[Deploying Sakai] create limited admin workspace, limit admin functionality

Matthew Jones matthew at longsight.com
Mon May 26 04:39:37 PDT 2014


Which version did you use? It looks like that issue was only fixed in the
trunk version.

https://jira.sakaiproject.org/browse/ADMX-12

https://source.sakaiproject.org/contrib/umich/adminlite/trunk/


On Mon, May 26, 2014 at 5:24 AM, Kurosch Petzold <
kurosch.petzold at fu-berlin.de> wrote:

> Hey,
>
> thanks for your replies, both seem to be awesome tools.
>
> SakaiAdminX is not supported anymore so I would rather get adminlite up
> and running.
> I said would as it does not seem to work correctly. I set it up like
> described in the readme. Changed every pom.xml entry to sakai 2.9.3 and
> deployed it just fine.
>
> However the adminlite user still can use all tools and adminlite does not
> work and gives the following error to catalina.out on pressing any button
> of the tool:
>
> 2014-05-26 11:19:10,122  WARN http-bio-8080-exec-8
> org.sakaiproject.cheftool.VelocityPortletPaneledAction - CSRF Token
> mismatched or missing on velocity action: doSite; toolId=sakai.adminlite
>
>
> Best regards,
>
> Kurosch
>
>
>
> > Cool, I'd forgotten about about admin lite. Looks like what it provides
> is
> > completely reworked sites and realms tools that are more restrictive. The
> > problem with the tools in the admin workspace is that they check for the
> > specific "SecurityService.isSuperUser" permission because they don't
> > restrict, for instance, an non admin from being able to add themselves to
> > admin workspace. (Thus becoming admin)
> >
> > There were some other tools like SakaiAdminX (
> > https://confluence.sakaiproject.org/display/ADMX/Home) which still might
> > work, and used webservices rather than internal api's to allow creation
> > and
> > modification of site and other information. Using something like this or
> > REST (/direct) API's, for a new or modified sites tool (adminlite) does
> > seem like a way to go.
> >
> > For general permission elevation in other course sites, generally
> > delegated
> > access is used, but I don't think this would work for the tools that have
> > explicit isSuperUser checks.
> >
> >
> > On Sat, May 24, 2014 at 11:12 AM, Kurosch Petzold <
> > kurosch.petzold at fu-berlin.de> wrote:
> >
> >> Hello,
> >>
> >> is there a way to create limited permission admin roles or create a
> >> second
> >> admin workspace with limited number of tools.
> >> If neither of them works, could anyone who has/had this problem at their
> >> institution/university/company explain to me how they solved it (if
> >> there
> >> is a solution to it at all).
> >>
> >> Or to get more to the fact of the actual problem is there a way to use
> >> sakai.sites without su?
> >>
> >> Best regards,
> >> Kurosch Petzold
> >>
> >> _______________________________________________
> >> production mailing list
> >> production at collab.sakaiproject.org
> >> http://collab.sakaiproject.org/mailman/listinfo/production
> >>
> >> TO UNSUBSCRIBE: send email to
> >> production-unsubscribe at collab.sakaiproject.org with a subject of
> >> "unsubscribe"
> >>
> >
> >
> >
> > On Sun, May 25, 2014 at 6:54 AM, Steve Swinsburg
> > <steve.swinsburg at gmail.com>wrote:
> >
> >> Hi,
> >>
> >> Sounds like you might need the Admin Lite functionality. Have a look
> >> here:
> >> https://jira.sakaiproject.org/browse/UMICH-232
> >> https://source.sakaiproject.org/contrib/umich/adminlite/
> >>
> >> cheers,
> >> Steve
> >>
> >>
> >> On Sun, May 25, 2014 at 1:12 AM, Kurosch Petzold <
> >> kurosch.petzold at fu-berlin.de> wrote:
> >>
> >>> Hello,
> >>>
> >>> is there a way to create limited permission admin roles or create a
> >>> second
> >>> admin workspace with limited number of tools.
> >>> If neither of them works, could anyone who has/had this problem at
> >>> their
> >>> institution/university/company explain to me how they solved it (if
> >>> there
> >>> is a solution to it at all).
> >>>
> >>> Or to get more to the fact of the actual problem is there a way to use
> >>> sakai.sites without su?
> >>>
> >>> Best regards,
> >>> Kurosch Petzold
> >>>
> >>> _______________________________________________
> >>> production mailing list
> >>> production at collab.sakaiproject.org
> >>> http://collab.sakaiproject.org/mailman/listinfo/production
> >>>
> >>> TO UNSUBSCRIBE: send email to
> >>> production-unsubscribe at collab.sakaiproject.org with a subject of
> >>> "unsubscribe"
> >>>
> >>
> >>
> >> _______________________________________________
> >> production mailing list
> >> production at collab.sakaiproject.org
> >> http://collab.sakaiproject.org/mailman/listinfo/production
> >>
> >> TO UNSUBSCRIBE: send email to
> >> production-unsubscribe at collab.sakaiproject.org with a subject of
> >> "unsubscribe"
> >>
> > _______________________________________________
> > production mailing list
> > production at collab.sakaiproject.org
> > http://collab.sakaiproject.org/mailman/listinfo/production
> >
> > TO UNSUBSCRIBE: send email to
> > production-unsubscribe at collab.sakaiproject.org with a subject of
> > "unsubscribe"
>
>
> --
> Mit freundlichen Grüßen
>
> Kurosch Petzold
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20140526/8eeab953/attachment.html 


More information about the production mailing list