[Building Sakai] question about admin privilege

Fri Jan 15 08:57:09 PST 2010

There is also the option of using a SecurityAdvisor to permit the
current user to perform specific actions, rather than setting the user's
session to admin, which applies to any requests from that user while in
effect, and can lead to unintended security holes if the "admin-enabled"
action takes a while to execute, for example.

Regards
Stephen 

>>> Nuno Fernandes <nuno at ufp.edu.pt> 1/15/2010 11:47 AM >>> 
Hi Hai Vo,

Are you trying to give admin privilege to a user on UI, or do you wish
to
perform an admin operation triggered by an user who don't have such
permission (eg, adding users to a site after an user (with access
role)
clicking on something on a tool page)?

For the second case (done in code), you could probably use something
like:

    AdminExecution exec = new AdminExecution() {
        @Override
        public Object execution() throws Exception {
            return performSakaiAdminOpAndReturnString();
        }
    };
    try{
        return (String) exec.execute();
    }catch(Exception e){
        log.error("Error while executing admin operation", e);
        return null;
    }

where, *AdminExecution* is an abstract class:

abstract class AdminExecution {
 public AdminExecution() {};
  public abstract Object execution() throws Exception;
  public Object execute() throws Exception {
 Object returnObject = null;
 Session sakaiSession = sessionManager.getCurrentSession();
 String currentUserId = sakaiSession.getUserId();
 String currentUserEid = sakaiSession.getUserEid();
 if(!"admin".equals(currentUserId)) {
 // current user not admin
 try {
 sakaiSession.setUserId("admin");
 sakaiSession.setUserEid("admin");
 authGroupService.refreshUser("admin");
  returnObject = execution();
 } catch (Exception e) {
 log.error("Error occurred while executing as Sakai Administrator",
e);
 throw e;
 } finally {
 sakaiSession.setUserId(currentUserId);
 sakaiSession.setUserEid(currentUserEid);
 authGroupService.refreshUser(currentUserId);
 }
  }else{
 // current user is admin
 try {
 returnObject = execution();
 } catch (Exception e) {
 log.error("Error occurred while executing as Sakai Administrator",
e);
 throw e;
 }
 }
 return returnObject;
 }
 }

Hope it helps,
Nuno

On Fri, Jan 15, 2010 at 8:48 AM, Hai Vo Thanh <v0thanhhai at yahoo.com>
wrote:

> Dear all,
> is there any method that can set a user have admin privilege
temporally?
> Thanks.
> -----------
> Hai Vo
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>

-- 
Nuno Fernandes

Profile    | http://facebook.com/nfgrilo |
http://linkedin.com/in/nfgrilo
Web      | http://codingwithcoffee.com | http://twitter.com/nfgrilo
Work     | Analyst/Programmer @ UFP-UV [http://elearning.ufp.pt]
             | Analyst/Programmer @ Sakai Foundation [
http://sakaiproject.org]
             | Sakai Fellow 2008 @ Sakai Foundation [
http://confluence.sakaiproject.org//x/6oCTAQ]
Address | Universidade Fernando Pessoa  [http://www.ufp.pt]
             | Praça 9 de Abril, 349    | 4249-004 Porto
             | tel: + 351 22 507 13 00 | fax: + 351 22 550 82 69