[Building Sakai] Accessing site membership details via Entity Broker

Stephen Marquard stephen.marquard at uct.ac.za
Mon Jul 26 05:18:38 PDT 2010 

Hi Daniel,

You could file a JIRA to align the permissions checking in the site EB with what is required (they may be too restrictive at present for your requirements), or to create a sections EB.

The EB requests would be made as the user running the tool, and therefore should not return any info which the user would not normally have access to.

Regards
Stephen

>>> Daniel Robinson <d.b.robinson at lancaster.ac.uk> 7/26/2010 2:03 PM >>>
Hi Sakai Developers,

We're currently in the process of rewriting the Roster tool using  
JavaScript and TrimPath.

In order to get site membership details (user display name, user email  
etc.), we've used the following entity broker method:

/direct/membership/site.json?siteId=<siteId>

However, this method generates a security exception when the current  
user doesn't have the necessary permissions. Other EB methods, such as  
this method of retrieving by group, also generate the same security  
exception:

/direct/membership/group/<groupdId>.json

The current Roster tool uses the sections API  
(org.sakaiproject.section.api) to retrieve the site membership details  
it requires (which are blocked by EB), but the sections API doesn't  
appear to have an entity provider.

Does anyone know a way around this or an alternative method of  
accessing site membership details via EB?

Best wishes,

Daniel
_______________________________________________
sakai-dev mailing list
sakai-dev at collab.sakaiproject.org 
http://collab.sakaiproject.org/mailman/listinfo/sakai-dev 

TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"


 

###
UNIVERSITY OF CAPE TOWN 

This e-mail is subject to the UCT ICT policies and e-mail disclaimer published on our website at http://www.uct.ac.za/about/policies/emaildisclaimer/ or obtainable from +27 21 650 4500. This e-mail is intended only for the person(s) to whom it is addressed. If the e-mail has reached you in error, please notify the author. If you are not the intended recipient of the e-mail you may not use, disclose, copy, redirect or print the content. If this e-mail is not related to the business of UCT it is sent by the sender in the sender's individual capacity.

###

More information about the sakai-dev mailing list