USRR,0)),U,4)
|
|---|
| 55 | . . . I +$$ISA^USRLM(+$G(USER),+USRCLS)!USRROLE=+$P($G(^USR(8930.1,+USRR,0)),U,6) S USRY=1
|
|---|
| 56 | ; To allow heritability of authorization, if the user is not
|
|---|
| 57 | ; authorized to perform the specified action on the specific
|
|---|
| 58 | ; document in its current state, AND if no explicit rule for
|
|---|
| 59 | ; the current document definition failed (i.e., USRFALSE'>0),
|
|---|
| 60 | ; then traverse up the document class hierarchy and evaluate
|
|---|
| 61 | ; whether authorization is granted at a higher level.
|
|---|
| 62 | I +USRY'>0,(+$G(USRFALSE)'>0) D
|
|---|
| 63 | . N USRTYP S USRTYP=0
|
|---|
| 64 | . F S USRTYP=$O(^TIU(8925.1,"AD",DOCTYPE,USRTYP)) Q:+USRTYP'>0!(+USRY>0) D
|
|---|
| 65 | . . S USRY=$$CANDO(USRTYP,STATUS,EVENT,USER,$G(USRROLE))
|
|---|
| 66 | Q USRY
|
|---|
