[Building Sakai] Adding method to Site Service not seen in other web-apps

Steve Swinsburg steve.swinsburg at gmail.com
Thu May 10 15:21:00 PDT 2012 

Hi,

I'm not sure what you mean about the kernel webapp. There isn't one.
What you need to do is add the method declaration to the appropriate interface, e.g. org.sakaiproject.site.api.SiteService
 then flesh it out in the implementation of that class, e.g. org.sakaiproject.site.impl.BaseSiteService

In terms of opening security holes, I think you'd open a bigger one if you were to create a method that bypassed the security checks.

What is the method that you are having trouble getting past and we can see what can be done. Often tools do their own unlocking so you might be able to push a SecurityAdvisor onto the stack from the tool, so that the unlock check will pass further down the chain.

cheers,
Steve



On 11/05/2012, at 8:09 AM, Me wrote:

> Good afternoon Steve,
>  
> Thank you very much.  I have read through the code and have realized that many methods in SiteService (and BaseSiteService) use the unlock() method which ensure that, in many situations, unless the user has site.upd they cannot save the modification.  We are trying to give permissions to groups without giving them site.upd permissions.  I know that I could just modify the methods, but I do not know every class that uses them.  Modifying the code might open a security breach that would be unintended.
> I was hoping that I would be able to create a second method would be similar to the first but not utilize the unlock() method.  However, even after I added it to the api's SiteService, the cover's SiteService and the BaseSiteService's implementation, and running mvn install and deploy on the kernel webapp, the new method still did not pick up the new method.  I am wondering what I am missing, that when I tried to add a new method to the kernel SiteService webapp that I was unable to reference it in my web webapp.
>  
> Thank you so much for your response,
> Shlomo
> 
> --- On Tue, 5/8/12, Steve Swinsburg <steve.swinsburg at gmail.com> wrote:
> 
> From: Steve Swinsburg <steve.swinsburg at gmail.com>
> Subject: Re: [Building Sakai] Adding method to Site Service not seen in other web-apps
> To: "Me" <bitultorah at yahoo.com>
> Cc: sakai-dev at collab.sakaiproject.org
> Date: Tuesday, May 8, 2012, 6:53 PM
> 
> Hi,
> 
> You'll need to ensure that the role of the user that is making the change has the correct permission. This will allow the security check to pass.  IIRC, for changing the description of a site, this is the site.upd permission, however that is tied to a number of other site modifications. 
> 
> You'd need more fine grained control:
> https://jira.sakaiproject.org/browse/SAK-7768
> 
> Your other issue is probably to due with duplicate jars in shared lib, and Tomcat picking the first (generally older) version.
> 
> cheers,
> Steve
> 
> 
> 
> 
> 
> On 09/05/2012, at 5:10 AM, Me wrote:
> 
>> Good afternoon,
>>  
>> I have been requested at work to modify some code that would allow a TA the ability to change the description, (as well as other roles to change various items of a site).  Although I was able to add it my code, they both used Kernel's SiteService's save() or saveSiteInfo()'s methods.  In these methods there is a lock on the permissions to not allow a TA (or by save() other groups) to modify, and I received a lock error in my logs.  I noticed that my web-app code, web's IframeAction, that it uses the SiteService's cover.  I went into the SiteService api class and added a similar method (ie save2() and saveSiteInfo2()) and then added those methods into the SiteService cover class.  I also added the methods to the BaseSiteService class which implements the SiteService class.  In this implementation I removed the lock.
>> I compiled the Kernel webapp (and the Kernel-deploy webapp) and they compiled correctly.  However, when I tried using these new methods in the web app and ran "mvn install" I received an error that it could not find my new class. If I modify a method it picks it up, but not if I add one.
>> I have even gone into the .m2 maven repository and deleted kernel and kernel-deploy and went again ran mvn install, and received the same error (on web).
>>  
>> Am I missing something, or is there another step that I need to take? 
>>  
>> Thank you for your time and expertise,
>> Shlomo
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>> 
>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120511/dc2f9ce8/attachment.html

More information about the sakai-dev mailing list