I created a new privilege type with:
I then assigned this privilege to a user thus:
permission::grant -party_id [ad_conn user_id] -object_id [apm_package_id_from_key epas] -privilege terms_signed
This worked ok, and the entry existed in the permissions table.
However when I try to check for the existence of the permission like this:
set terms_p [permission::permission_p_not_cached -party_id [ad_conn user_id] -object_id [apm_package_id_from_key epas] -privilege terms_signed]
The $terms_p is 0.. which is incorrect.
Digging down a bit its the
postrges call that is returning 'f' (false). However I'm not quite sure I fathom what this query is doing i.e. its source is
return exists (select 1
from acs_permissions p, party_approved_member_map m,
acs_object_context_index c, acs_privilege_descendant_map h
where p.object_id = c.ancestor_id
and h.descendant = permission_p__privilege
and c.object_id = permission_p__object_id
and m.member_id = permission_p__party_id
and p.privilege = h.privilege
and p.grantee_id = m.party_id);
Interestingly, if I use the privilege 'write' instead of my own it works as it should.
Am I doing something incorrectly or is this a bug?