[Building Sakai] help with a PermissionException problem

Maurer, Christopher Wayne chmaurer at iupui.edu
Fri Aug 24 11:52:43 PDT 2012 

Sorry for not getting back sooner.
There was a similar conversation just the other day:
http://old.nabble.com/-Building-Sakai--user-login-reverts-to-admin-user-td34324280.html

But other examples in Matrix code:
https://source.sakaiproject.org/svn//osp/trunk/matrix/api-impl/src/java/org/theospi/portfolio/matrix/HibernateMatrixManagerImpl.java

Around line 3910
You see the creation of an advisor.  This particular one only has a user and a function, but you'd likely want one that also has a reference to the thing you are granting access on.
Then, you push the advisor on the security stack, do whatever it is that you need to do with those elevated permissions, then pop the advisor off.  Done.  Easy!  ;)

Chris

From: Xiaolin Xie <alphabnu at gmail.com<mailto:alphabnu at gmail.com>>
Date: Thursday, August 23, 2012 11:45 AM
To: Chris Maurer <chmaurer at iupui.edu<mailto:chmaurer at iupui.edu>>
Cc: "sakai-dev at collab.sakaiproject.org<mailto:sakai-dev at collab.sakaiproject.org>" <sakai-dev at collab.sakaiproject.org<mailto:sakai-dev at collab.sakaiproject.org>>
Subject: Re: [Building Sakai] help with a PermissionException problem

Hi Chris.

Thank you so much for the prompt reply. Your explanation makes perfect sense to me. If you had a moment, that would be great if you could point out some specific examples of security advisors in matrix code. Thanks a lot!

Xiaolin.

On Thu, Aug 23, 2012 at 10:24 AM, Maurer, Christopher Wayne <chmaurer at iupui.edu<mailto:chmaurer at iupui.edu>> wrote:
If your custom tool is just gathering those things together, there's nothing in your tool that allows instructors to view that data.  Parts of the Matrix code are granting access to instructors because of their association to the student in the matrix.  You'll probably need to do the same thing in your code.  Add a security advisor right before you try to get that "restricted" data and that should give appropriate access to the instructor.  I'd recommend for the advisor to be as specific as possible in that grant the content.read permission to that instructor for that particular resource item (or form).  That way you don't accidentally give too much permissions for things they shouldn't be seeing.  There should be lots of examples of security advisors in matrix code, but I'd be happy to point out specific cases if you need it.

Chris

From: Xiaolin Xie <alphabnu at gmail.com<mailto:alphabnu at gmail.com>>
Date: Thursday, August 23, 2012 11:17 AM
To: "sakai-dev at collab.sakaiproject.org<mailto:sakai-dev at collab.sakaiproject.org>" <sakai-dev at collab.sakaiproject.org<mailto:sakai-dev at collab.sakaiproject.org>>
Subject: [Building Sakai] help with a PermissionException problem

Hi Sakai developers.

I am developing an instructor only tool that compiles student answers to forms in a matrix. It works fine when the Sakai administrator accesses this tool. However, there is a problem with instructor access.

This is the exception stack trace:
INFO: [SuTool] Username admin becoming xxxxx (2012-08-22 09:50:17,570 TP-Processor10_org.sakaiproject.tool.su.SuTool)
org.sakaiproject.exception.PermissionException user=70382d1d-a91d-4913-a41d-4e6996a1a5ba lock=content.read resource=/content/user/5cd94b20-4948-4711-9846-debd42fa3988/portfolio-interaction/demo_coe_2/BF9F9D8DE3B53AC9FE5792CA9BC074BF/6FE9B7A62C703EED28E04E0B3F9B20BB/E55398AAA29DC42C4A05937209D0B57D
at org.sakaiproject.content.impl.BaseContentService.unlock(BaseContentService.java:1677)
at org.sakaiproject.content.impl.BaseContentService.getResource(BaseContentService.java:4174)
at org.sakaiproject.matrixreport.logic.ExternalLogicImpl.getContentStringByUuid(ExternalLogicImpl.java:232)


This is the code where the exception happens. It tries to access the xml content of students’ answers to forms in matrix.
   public String getContentStringByUuid(String uuid){
            String str=null;
            ContentResource cr;
            try {
                  String id=contentHostingService.resolveUuid(uuid);
                  cr = contentHostingService.getResource(id);
                  str=new String(cr.getContent());
            } catch (PermissionException e) {
                  e.printStackTrace();
            } catch (IdUnusedException e) {
                  e.printStackTrace();
            } catch (TypeException e) {
                  e.printStackTrace();
            } catch (ServerOverloadException e) {
                  e.printStackTrace();
            }
            return str;
      }

I don’t understand why instructor does not have the access to students’ answers to forms in the matrix because the instructor can view it through the  matrix tool.

Are there any problems with my code? Or how should I access these resourceses?  Do you guys have any idea what might cause that exception? Thanks a lot! I really appreciate any help you can offer.

Xiaolin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120824/28ab1205/attachment.html

More information about the sakai-dev mailing list