[Building Sakai] question about admin privilege
Nuno Fernandes
nuno at ufp.edu.pt
Fri Jan 15 08:59:24 PST 2010
Right!
With a custom SecurityAdvisor, you can also grant/deny/pass access only for
a specific set of permissions and/or entity references...
Nuno
On Fri, Jan 15, 2010 at 4:57 PM, Stephen Marquard <
stephen.marquard at uct.ac.za> wrote:
> There is also the option of using a SecurityAdvisor to permit the
> current user to perform specific actions, rather than setting the user's
> session to admin, which applies to any requests from that user while in
> effect, and can lead to unintended security holes if the "admin-enabled"
> action takes a while to execute, for example.
>
> Regards
> Stephen
>
> >>> Nuno Fernandes <nuno at ufp.edu.pt> 1/15/2010 11:47 AM >>>
> Hi Hai Vo,
>
> Are you trying to give admin privilege to a user on UI, or do you wish
> to
> perform an admin operation triggered by an user who don't have such
> permission (eg, adding users to a site after an user (with access
> role)
> clicking on something on a tool page)?
>
> For the second case (done in code), you could probably use something
> like:
>
> AdminExecution exec = new AdminExecution() {
> @Override
> public Object execution() throws Exception {
> return performSakaiAdminOpAndReturnString();
> }
> };
> try{
> return (String) exec.execute();
> }catch(Exception e){
> log.error("Error while executing admin operation", e);
> return null;
> }
>
> where, *AdminExecution* is an abstract class:
>
> abstract class AdminExecution {
> public AdminExecution() {};
> public abstract Object execution() throws Exception;
> public Object execute() throws Exception {
> Object returnObject = null;
> Session sakaiSession = sessionManager.getCurrentSession();
> String currentUserId = sakaiSession.getUserId();
> String currentUserEid = sakaiSession.getUserEid();
> if(!"admin".equals(currentUserId)) {
> // current user not admin
> try {
> sakaiSession.setUserId("admin");
> sakaiSession.setUserEid("admin");
> authGroupService.refreshUser("admin");
> returnObject = execution();
> } catch (Exception e) {
> log.error("Error occurred while executing as Sakai Administrator",
> e);
> throw e;
> } finally {
> sakaiSession.setUserId(currentUserId);
> sakaiSession.setUserEid(currentUserEid);
> authGroupService.refreshUser(currentUserId);
> }
> }else{
> // current user is admin
> try {
> returnObject = execution();
> } catch (Exception e) {
> log.error("Error occurred while executing as Sakai Administrator",
> e);
> throw e;
> }
> }
> return returnObject;
> }
> }
>
> Hope it helps,
> Nuno
>
> On Fri, Jan 15, 2010 at 8:48 AM, Hai Vo Thanh <v0thanhhai at yahoo.com>
> wrote:
>
> > Dear all,
> > is there any method that can set a user have admin privilege
> temporally?
> > Thanks.
> > -----------
> > Hai Vo
> >
> >
> > _______________________________________________
> > sakai-dev mailing list
> > sakai-dev at collab.sakaiproject.org
> > http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> >
> > TO UNSUBSCRIBE: send email to
> > sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> > "unsubscribe"
> >
>
>
>
> --
> Nuno Fernandes
>
> Profile | http://facebook.com/nfgrilo |
> http://linkedin.com/in/nfgrilo
> Web | http://codingwithcoffee.com | http://twitter.com/nfgrilo
> Work | Analyst/Programmer @ UFP-UV [http://elearning.ufp.pt]
> | Analyst/Programmer @ Sakai Foundation [
> http://sakaiproject.org]
> | Sakai Fellow 2008 @ Sakai Foundation [
> http://confluence.sakaiproject.org//x/6oCTAQ]
> Address | Universidade Fernando Pessoa [http://www.ufp.pt]
> | Praça 9 de Abril, 349 | 4249-004 Porto
> | tel: + 351 22 507 13 00 | fax: + 351 22 550 82 69
>
>
--
Nuno Fernandes
Profile | http://facebook.com/nfgrilo | http://linkedin.com/in/nfgrilo
Web | http://codingwithcoffee.com | http://twitter.com/nfgrilo
Work | Analyst/Programmer @ UFP-UV [http://elearning.ufp.pt]
| Analyst/Programmer @ Sakai Foundation [
http://sakaiproject.org]
| Sakai Fellow 2008 @ Sakai Foundation [
http://confluence.sakaiproject.org//x/6oCTAQ]
Address | Universidade Fernando Pessoa [http://www.ufp.pt]
| Praça 9 de Abril, 349 | 4249-004 Porto
| tel: + 351 22 507 13 00 | fax: + 351 22 550 82 69
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20100115/211e0caf/attachment.html
More information about the sakai-dev
mailing list