[Building Sakai] CourseManagementAdministration removeSectionMembership(..) ignores SecuityAdvisor ?
Steve Swinsburg
steve.swinsburg at gmail.com
Wed Aug 22 04:40:38 PDT 2012
It's possible that the code doesn't check for an advisor and just checks if you are admin. Whilst not the best, if it works then it is safe since the finally will always run. A bug should be filed on that code to check for an advisor though, if that is indeed the case.
Cheers,
Steve
Sent from my iPad
On 22/08/2012, at 19:44, David Wafula <davidwaf at gmail.com> wrote:
> Dear all,
> Using 2.8.0.
>
> The following code ignores the use of SecurityAdvisor when calling
> CourseManagementAdministration.removeSectionMembership():
>
> SecurityAdvisor localSecAdvisor=new SecurityAdvisor() {...}
> try{
> securityService.pushAdvisor( localSecAdvisor);
> courseManagementAdministration.removeSectionMembership(user.getEid(),
> sectionId)
> }finally{
> securityService.popAdvisor( localSecAdvisor);
> }
>
>
> but works with this :
>
> Session localSakaiSession = null;
> User currentUser = null;
> try{
>
> currentUser = userDirectoryService.getCurrentUser();
> localSakaiSession = sessionManager.getCurrentSession();
> localSakaiSession.setUserId("admin");
> localSakaiSession.setUserEid("admin");
> ...
> ...
>
> }finally{
> localSakaiSession.setUserEid(currentUser.getEid());
> localSakaiSession.setUserId(currentUser.getId());
> }
>
>
> Is the try..finally safe when using
> localSakaiSession.setUserId("admin") etc ?
>
> Thanks.
> --
> David Wafula
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
More information about the sakai-dev
mailing list