[Deploying Sakai] create limited admin workspace, limit admin functionality

Kurosch Petzold kurosch.petzold at fu-berlin.de
Mon May 26 02:24:09 PDT 2014 

Hey,

thanks for your replies, both seem to be awesome tools.

SakaiAdminX is not supported anymore so I would rather get adminlite up
and running.
I said would as it does not seem to work correctly. I set it up like
described in the readme. Changed every pom.xml entry to sakai 2.9.3 and
deployed it just fine.

However the adminlite user still can use all tools and adminlite does not
work and gives the following error to catalina.out on pressing any button
of the tool:

2014-05-26 11:19:10,122  WARN http-bio-8080-exec-8
org.sakaiproject.cheftool.VelocityPortletPaneledAction - CSRF Token
mismatched or missing on velocity action: doSite; toolId=sakai.adminlite


Best regards,

Kurosch



> Cool, I'd forgotten about about admin lite. Looks like what it provides is
> completely reworked sites and realms tools that are more restrictive. The
> problem with the tools in the admin workspace is that they check for the
> specific "SecurityService.isSuperUser" permission because they don't
> restrict, for instance, an non admin from being able to add themselves to
> admin workspace. (Thus becoming admin)
>
> There were some other tools like SakaiAdminX (
> https://confluence.sakaiproject.org/display/ADMX/Home) which still might
> work, and used webservices rather than internal api's to allow creation
> and
> modification of site and other information. Using something like this or
> REST (/direct) API's, for a new or modified sites tool (adminlite) does
> seem like a way to go.
>
> For general permission elevation in other course sites, generally
> delegated
> access is used, but I don't think this would work for the tools that have
> explicit isSuperUser checks.
>
>
> On Sat, May 24, 2014 at 11:12 AM, Kurosch Petzold <
> kurosch.petzold at fu-berlin.de> wrote:
>
>> Hello,
>>
>> is there a way to create limited permission admin roles or create a
>> second
>> admin workspace with limited number of tools.
>> If neither of them works, could anyone who has/had this problem at their
>> institution/university/company explain to me how they solved it (if
>> there
>> is a solution to it at all).
>>
>> Or to get more to the fact of the actual problem is there a way to use
>> sakai.sites without su?
>>
>> Best regards,
>> Kurosch Petzold
>>
>> _______________________________________________
>> production mailing list
>> production at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/production
>>
>> TO UNSUBSCRIBE: send email to
>> production-unsubscribe at collab.sakaiproject.org with a subject of
>> "unsubscribe"
>>
>
>
>
> On Sun, May 25, 2014 at 6:54 AM, Steve Swinsburg
> <steve.swinsburg at gmail.com>wrote:
>
>> Hi,
>>
>> Sounds like you might need the Admin Lite functionality. Have a look
>> here:
>> https://jira.sakaiproject.org/browse/UMICH-232
>> https://source.sakaiproject.org/contrib/umich/adminlite/
>>
>> cheers,
>> Steve
>>
>>
>> On Sun, May 25, 2014 at 1:12 AM, Kurosch Petzold <
>> kurosch.petzold at fu-berlin.de> wrote:
>>
>>> Hello,
>>>
>>> is there a way to create limited permission admin roles or create a
>>> second
>>> admin workspace with limited number of tools.
>>> If neither of them works, could anyone who has/had this problem at
>>> their
>>> institution/university/company explain to me how they solved it (if
>>> there
>>> is a solution to it at all).
>>>
>>> Or to get more to the fact of the actual problem is there a way to use
>>> sakai.sites without su?
>>>
>>> Best regards,
>>> Kurosch Petzold
>>>
>>> _______________________________________________
>>> production mailing list
>>> production at collab.sakaiproject.org
>>> http://collab.sakaiproject.org/mailman/listinfo/production
>>>
>>> TO UNSUBSCRIBE: send email to
>>> production-unsubscribe at collab.sakaiproject.org with a subject of
>>> "unsubscribe"
>>>
>>
>>
>> _______________________________________________
>> production mailing list
>> production at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/production
>>
>> TO UNSUBSCRIBE: send email to
>> production-unsubscribe at collab.sakaiproject.org with a subject of
>> "unsubscribe"
>>
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/production
>
> TO UNSUBSCRIBE: send email to
> production-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"


-- 
Mit freundlichen Grüßen

Kurosch Petzold

More information about the production mailing list