[Building Sakai] How to set tool wise permission?

Shahid Pathan spathan at platys.in
Tue Feb 21 10:11:34 PST 2012 

Hi Steve,


Sorry for the let reply.


My requirement is  as follows, for each course site we have different
roles. Depending on the role we allow to access or reject the use of tool
in the site.


For that in tool I have 2 type of permission read and write. Some role may
have both or one.


To meet above requirement I did following changes in my module.


Created one function in ExternalLogicImpl as follows

*
*

*public* *boolean* canDoOperationOnTool(String userId, String permission){

            *if* (isUserAdmin(userId)){

                  *log*.debug("Got Admin User :- He can do all");

                  *return* *true*;

            }

         String currentContext =
*toolManager*.getCurrentPlacement().getContext();
// (1)

         String siteRef = *siteService*.siteReference(currentContext); //
(2)

         *java.util.List* azGroups = *new* *java.util.ArrayList*(); // (3)

         *azGroups.add(siteRef)*;

         *java.util.Set* userIds =
*authzGroupService*.getUsersIsAllowed(permission,
azGroups);

         *log*.debug("We got User id :" + userId + " for permission :-" +
permission);

         *return* userIds.contains(userId);

   }


Created two property in ManagedBean class as follows

*public* *boolean* isCanRead() {

            *return* *this*.canRead = externalLogic.canDoOperationOnTool(
externalLogic.getCurrentUserId(), ExternalLogic.*ITEM_READ*);

      }



*public* *boolean* isCanWrite() {

             *return* canWrite = externalLogic.canDoOperationOnTool(
externalLogic.getCurrentUserId(), ExternalLogic.*ITEM_WRITE*);

      }



Depending on this I am rendering view and which working as expected.


Please let me know is this good way to do, or  do we have better approach
to implement.

On Fri, Feb 17, 2012 at 3:31 AM, Steve Swinsburg
<steve.swinsburg at gmail.com>wrote:

> So drilling into it the entire project (you only needed to post the lines
> that relate to this), I see:
>
> // register Sakai permissions for this tool
> functionManager.registerFunction(ITEM_WRITE_ANY);
> functionManager.registerFunction(ITEM_READ_HIDDEN);
> functionManager.registerFunction(ITEM_WRITE);
> functionManager.registerFunction(ITEM_READ);
>
> So assuming those map to the values you are assigning in the Realms tool,
> then they should show up in the list and be assignable to roles.
>
> What doesn't work when you enable the permissions for a role?
>
> cheers,
> Steve
>
>
>
> On 17/02/2012, at 1:47 AM, Shahid Pathan wrote:
>
> Hi Steve,
>
> Thanks for your suggestion. Now I am going through the
> https://confluence.sakaiproject.org/display/BOOT/Using+the+FunctionManager+Serviceto understand how to register tool with permission and let you know. I have
> attached my code. Please have a look.
>
> I did not understand the " IIRC there is a helper". Where do I find this?
>
> Thanks
> Shahid
>
> On Thu, Feb 16, 2012 at 2:35 AM, Steve Swinsburg <
> steve.swinsburg at gmail.com> wrote:
>
>> Hi,
>>
>> Does your tool register the permissions? Can you post the code? They are
>> just binary permissions (on or off) so once you register them they should
>> show up and you can start assigning them to roles.
>>
>> Have a look at the code for how other tools mange the 'permissions' page
>> within the tool itself, IIRC there is a helper.
>>
>> cheers.
>> Steve
>>
>>
>> On 16/02/2012, at 6:18 AM, Shahid Pathan wrote:
>>
>> > Hi All,
>> >
>> > I have created 3 different module (employee, adaptive test, summetive
>> test) and deployed in sakai.
>> >
>> > After that I have created one course site (let say Math-2012) and added
>> above tool for this.
>> > Now I want to assign permission for this 3 different user. For that I
>> am trying to create 3 different role as follows
>> >
>> > 1>empuser :- who can access only employee tool not other in Math-2012
>> site
>> > 2>adpuser :- who can access only adaptive tool not other in Math-2012
>> site
>> > 3>sumuser :- who can access only summetive tool not other in Math-2012
>> site.
>> >
>> > but I found that while creating role we have to select Function form
>> the list of Function (for example     alias.add, alias.del)
>> > and I am unable to find such function for my newly created modules
>> (there are some other function let say employee.read.hidden and
>> employee.write.any) but its not working as expected.
>> >
>> > Can any point me what am i missing?
>> > Do we have other approach to set permission on each tools?
>> >
>> > One strange thing i noticed, for existing tool we have link
>> "Permission" present in each tools home page thorough with administrator
>> can set different permission for each role
>> > that link is not visible for my newly created tool. If I want to add
>> such link in my tools home page what need to done in JSF page.
>> >
>> > Thanks
>> > Shahid Pathan
>> >
>> > _______________________________________________
>> > sakai-dev mailing list
>> > sakai-dev at collab.sakaiproject.org
>> > http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>> >
>> > TO UNSUBSCRIBE: send email to
>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>> "unsubscribe"
>>
>>
> <employee.zip>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120221/33cfe31d/attachment.html

More information about the sakai-dev mailing list