[Building Sakai] question about admin privilege

Nuno Fernandes nuno at ufp.edu.pt
Fri Jan 15 08:59:24 PST 2010 

Right!

With a custom SecurityAdvisor, you can also grant/deny/pass access only for
a specific set of permissions and/or entity references...

Nuno

On Fri, Jan 15, 2010 at 4:57 PM, Stephen Marquard <
stephen.marquard at uct.ac.za> wrote:

> There is also the option of using a SecurityAdvisor to permit the
> current user to perform specific actions, rather than setting the user's
> session to admin, which applies to any requests from that user while in
> effect, and can lead to unintended security holes if the "admin-enabled"
> action takes a while to execute, for example.
>
> Regards
> Stephen
>
> >>> Nuno Fernandes <nuno at ufp.edu.pt> 1/15/2010 11:47 AM >>>
> Hi Hai Vo,
>
> Are you trying to give admin privilege to a user on UI, or do you wish
> to
> perform an admin operation triggered by an user who don't have such
> permission (eg, adding users to a site after an user (with access
> role)
> clicking on something on a tool page)?
>
> For the second case (done in code), you could probably use something
> like:
>
>    AdminExecution exec = new AdminExecution() {
>        @Override
>        public Object execution() throws Exception {
>            return performSakaiAdminOpAndReturnString();
>        }
>    };
>    try{
>        return (String) exec.execute();
>    }catch(Exception e){
>        log.error("Error while executing admin operation", e);
>        return null;
>    }
>
> where, *AdminExecution* is an abstract class:
>
> abstract class AdminExecution {
>  public AdminExecution() {};
>  public abstract Object execution() throws Exception;
>  public Object execute() throws Exception {
>  Object returnObject = null;
>  Session sakaiSession = sessionManager.getCurrentSession();
>  String currentUserId = sakaiSession.getUserId();
>  String currentUserEid = sakaiSession.getUserEid();
>  if(!"admin".equals(currentUserId)) {
>  // current user not admin
>  try {
>  sakaiSession.setUserId("admin");
>  sakaiSession.setUserEid("admin");
>  authGroupService.refreshUser("admin");
>  returnObject = execution();
>  } catch (Exception e) {
>  log.error("Error occurred while executing as Sakai Administrator",
> e);
>  throw e;
>  } finally {
>  sakaiSession.setUserId(currentUserId);
>  sakaiSession.setUserEid(currentUserEid);
>  authGroupService.refreshUser(currentUserId);
>  }
>  }else{
>  // current user is admin
>  try {
>  returnObject = execution();
>  } catch (Exception e) {
>  log.error("Error occurred while executing as Sakai Administrator",
> e);
>  throw e;
>  }
>  }
>  return returnObject;
>  }
>  }
>
> Hope it helps,
> Nuno
>
> On Fri, Jan 15, 2010 at 8:48 AM, Hai Vo Thanh <v0thanhhai at yahoo.com>
> wrote:
>
> > Dear all,
> > is there any method that can set a user have admin privilege
> temporally?
> > Thanks.
> > -----------
> > Hai Vo
> >
> >
> > _______________________________________________
> > sakai-dev mailing list
> > sakai-dev at collab.sakaiproject.org
> > http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> >
> > TO UNSUBSCRIBE: send email to
> > sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> > "unsubscribe"
> >
>
>
>
> --
> Nuno Fernandes
>
> Profile    | http://facebook.com/nfgrilo |
> http://linkedin.com/in/nfgrilo
> Web      | http://codingwithcoffee.com | http://twitter.com/nfgrilo
> Work     | Analyst/Programmer @ UFP-UV [http://elearning.ufp.pt]
>             | Analyst/Programmer @ Sakai Foundation [
> http://sakaiproject.org]
>             | Sakai Fellow 2008 @ Sakai Foundation [
> http://confluence.sakaiproject.org//x/6oCTAQ]
> Address | Universidade Fernando Pessoa  [http://www.ufp.pt]
>             | Praça 9 de Abril, 349    | 4249-004 Porto
>             | tel: + 351 22 507 13 00 | fax: + 351 22 550 82 69
>
>


-- 
Nuno Fernandes

Profile    | http://facebook.com/nfgrilo | http://linkedin.com/in/nfgrilo
Web      | http://codingwithcoffee.com | http://twitter.com/nfgrilo
Work     | Analyst/Programmer @ UFP-UV [http://elearning.ufp.pt]
             | Analyst/Programmer @ Sakai Foundation [
http://sakaiproject.org]
             | Sakai Fellow 2008 @ Sakai Foundation [
http://confluence.sakaiproject.org//x/6oCTAQ]
Address | Universidade Fernando Pessoa  [http://www.ufp.pt]
             | Praça 9 de Abril, 349    | 4249-004 Porto
             | tel: + 351 22 507 13 00 | fax: + 351 22 550 82 69
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20100115/211e0caf/attachment.html

More information about the sakai-dev mailing list