[Building Sakai] Problem: /direct links blocked when "hidden" them with Site Info-Page Order

csev csev at umich.edu
Tue Jul 12 07:55:11 PDT 2011 

Sam - this is ready to back-port if folks want it.

I was just leaving it "In Progress" to give folks a chance to review and comment and look at the screen shots.

https://jira.sakaiproject.org/browse/SAK-20799

I would think it would be a pretty easy back-port - that code is pretty stable.

A quick look would be appreciated.  Comments welcome.

/Chuck

On Jul 12, 2011, at 7:44 AM, Sam Ottenhoff wrote:

> https://jira.sakaiproject.org/browse/SAK-20799
> 
> I believe Lesson Builder has the same use case. Chuck, is this code ready for people to backport?  It currently shows as In Progress.
> 
> --Sam
> 
> On Tue, Jul 12, 2011 at 10:39 AM, George Pipkin <gpp8p at virginia.edu> wrote:
> Hi Everyone:
> 
> We have been working with embedding /direct links to Assignments, Forum
> Topics and Quizzes into syllabus pages. This was done using EVAP’s or
> HVAP’s where appropriate (in Assignments or Forums) or nothing at all
> (samigo) In v2.6.x, a tool could be “hidden” (using the tool-order
> function in Site-Info) but the user could still access a particular
> assignment, forum topic, or quiz. In v2.7.x for forums and assignments,
> when the tool is “hidden”, attempts to access it with a /direct link
> result in a redirect to !error.
> 
> The mechanics site-manage uses to “hide” a tool is the same in v2.6.x
> and v2.7.x is the same. The site.upd permission is added to the list of
> functions.require that is kept in a placement property. Roles that do
> not have this permission (i.e. students) cannot access the particular
> page upon which the placement is made.
> 
> The thing that is puzzling me is why this did not interfere with /direct
> links in v2w.6.x and it does in v2.7.x. Is this one of the security
> holes that v2.7.x is intended to address? I was wonder if somebody
> could point out to me where in the kernel code the placement property is
> checked and the redirect to !error happens.
> 
> This issue impacts a critical instructional use case we have been
> developing here at U.Va., and I’d like to see if there’s any way we
> could modify the new business rule so /direct links still work when a
> page has been “hidden”.
> 
> 
> - George Pipkin U.Va.
> 
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> 
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
> 
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> 
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20110712/eeca7532/attachment.html

More information about the sakai-dev mailing list