[Deploying Sakai] create limited admin workspace, limit admin functionality

Gonzalo Silverio gsilver at umich.edu
Mon May 26 05:12:53 PDT 2014 

Did you also add a site property to the Administration Workspace:

 sakai:includeHtml:  (contents of the script attached to the Jira).  This
is intended to hide the buttons that admin lite is not supposed to see.
 Not ideal, but all that the permission grain would allow.

Gonzalo

On Monday, May 26, 2014, Matthew Jones <matthew at longsight.com> wrote:

> Which version did you use? It looks like that issue was only fixed in the
> trunk version.
>
> https://jira.sakaiproject.org/browse/ADMX-12
>
> https://source.sakaiproject.org/contrib/umich/adminlite/trunk/
>
>
> On Mon, May 26, 2014 at 5:24 AM, Kurosch Petzold <
> kurosch.petzold at fu-berlin.de> wrote:
>
> Hey,
>
> thanks for your replies, both seem to be awesome tools.
>
> SakaiAdminX is not supported anymore so I would rather get adminlite up
> and running.
> I said would as it does not seem to work correctly. I set it up like
> described in the readme. Changed every pom.xml entry to sakai 2.9.3 and
> deployed it just fine.
>
> However the adminlite user still can use all tools and adminlite does not
> work and gives the following error to catalina.out on pressing any button
> of the tool:
>
> 2014-05-26 11:19:10,122  WARN http-bio-8080-exec-8
> org.sakaiproject.cheftool.VelocityPortletPaneledAction - CSRF Token
> mismatched or missing on velocity action: doSite; toolId=sakai.adminlite
>
>
> Best regards,
>
> Kurosch
>
>
>
> > Cool, I'd forgotten about about admin lite. Looks like what it provides
> is
> > completely reworked sites and realms tools that are more restrictive. The
> > problem with the tools in the admin workspace is that they check for the
> > specific "SecurityService.isSuperUser" permission because they don't
> > restrict, for instance, an non admin from being able to add themselves to
> > admin workspace. (Thus becoming admin)
> >
> > There were some other tools like SakaiAdminX (
> > https://confluence.sakaiproject.org/display/ADMX/Home) which still might
> > work, and used webservices rather than internal api's to allow creation
> > and
> > modification of site and other information. Using something like this or
> > REST (/direct) API's, for a new or modified sites tool (adminlite) does
> > seem like a way to go.
> >
> > For general permission elevation in other course sites, generally
> > delegated
> > access is used, but I don't think this would work for the tools that have
> > explicit isSuperUser checks.
> >
> >
> > On Sat, May 24, 2014 at 11:12 AM, Kurosch Petzold <
> > kurosch.petzold at fu-berlin.de> wrote:
> >
> >> Hello,
> >>
> >> is there a way to create limited permission admin roles or create a
> >> second
> >> admin workspace with limited number of tools.
> >> If neither of them works, could anyone who has/had this problem at their
> >> institution/university/company explain to me how they solved it (if
> >> there
> >> is a solution to it at all).
> >>
> >> Or to get more to the fact of the actual problem is there a way to use
> >> sakai.sites without su?
> >>
> >> Best regards,
> >> Kurosch Petzold
> >>
> >> _______________________________________________
> >> production mailing list
> >> production at collab.sakaiproject.org
> >> http://collab.sakaiproject.org/mailman/listinfo/production
> >>
> >> TO UNSUBSCRIBE: send email to
> >> production-unsubscribe at collab.sakaiproject.org with a subject of
> >> "unsubscribe"
> >>
> >
> >
> >
> > On Sun, May 25, 2014 at 6:54 AM, Steve Swinsburg
> > <steve.swinsburg at gmail.com>wrote:
> >
> >> Hi,
> >>
> >> Sounds like you might need the Admin Lite functionality. Have a look
> >> here:
> >> https://jira.sakaiproject.org/browse/UMICH-232
> >> https://source.sakaiproject.org/contrib/umich/adminlite/
> >>
> >> cheers,
> >> Steve
> >>
> >>
> >> On Sun, May 25, 2014 at 1:12 AM, Kurosch Petzold <
> >> kurosch.petzold at fu-berlin.de> wrote:
> >>
> >>> Hello,
> >>
>
>

-- 
- Gonzalo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/production/attachments/20140526/45f11b1c/attachment-0001.html

More information about the production mailing list