[Building Sakai] Problem: /direct links blocked when "hidden" them with Site Info-Page Order
Sam Ottenhoff
ottenhoff at longsight.com
Tue Jul 12 07:44:11 PDT 2011
https://jira.sakaiproject.org/browse/SAK-20799
I believe Lesson Builder has the same use case. Chuck, is this code ready
for people to backport? It currently shows as In Progress.
--Sam
On Tue, Jul 12, 2011 at 10:39 AM, George Pipkin <gpp8p at virginia.edu> wrote:
> Hi Everyone:
>
> We have been working with embedding /direct links to Assignments, Forum
> Topics and Quizzes into syllabus pages. This was done using EVAP’s or
> HVAP’s where appropriate (in Assignments or Forums) or nothing at all
> (samigo) In v2.6.x, a tool could be “hidden” (using the tool-order
> function in Site-Info) but the user could still access a particular
> assignment, forum topic, or quiz. In v2.7.x for forums and assignments,
> when the tool is “hidden”, attempts to access it with a /direct link
> result in a redirect to !error.
>
> The mechanics site-manage uses to “hide” a tool is the same in v2.6.x
> and v2.7.x is the same. The site.upd permission is added to the list of
> functions.require that is kept in a placement property. Roles that do
> not have this permission (i.e. students) cannot access the particular
> page upon which the placement is made.
>
> The thing that is puzzling me is why this did not interfere with /direct
> links in v2w.6.x and it does in v2.7.x. Is this one of the security
> holes that v2.7.x is intended to address? I was wonder if somebody
> could point out to me where in the kernel code the placement property is
> checked and the redirect to !error happens.
>
> This issue impacts a critical instructional use case we have been
> developing here at U.Va., and I’d like to see if there’s any way we
> could modify the new business rule so /direct links still work when a
> page has been “hidden”.
>
>
> - George Pipkin U.Va.
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20110712/35a7cf34/attachment.html
More information about the sakai-dev
mailing list