[Deploying Sakai] create limited admin workspace, limit admin functionality

Kurosch Petzold kurosch.petzold at fu-berlin.de
Mon May 26 05:19:18 PDT 2014


Added both scripts and it works for full admin now functionality wise. But
the adminlite account has no tools at all in the workspace now.

Best Regards
Kurosch
> Did you also add a site property to the Administration Workspace:
>
>  sakai:includeHtml:  (contents of the script attached to the Jira).  This
> is intended to hide the buttons that admin lite is not supposed to see.
>  Not ideal, but all that the permission grain would allow.
>
> Gonzalo
>
> On Monday, May 26, 2014, Matthew Jones <matthew at longsight.com> wrote:
>
>> Which version did you use? It looks like that issue was only fixed in
>> the
>> trunk version.
>>
>> https://jira.sakaiproject.org/browse/ADMX-12
>>
>> https://source.sakaiproject.org/contrib/umich/adminlite/trunk/
>>
>>
>> On Mon, May 26, 2014 at 5:24 AM, Kurosch Petzold <
>> kurosch.petzold at fu-berlin.de> wrote:
>>
>> Hey,
>>
>> thanks for your replies, both seem to be awesome tools.
>>
>> SakaiAdminX is not supported anymore so I would rather get adminlite up
>> and running.
>> I said would as it does not seem to work correctly. I set it up like
>> described in the readme. Changed every pom.xml entry to sakai 2.9.3 and
>> deployed it just fine.
>>
>> However the adminlite user still can use all tools and adminlite does
>> not
>> work and gives the following error to catalina.out on pressing any
>> button
>> of the tool:
>>
>> 2014-05-26 11:19:10,122  WARN http-bio-8080-exec-8
>> org.sakaiproject.cheftool.VelocityPortletPaneledAction - CSRF Token
>> mismatched or missing on velocity action: doSite; toolId=sakai.adminlite
>>
>>
>> Best regards,
>>
>> Kurosch
>>
>>
>>
>> > Cool, I'd forgotten about about admin lite. Looks like what it
>> provides
>> is
>> > completely reworked sites and realms tools that are more restrictive.
>> The
>> > problem with the tools in the admin workspace is that they check for
>> the
>> > specific "SecurityService.isSuperUser" permission because they don't
>> > restrict, for instance, an non admin from being able to add themselves
>> to
>> > admin workspace. (Thus becoming admin)
>> >
>> > There were some other tools like SakaiAdminX (
>> > https://confluence.sakaiproject.org/display/ADMX/Home) which still
>> might
>> > work, and used webservices rather than internal api's to allow
>> creation
>> > and
>> > modification of site and other information. Using something like this
>> or
>> > REST (/direct) API's, for a new or modified sites tool (adminlite)
>> does
>> > seem like a way to go.
>> >
>> > For general permission elevation in other course sites, generally
>> > delegated
>> > access is used, but I don't think this would work for the tools that
>> have
>> > explicit isSuperUser checks.
>> >
>> >
>> > On Sat, May 24, 2014 at 11:12 AM, Kurosch Petzold <
>> > kurosch.petzold at fu-berlin.de> wrote:
>> >
>> >> Hello,
>> >>
>> >> is there a way to create limited permission admin roles or create a
>> >> second
>> >> admin workspace with limited number of tools.
>> >> If neither of them works, could anyone who has/had this problem at
>> their
>> >> institution/university/company explain to me how they solved it (if
>> >> there
>> >> is a solution to it at all).
>> >>
>> >> Or to get more to the fact of the actual problem is there a way to
>> use
>> >> sakai.sites without su?
>> >>
>> >> Best regards,
>> >> Kurosch Petzold
>> >>
>> >> _______________________________________________
>> >> production mailing list
>> >> production at collab.sakaiproject.org
>> >> http://collab.sakaiproject.org/mailman/listinfo/production
>> >>
>> >> TO UNSUBSCRIBE: send email to
>> >> production-unsubscribe at collab.sakaiproject.org with a subject of
>> >> "unsubscribe"
>> >>
>> >
>> >
>> >
>> > On Sun, May 25, 2014 at 6:54 AM, Steve Swinsburg
>> > <steve.swinsburg at gmail.com>wrote:
>> >
>> >> Hi,
>> >>
>> >> Sounds like you might need the Admin Lite functionality. Have a look
>> >> here:
>> >> https://jira.sakaiproject.org/browse/UMICH-232
>> >> https://source.sakaiproject.org/contrib/umich/adminlite/
>> >>
>> >> cheers,
>> >> Steve
>> >>
>> >>
>> >> On Sun, May 25, 2014 at 1:12 AM, Kurosch Petzold <
>> >> kurosch.petzold at fu-berlin.de> wrote:
>> >>
>> >>> Hello,
>> >>
>>
>>
>



More information about the production mailing list