[Building Sakai] Problem: /direct links blocked when "hidden" them with Site Info-Page Order
csev
csev at umich.edu
Tue Jul 12 07:55:11 PDT 2011
Sam - this is ready to back-port if folks want it.
I was just leaving it "In Progress" to give folks a chance to review and comment and look at the screen shots.
https://jira.sakaiproject.org/browse/SAK-20799
I would think it would be a pretty easy back-port - that code is pretty stable.
A quick look would be appreciated. Comments welcome.
/Chuck
On Jul 12, 2011, at 7:44 AM, Sam Ottenhoff wrote:
> https://jira.sakaiproject.org/browse/SAK-20799
>
> I believe Lesson Builder has the same use case. Chuck, is this code ready for people to backport? It currently shows as In Progress.
>
> --Sam
>
> On Tue, Jul 12, 2011 at 10:39 AM, George Pipkin <gpp8p at virginia.edu> wrote:
> Hi Everyone:
>
> We have been working with embedding /direct links to Assignments, Forum
> Topics and Quizzes into syllabus pages. This was done using EVAP’s or
> HVAP’s where appropriate (in Assignments or Forums) or nothing at all
> (samigo) In v2.6.x, a tool could be “hidden” (using the tool-order
> function in Site-Info) but the user could still access a particular
> assignment, forum topic, or quiz. In v2.7.x for forums and assignments,
> when the tool is “hidden”, attempts to access it with a /direct link
> result in a redirect to !error.
>
> The mechanics site-manage uses to “hide” a tool is the same in v2.6.x
> and v2.7.x is the same. The site.upd permission is added to the list of
> functions.require that is kept in a placement property. Roles that do
> not have this permission (i.e. students) cannot access the particular
> page upon which the placement is made.
>
> The thing that is puzzling me is why this did not interfere with /direct
> links in v2w.6.x and it does in v2.7.x. Is this one of the security
> holes that v2.7.x is intended to address? I was wonder if somebody
> could point out to me where in the kernel code the placement property is
> checked and the redirect to !error happens.
>
> This issue impacts a critical instructional use case we have been
> developing here at U.Va., and I’d like to see if there’s any way we
> could modify the new business rule so /direct links still work when a
> page has been “hidden”.
>
>
> - George Pipkin U.Va.
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20110712/eeca7532/attachment.html
More information about the sakai-dev
mailing list