[Building Sakai] Use of GradebookService as a web service
Steve Swinsburg
steve.swinsburg at gmail.com
Wed May 30 05:08:16 PDT 2012
I think that error message is a red herring. Its not the correct reason anyway.
In this:
http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1575
There are two places where that is thrown:
if (!authz.isUserAbleToGrade(gradebook.getUid())) {
1554 throw new SecurityException("User " + authn.getUserUid() +
1555 " attempted to access grade information without permission in gb " +
1556 gradebook.getUid() + " using gradebookService.getGradesForStudentsForItem");
1557 }
which is above this section:
if (!studentIdEnrRecMap.containsKey(studentId)) {
1576 throw new SecurityException("User " + authn.getUserUid() +
1577 " attempted to access grade information for student " + studentId +
1578 " without permission in gb " + gradebook.getUid() +
1579 " using gradebookService.getGradesForStudentsForItem");
1580 }
The first is correct since it is checking the permissions, the second is actually just checking if an enrolment record exists in a map, but the error is the same.
The cause of this being empty is probably here:
1560 Map enrRecFunctionMap = authz.findMatchingEnrollmentsForItem(gradebook.getUid(), categoryId, gradebook.getCategory_type(), null, null);
And in checking through that it ends up at:
AuthzSakai2Impl.findMatchingEnrollmentsForItemOrCourseGrade
which again does permission checks, so take a look through there and check you have all of the permissions set.
Can you perhaps post the grade book related permissions for this role and we can compare them with a standard set?
cheers,
Steve
On 30/05/2012, at 8:00 PM, Shoji Kajita wrote:
> Hi Steve,
>
> Thank you for your detailed analysis.
>
> After setting the proper role (gradebook.gradeAll) as you suggested, I
> have faced another similar exception:
>
> java.lang.SecurityException : User d14275f2-bd9b-4b9d-99e1-91869bfc1fc1 attempted to access grade information for student student0162 without permission in gb 0279a90b-61ab-4b58-86ce-70e4ef937906 using gradebookService.getGradesForStudentsForItem
>
> As far as I digged by remote debugging using eclipse, the above
> exception is caused because studentIdEnrRecMap() is null at
>
> http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1575
>
> and this null is caused because enrRecFunctionMap() is also null at
>
> http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1560
>
> ... I need to trace more but do you have any suggestions at this moment?
>
> Shoji
>
> At Wed, 23 May 2012 08:06:37 +1000,
> Steve Swinsburg wrote:
>>
>> It works via the permission I sent earlier. So tick that in the role for the realm and you should be set.
>>
>> I'm not near a computer but it would be good to verify the permissions for grade book in the default project site realm roles. I use the grade book in project sites.
>>
>> Cheers
>> Steve
>>
>> Sent from my iPhone
>>
>> On 23/05/2012, at 0:59, Shoji Kajita <kajita at nagoya-u.jp> wrote:
>>
>>> Hi there,
>>>
>>> Thank you for your suggestions.
>>>
>>> I think that Aaron is getting the point, i.e., the worksite I'm using
>>> is a project site, not a course site.
>>>
>>> So, I think that isUserAbleToGrade should be true even if in Maintain
>>> Role to reduce this kind of confusion.
>>>
>>> Shoji at Kyoto (not Nagoya)
>>>
>>> At Mon, 21 May 2012 10:50:43 -0400,
>>> Aaron Zeckoski wrote:
>>>>
>>>> Yeah, that should probably check a permission like site.upd or
>>>> section.role.instructor or something to that effect. Checking the role
>>>> directly is definitely not the way to go.
>>>>
>>>> -AZ
>>>>
>>>>
>>>> On Mon, May 21, 2012 at 10:42 AM, David Horwitz <david.horwitz at uct.ac.za> wrote:
>>>>> Also assuming that Role.INSTRUCTOR is "Instructor" this fails on systems
>>>>> that use other role names (for localisation or i18n)
>>>>>
>>>>> D
>>>>>
>>>>>
>>>>> On 05/21/2012 04:32 PM, Matthew Jones wrote:
>>>>>
>>>>> Hmm,
>>>>>
>>>>> It's possible that could be a bug, try it in a course site with an
>>>>> instructor.
>>>>>
>>>>> It looks like the call for isUserAbleToGrade checks specific INSTRUCTOR and
>>>>> QA roles, so might not work in a project site. It should probably check
>>>>> against the specific maintain role defined on the site as well.
>>>>>
>>>>> public boolean isUserAbleToGrade(String gradebookUid, String userUid) {
>>>>> return (getSectionAwareness().isSiteMemberInRole(gradebookUid,
>>>>> userUid, Role.INSTRUCTOR) ||
>>>>> getSectionAwareness().isSiteMemberInRole(gradebookUid, userUid, Role.TA));
>>>>> }
>>>>>
>>>>> Otherwise verify that in that realm that user has all permissions to grade.
>>>>> This looks suspicious though.
>>>>>
>>>>> On Mon, May 21, 2012 at 7:16 AM, Shoji Kajita <kajita at nagoya-u.jp> wrote:
>>>>>>
>>>>>> Hi Chuck and Matthew,
>>>>>>
>>>>>> Thank you for your advices.
>>>>>>
>>>>>> I'm now taking a look on these pointers and getting close to
>>>>>> work. However, I'm still getting the following exception:
>>>>>>
>>>>>> java.lang.SecurityException : User shoji attempted to access grade
>>>>>> information for student kajita without permission in gb
>>>>>> 8e328a23-c343-40cc-bcb0-547553b9cd46 using
>>>>>> gradebookService.getGradesForStudentsForItem
>>>>>>
>>>>>> As far as I see, "shoji" has the permission to grade because he has the
>>>>>> maintain role.
>>>>>>
>>>>>> Any thoughts?
>>>>>>
>>>>>> Best regards,
>>>>>> Shoji
>>>>>>
>>>>>> At Sun, 20 May 2012 12:59:33 -0400,
>>>>>> Charles Severance wrote:
>>>>>>>
>>>>>>> [1 <text/plain; us-ascii (quoted-printable)>]
>>>>>>> Shoji,
>>>>>>>
>>>>>>> If you look here
>>>>>>>
>>>>>>>
>>>>>>> https://source.sakaiproject.org/svn//basiclti/trunk/basiclti-blis/src/java/org/sakaiproject/blti/ServiceServlet.java
>>>>>>>
>>>>>>> You will find some simple calls to the gradebook service to set grades.
>>>>>>>
>>>>>>> Here
>>>>>>>
>>>>>>>
>>>>>>> https://source.sakaiproject.org/svn//basiclti/trunk/basiclti-portlet/src/java/org/sakaiproject/portlets/IMSBLTIPortlet.java
>>>>>>>
>>>>>>> It makes gradebook items.
>>>>>>>
>>>>>>> I borrowed the code from the Assignments tool/
>>>>>>>
>>>>>>> /Chuck
>>>>>>>
>>>>>>
>>>>>> At Sat, 19 May 2012 23:50:30 -0400,
>>>>>> Matthew Jones wrote:
>>>>>>>
>>>>>>> Hi Shoji!
>>>>>>>
>>>>>>> This probably just looks like a confusing special case. You have to use
>>>>>>> component manager to get the beans from the spring components, then cast
>>>>>>> it
>>>>>>> to the interfaces (apis) that are in shared.
>>>>>>>
>>>>>>> For gradebook, they're probably just named differently, for whatever
>>>>>>> reason.
>>>>>>>
>>>>>>> Look at this webservice for some example gradebook code for getting
>>>>>>> gradebooks and grades. Hopefully you can use this for whatever you need.
>>>>>>>
>>>>>>> https://source.sakaiproject.org/svn/msub/longsight.com/webservices/webservices-1.0.x/axis/src/webapp/WSLongsight.jws
>>>>>>>
>>>>>>>
>>>>>>> And I think this one on confluence still works too?
>>>>>>>
>>>>>>> https://confluence.sakaiproject.org/display/~steve.swinsburg/Additional+web+services+for+Sakai#AdditionalwebservicesforSakai-SakaiGradebook
>>>>>>>
>>>>>>> -Matthew
>>>>>>>
>>>>>>> On Sat, May 19, 2012 at 10:13 PM, Shoji Kajita <kajita at nagoya-u.jp>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Dear Sakai Developers,
>>>>>>>>
>>>>>>>> I'm trying to develop a new web service for getting information from
>>>>>>>> Gradebook, but I have been struggling from using GradebookService.
>>>>>>>>
>>>>>>>> For example, I can call
>>>>>>>>
>>>>>>>> gradebookService.isGradebookDefined
>>>>>>>>
>>>>>>>> successfully when I use
>>>>>>>>
>>>>>>>> gradebookService = (GradebookService)
>>>>>>>>
>>>>>>>> ComponentManager.get("org.sakaiproject.service.gradebook.GradebookService");
>>>>>>>>
>>>>>>>> as seen in the following simple code. But, it is failed when I use
>>>>>>>>
>>>>>>>> gradebookService = (GradebookService)
>>>>>>>>
>>>>>>>> ComponentManager.get("org.sakaiproject.service.gradebook.shared.GradebookService");
>>>>>>>>
>>>>>>>> in line 31. I'm probably misunderstanding something.
>>>>>>>>
>>>>>>>> I really appreciate if someone gives me any pointer to address this.
>>>>>>>>
>>>>>>>> Best regards,
>>>>>>>> Shoji Kajita
>>>>>>>> Kyoto University
>>>>>>>> ----
>>>>>>>> 01: import org.apache.axis.AxisFault;
>>>>>>>> 02: import org.apache.commons.logging.Log;
>>>>>>>> 03: import org.apache.commons.logging.LogFactory;
>>>>>>>> 04: import org.sakaiproject.service.gradebook.shared.GradebookService;
>>>>>>>> 05: import org.sakaiproject.tool.api.Session;
>>>>>>>> 06: import org.sakaiproject.tool.api.SessionManager;
>>>>>>>> 07: import org.sakaiproject.component.cover.ComponentManager;
>>>>>>>> 08:
>>>>>>>> 09: public class CourseGradebook {
>>>>>>>> 10:
>>>>>>>> 11: private GradebookService gradebookService;
>>>>>>>> 12: private SessionManager sessionManager;
>>>>>>>> 13:
>>>>>>>> 14: private static Log LOG =
>>>>>>>> LogFactory.getLog(CourseGradebook.class);
>>>>>>>> 15:
>>>>>>>> 16: private Session establishSession(String sessionId) throws
>>>>>>>> AxisFault
>>>>>>>> 17: {
>>>>>>>> 18: Session s = sessionManager.getSession(sessionId);
>>>>>>>> 19:
>>>>>>>> 20: if (s == null)
>>>>>>>> 21: {
>>>>>>>> 22: throw new AxisFault("Session \""+sessionId+"\"
>>>>>>>> is
>>>>>>>> not active");
>>>>>>>> 23: }
>>>>>>>> 24: s.setActive();
>>>>>>>> 25: sessionManager.setCurrentSession(s);
>>>>>>>> 26: return s;
>>>>>>>> 27: }
>>>>>>>> 28:
>>>>>>>> 29: public CourseGradebook() {
>>>>>>>> 30: // gradebookService = (GradebookService)
>>>>>>>> ComponentManager.get(GradebookService.class.getName());
>>>>>>>> 31: gradebookService = (GradebookService)
>>>>>>>>
>>>>>>>> ComponentManager.get("org.sakaiproject.service.gradebook.shared.GradebookService");
>>>>>>>> 32: // gradebookService = (GradebookService)
>>>>>>>>
>>>>>>>> ComponentManager.get("org.sakaiproject.service.gradebook.GradebookService");
>>>>>>>> 33: sessionManager = (SessionManager)
>>>>>>>> ComponentManager.get(SessionManager.class.getName());
>>>>>>>> 34: }
>>>>>>>> 35:
>>>>>>>> 36: public String getCompletedDate(String sessionId, String
>>>>>>>> siteId)
>>>>>>>> throws AxisFault {
>>>>>>>> 37:
>>>>>>>> 38: Session session = establishSession(sessionId);
>>>>>>>> 39:
>>>>>>>> 40: String gbID = siteId;
>>>>>>>> 41: if (!gradebookService.isGradebookDefined(gbID)) {
>>>>>>>> 42: System.out.println("Debug: Not found.");
>>>>>>>> 43: return "No gradebook found for this site.";
>>>>>>>> 44: }
>>>>>>>> 45: return "Gradebook found for this site.";
>>>>>>>> 46: }
>>>>>>>> 47:
>>>>>>>> 48: }
>>>>>>>> -----
>>>>>>>> _______________________________________________
>>>>>>>> sakai-dev mailing list
>>>>>>>> sakai-dev at collab.sakaiproject.org
>>>>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>>>>>
>>>>>>>> TO UNSUBSCRIBE: send email to
>>>>>>>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>>>>>>>> "unsubscribe"
>>>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> sakai-dev mailing list
>>>>> sakai-dev at collab.sakaiproject.org
>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>>
>>>>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org
>>>>> with a subject of "unsubscribe"
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> sakai-dev mailing list
>>>>> sakai-dev at collab.sakaiproject.org
>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>>
>>>>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org
>>>>> with a subject of "unsubscribe"
>>>>
>>>>
>>>>
>>>> --
>>>> Aaron Zeckoski - Software Architect - http://tinyurl.com/azprofile
>>>> _______________________________________________
>>>> sakai-dev mailing list
>>>> sakai-dev at collab.sakaiproject.org
>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>
>>>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
>>> _______________________________________________
>>> sakai-dev mailing list
>>> sakai-dev at collab.sakaiproject.org
>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>
>>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120530/b17b97c5/attachment.html
More information about the sakai-dev
mailing list