On Tue, 2004-07-20 at 04:43, Lars Erik Thorsplass wrote:
> I have recently ventured into the exciting world of stored procedures,
> but I have now become lost.
>
> Background:
>
> Am currently working on access control in a web application. My goal
> is to process access control on the SQL level. This way if a row is in
> the result set, you have access to it, if not, you dont.
>
>
> Problem:
>
> My stored procedure "acl_check()" takes two integers as parameters.
> Param1 is the object id to check acl on, Param 2 is the object id of
> the user currently using the system. The procedure returns a positive
> numer (1 or 3 ) if you have some kind of access to the object. As one
> might understand I want the returned value from the acl_check()
> procedure to be a part of the result set.
>
> Kinda like this:
>
> SELECT *, acl_check( objects.obid, <user_id> ) AS mode FROM objects
> WHERE mode > 0;
Here's the problem. In order to do the select, the query first needs to
run the where clause. I.e.:
select a as test from table where a > 50;
works, but
select a as test from table where test > 50;
fails. The reason is that when the where clause fires first, there IS
no test yet, as it hasn't been materialized. what you need to do is:
select custom_function(a,b) from table where custom_function(a,b) > 0;
