[Building Sakai] Creating (and then propagating) new roles inSakai...?
Steve Swinsburg
steve.swinsburg at gmail.com
Sat Aug 29 02:48:01 PDT 2009
The SQL for the realms tables (theres a heap of them) is extremely
complex which is why I wrote that webservice to sync up functions in
roles in sites.
There's also an explanation of how it all works (ie from the templates
etc) on the blog post you referred to Will:
http://steve-on-sakai.blogspot.com/2009/05/roles-in-sakai-sites.html
There's even Perl scripts that run the services in a batch. It's super
fast to sync it all up.
Aaron's tool looks good as well, perhaps give that a go.
For even more info, Ian made up a nice diagram a while back (but its
gone, Ian do you still have it?)
http://blog.tfd.co.uk/2008/06/17/sakai-realm-relationships/
Whenever anyone suggests running SQL on the Sakai DB, run!
cheers,
Steve
On 27/08/2009, at 1:59 AM, Stephen Marquard wrote:
> If you look at the conversion scripts (e.g. 2.4 to 2.5, 2.5 to 2.6),
> you'll see some SQL which adds new permissions to all existing
> realms. It's a little complex but you could adapt it for your own
> requirements (at your own risk of course).
>
> For a tool-based approach, there's Aaron Z's admin permissions tool:
>
> https://source.sakaiproject.org/contrib/caret/admin-site-perms/trunk
>
> Cheers
> Stephen
>
>>>> "will at serensoft.com" <will at serensoft.com> 8/26/2009 5:50 PM >>>
> Thanks Steve, that's helpful. So we can't rely on
> !site.template.course for default/fallback permissions, we have to
> propagate rules to each course worksite with all the check-marks
> intact. (Tho !site.helper does work as a fallback, which is a big can
> of worms to open...)
>
> Is there some SQL somewhere within confluence that might handle the
> propagating/copying of roles and 'locks'? Googling has turned up some
> webservices by Steve S, which look like they might be useful, but
> we're hoping for some SQL to make short work of this.
>
> Does anybody have a pointer to SQL to start with the realm and roles
> of course worksite X and propagate those realms/roles to other course
> worksites?
>
> ===
> It looks like S.Swinsburg has a nice webservices approach:
> http://steve-on-sakai.blogspot.com/2009/05/roles-in-sakai-sites.html
>
> ...but we're hoping for SQL which doesn't require sakai.properties
> tweaks and a server restart...
>
>
> On Wed, Aug 26, 2009 at 3:39 AM, Stephen
> Marquard<stephen.marquard at uct.ac.za> wrote:
>> Hi,
>>
>> Templates are copied for site realms. After that, only the site
>> realms are consulted for permission lookups.
>>
>> The exceptions to this are the !site.helper realm, and !
>> user.template.XXXX realms for user-specific permissions (e.g.
>> site.new).
>>
>> Cheers
>> Stephen
>>
>>
>>
>>
>> Stephen Marquard, Learning Technologies Co-ordinator
>> Centre for Educational Technology, University of Cape Town
>> http://www.cet.uct.ac.za
>> Email/IM/XMPP: stephen.marquard at uct.ac.za
>> Phone: +27-21-650-5037 Cell: +27-83-500-5290
>>
>>>>> "will at serensoft.com" <will at serensoft.com> 8/26/2009 12:39 AM >>>
>> Some questions about realms and creating new roles:
>>
>> We've started with the default three roles for courses, plus lots of
>> course worksites all ready to go. Now, of course, after the fact, we
>> want to add some new roles to all these courses... :)
>>
>> Is there some SQL somewhere within confluence that might handle this?
>> Googling has turned up some webservices by Steve S, which look like
>> they might be useful, but we're hoping for some SQL to make short
>> work
>> of this.
>>
>> And is this the sequence?...
>> 1) create course roles in realm !site.template.course with all
>> checkboxes set as appropriate
>> 2) replicate/copy those roles to all the realms for course worksite
>> instances (including groups?)
>> Right?
>>
>> One final question -- if the check-boxes are ON in the
>> !site.template.course realm, they don't need to also be on in the
>> individual courses as well, right? That is, the permissions are
>> OR'ed,
>> meaning that, for your role X, if worksite-specific-realm checkmarks
>> are ON fo role X, *or* worksite-template-realm checkmarks are on for
>> role X, then those in role X have that permission.
>>
>> That seems to be what Zach is saying here:
>> http://aeroplanesoftware.com/sakai-permissions-in-depth/
>>
>> Right? :)
>>
>> --
>> will trillich
>> "Tis the set of the sails / And not the gales / That tells the way we
>> go." -- Ella Wheeler Wilcox
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org
>> with a subject of "unsubscribe"
>>
>>
>
>
>
> --
> will trillich
> "Tis the set of the sails / And not the gales / That tells the way we
> go." -- Ella Wheeler Wilcox
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org
> with a subject of "unsubscribe"
More information about the sakai-dev
mailing list