[Building Sakai] Use of GradebookService as a web service

David Horwitz david.horwitz at uct.ac.za
Wed May 30 05:35:57 PDT 2012 

Hi Steve,

Have you jira'ed this?

D

On 05/30/2012 02:08 PM, Steve Swinsburg wrote:
> I think that error message is a red herring. Its not the correct 
> reason anyway.
>
> In this:
> http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1575
>
> There are two places where that is thrown:
>   *if*  (!authz.isUserAbleToGrade(gradebook.getUid())) {
> 1554  <http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1554>  				*throw*  *new*  SecurityException("User"  + authn.getUserUid() +
> 1555  <http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1555>  						" attempted to access grade information without permission in gb"  +
> 1556  <http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1556>  						gradebook.getUid() +" using gradebookService.getGradesForStudentsForItem");
> 1557  <http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1557>  			}
> which is above this section:
>
> *if*  (!studentIdEnrRecMap.containsKey(studentId)) {
> 1576  <http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1576>  						*throw*  *new*  SecurityException("User"  + authn.getUserUid() +
> 1577  <http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1577>  						" attempted to access grade information for student"  + studentId +
> 1578  <http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1578>  						" without permission in gb"  + gradebook.getUid() +
> 1579  <http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1579>  						" using gradebookService.getGradesForStudentsForItem");
> 1580  <http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1580>  					}
> The first is correct since it is checking the permissions, the second 
> is actually just checking if an enrolment record exists in a map, but 
> the error is the same.
>
> The cause of this being empty is probably here:
>
> 1560  <http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1560>  			Map enrRecFunctionMap = authz.findMatchingEnrollmentsForItem(gradebook.getUid(), categoryId, gradebook.getCategory_type(),*null*,*null*);
> And in checking through that it ends up at:
>
> AuthzSakai2Impl.findMatchingEnrollmentsForItemOrCourseGrade
>
> which again does permission checks, so take a look through there and 
> check you have all of the permissions set.
>
> Can you perhaps post the grade book related permissions for this role 
> and we can compare them with a standard set?
>
>
> cheers,
> Steve
>
>
> On 30/05/2012, at 8:00 PM, Shoji Kajita wrote:
>
>> Hi Steve,
>>
>> Thank you for your detailed analysis.
>>
>> After setting the proper role (gradebook.gradeAll) as you suggested, I
>> have faced another similar exception:
>>
>> java.lang.SecurityException : User 
>> d14275f2-bd9b-4b9d-99e1-91869bfc1fc1 attempted to access grade 
>> information for student student0162 without permission in gb 
>> 0279a90b-61ab-4b58-86ce-70e4ef937906 using 
>> gradebookService.getGradesForStudentsForItem
>>
>> As far as I digged by remote debugging using eclipse, the above
>> exception is caused because studentIdEnrRecMap() is null at
>>
>> http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1575
>>
>> and this null is caused because enrRecFunctionMap() is also null at
>>
>> http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1560
>>
>> ... I need to trace more but do you have any suggestions at this moment?
>>
>> Shoji
>>
>> At Wed, 23 May 2012 08:06:37 +1000,
>> Steve Swinsburg wrote:
>>>
>>> It works via the permission I sent earlier. So tick that in the role 
>>> for the realm and you should be set.
>>>
>>> I'm not near a computer but it would be good to verify the 
>>> permissions for grade book in the default project site realm roles. 
>>> I use the grade book in project sites.
>>>
>>> Cheers
>>> Steve
>>>
>>> Sent from my iPhone
>>>
>>> On 23/05/2012, at 0:59, Shoji Kajita <kajita at nagoya-u.jp> wrote:
>>>
>>>> Hi there,
>>>>
>>>> Thank you for your suggestions.
>>>>
>>>> I think that Aaron is getting the point, i.e., the worksite I'm using
>>>> is a project site, not a course site.
>>>>
>>>> So, I think that isUserAbleToGrade should be true even if in Maintain
>>>> Role to reduce this kind of confusion.
>>>>
>>>> Shoji at Kyoto (not Nagoya)
>>>>
>>>> At Mon, 21 May 2012 10:50:43 -0400,
>>>> Aaron Zeckoski wrote:
>>>>>
>>>>> Yeah, that should probably check a permission like site.upd or
>>>>> section.role.instructor or something to that effect. Checking the role
>>>>> directly is definitely not the way to go.
>>>>>
>>>>> -AZ
>>>>>
>>>>>
>>>>> On Mon, May 21, 2012 at 10:42 AM, David Horwitz 
>>>>> <david.horwitz at uct.ac.za> wrote:
>>>>>> Also assuming that Role.INSTRUCTOR is "Instructor" this fails on 
>>>>>> systems
>>>>>> that use other role names (for localisation or i18n)
>>>>>>
>>>>>> D
>>>>>>
>>>>>>
>>>>>> On 05/21/2012 04:32 PM, Matthew Jones wrote:
>>>>>>
>>>>>> Hmm,
>>>>>>
>>>>>> It's possible that could be a bug, try it in a course site with an
>>>>>> instructor.
>>>>>>
>>>>>> It looks like the call for isUserAbleToGrade checks specific 
>>>>>> INSTRUCTOR and
>>>>>> QA roles, so might not work in a project site. It should probably 
>>>>>> check
>>>>>> against the specific maintain role defined on the site as well.
>>>>>>
>>>>>>  public boolean isUserAbleToGrade(String gradebookUid, String 
>>>>>> userUid) {
>>>>>>      return (getSectionAwareness().isSiteMemberInRole(gradebookUid,
>>>>>> userUid, Role.INSTRUCTOR) ||
>>>>>> getSectionAwareness().isSiteMemberInRole(gradebookUid, userUid, 
>>>>>> Role.TA));
>>>>>>    }
>>>>>>
>>>>>> Otherwise verify that in that realm that user has all permissions 
>>>>>> to grade.
>>>>>> This looks suspicious though.
>>>>>>
>>>>>> On Mon, May 21, 2012 at 7:16 AM, Shoji Kajita 
>>>>>> <kajita at nagoya-u.jp> wrote:
>>>>>>>
>>>>>>> Hi Chuck and Matthew,
>>>>>>>
>>>>>>> Thank you for your advices.
>>>>>>>
>>>>>>> I'm now taking a look on these pointers and getting close to
>>>>>>> work. However, I'm still getting the following exception:
>>>>>>>
>>>>>>> java.lang.SecurityException : User shoji attempted to access grade
>>>>>>> information for student kajita without permission in gb
>>>>>>> 8e328a23-c343-40cc-bcb0-547553b9cd46 using
>>>>>>> gradebookService.getGradesForStudentsForItem
>>>>>>>
>>>>>>> As far as I see, "shoji" has the permission to grade because he 
>>>>>>> has the
>>>>>>> maintain role.
>>>>>>>
>>>>>>> Any thoughts?
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Shoji
>>>>>>>
>>>>>>> At Sun, 20 May 2012 12:59:33 -0400,
>>>>>>> Charles Severance wrote:
>>>>>>>>
>>>>>>>> [1 <text/plain; us-ascii (quoted-printable)>]
>>>>>>>> Shoji,
>>>>>>>>
>>>>>>>> If you look here
>>>>>>>>
>>>>>>>>
>>>>>>>> https://source.sakaiproject.org/svn//basiclti/trunk/basiclti-blis/src/java/org/sakaiproject/blti/ServiceServlet.java
>>>>>>>>
>>>>>>>> You will find some simple calls to the gradebook service to set 
>>>>>>>> grades.
>>>>>>>>
>>>>>>>> Here
>>>>>>>>
>>>>>>>>
>>>>>>>> https://source.sakaiproject.org/svn//basiclti/trunk/basiclti-portlet/src/java/org/sakaiproject/portlets/IMSBLTIPortlet.java
>>>>>>>>
>>>>>>>> It makes gradebook items.
>>>>>>>>
>>>>>>>> I borrowed the code from the Assignments tool/
>>>>>>>>
>>>>>>>> /Chuck
>>>>>>>>
>>>>>>>
>>>>>>> At Sat, 19 May 2012 23:50:30 -0400,
>>>>>>> Matthew Jones wrote:
>>>>>>>>
>>>>>>>> Hi Shoji!
>>>>>>>>
>>>>>>>> This probably just looks like a confusing special case. You 
>>>>>>>> have to use
>>>>>>>> component manager to get the beans from the spring components, 
>>>>>>>> then cast
>>>>>>>> it
>>>>>>>> to the interfaces (apis) that are in shared.
>>>>>>>>
>>>>>>>> For gradebook, they're probably just named differently, for 
>>>>>>>> whatever
>>>>>>>> reason.
>>>>>>>>
>>>>>>>> Look at this webservice for some example gradebook code for getting
>>>>>>>> gradebooks and grades. Hopefully you can use this for whatever 
>>>>>>>> you need.
>>>>>>>>
>>>>>>>> https://source.sakaiproject.org/svn/msub/longsight.com/webservices/webservices-1.0.x/axis/src/webapp/WSLongsight.jws
>>>>>>>>
>>>>>>>>
>>>>>>>> And I think this one on confluence still works too?
>>>>>>>>
>>>>>>>> https://confluence.sakaiproject.org/display/~steve.swinsburg/Additional+web+services+for+Sakai#AdditionalwebservicesforSakai-SakaiGradebook
>>>>>>>>
>>>>>>>> -Matthew
>>>>>>>>
>>>>>>>> On Sat, May 19, 2012 at 10:13 PM, Shoji Kajita <kajita at nagoya-u.jp>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Dear Sakai Developers,
>>>>>>>>>
>>>>>>>>> I'm trying to develop a new web service for getting 
>>>>>>>>> information from
>>>>>>>>> Gradebook, but I have been struggling from using GradebookService.
>>>>>>>>>
>>>>>>>>> For example, I can call
>>>>>>>>>
>>>>>>>>> gradebookService.isGradebookDefined
>>>>>>>>>
>>>>>>>>> successfully when I use
>>>>>>>>>
>>>>>>>>> gradebookService = (GradebookService)
>>>>>>>>>
>>>>>>>>> ComponentManager.get("org.sakaiproject.service.gradebook.GradebookService");
>>>>>>>>>
>>>>>>>>> as seen in the following simple code. But, it is failed when I use
>>>>>>>>>
>>>>>>>>> gradebookService = (GradebookService)
>>>>>>>>>
>>>>>>>>> ComponentManager.get("org.sakaiproject.service.gradebook.shared.GradebookService");
>>>>>>>>>
>>>>>>>>> in line 31. I'm probably misunderstanding something.
>>>>>>>>>
>>>>>>>>> I really appreciate if someone gives me any pointer to address 
>>>>>>>>> this.
>>>>>>>>>
>>>>>>>>> Best regards,
>>>>>>>>> Shoji Kajita
>>>>>>>>> Kyoto University
>>>>>>>>> ----
>>>>>>>>> 01: import org.apache.axis.AxisFault;
>>>>>>>>> 02: import org.apache.commons.logging.Log;
>>>>>>>>> 03: import org.apache.commons.logging.LogFactory;
>>>>>>>>> 04: import 
>>>>>>>>> org.sakaiproject.service.gradebook.shared.GradebookService;
>>>>>>>>> 05: import org.sakaiproject.tool.api.Session;
>>>>>>>>> 06: import org.sakaiproject.tool.api.SessionManager;
>>>>>>>>> 07: import org.sakaiproject.component.cover.ComponentManager;
>>>>>>>>> 08:
>>>>>>>>> 09: public class CourseGradebook {
>>>>>>>>> 10:
>>>>>>>>> 11:     private GradebookService gradebookService;
>>>>>>>>> 12:     private SessionManager sessionManager;
>>>>>>>>> 13:
>>>>>>>>> 14:     private static Log LOG =
>>>>>>>>> LogFactory.getLog(CourseGradebook.class);
>>>>>>>>> 15:
>>>>>>>>> 16:     private Session establishSession(String sessionId) throws
>>>>>>>>> AxisFault
>>>>>>>>> 17:     {
>>>>>>>>> 18:             Session s = sessionManager.getSession(sessionId);
>>>>>>>>> 19:
>>>>>>>>> 20:             if (s == null)
>>>>>>>>> 21:             {
>>>>>>>>> 22:                     throw new AxisFault("Session 
>>>>>>>>> \""+sessionId+"\"
>>>>>>>>> is
>>>>>>>>> not active");
>>>>>>>>> 23:             }
>>>>>>>>> 24:             s.setActive();
>>>>>>>>> 25:             sessionManager.setCurrentSession(s);
>>>>>>>>> 26:             return s;
>>>>>>>>> 27:     }
>>>>>>>>> 28:
>>>>>>>>> 29:     public CourseGradebook() {
>>>>>>>>> 30:     //      gradebookService = (GradebookService)
>>>>>>>>> ComponentManager.get(GradebookService.class.getName());
>>>>>>>>> 31:             gradebookService = (GradebookService)
>>>>>>>>>
>>>>>>>>> ComponentManager.get("org.sakaiproject.service.gradebook.shared.GradebookService");
>>>>>>>>> 32:     //      gradebookService = (GradebookService)
>>>>>>>>>
>>>>>>>>> ComponentManager.get("org.sakaiproject.service.gradebook.GradebookService");
>>>>>>>>> 33:             sessionManager = (SessionManager)
>>>>>>>>> ComponentManager.get(SessionManager.class.getName());
>>>>>>>>> 34:     }
>>>>>>>>> 35:
>>>>>>>>> 36:     public String getCompletedDate(String sessionId, String
>>>>>>>>> siteId)
>>>>>>>>> throws AxisFault {
>>>>>>>>> 37:
>>>>>>>>> 38:             Session session = establishSession(sessionId);
>>>>>>>>> 39:
>>>>>>>>> 40:         String gbID = siteId;
>>>>>>>>> 41:         if (!gradebookService.isGradebookDefined(gbID)) {
>>>>>>>>> 42:             System.out.println("Debug: Not found.");
>>>>>>>>> 43:             return "No gradebook found for this site.";
>>>>>>>>> 44:         }
>>>>>>>>> 45:         return "Gradebook found for this site.";
>>>>>>>>> 46:     }
>>>>>>>>> 47:
>>>>>>>>> 48: }
>>>>>>>>> -----
>>>>>>>>> _______________________________________________
>>>>>>>>> sakai-dev mailing list
>>>>>>>>> sakai-dev at collab.sakaiproject.org
>>>>>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>>>>>>
>>>>>>>>> TO UNSUBSCRIBE: send email to
>>>>>>>>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>>>>>>>>> "unsubscribe"
>>>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> sakai-dev mailing list
>>>>>> sakai-dev at collab.sakaiproject.org
>>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>>>
>>>>>> TO UNSUBSCRIBE: send email to 
>>>>>> sakai-dev-unsubscribe at collab.sakaiproject.org
>>>>>> with a subject of "unsubscribe"
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> sakai-dev mailing list
>>>>>> sakai-dev at collab.sakaiproject.org
>>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>>>
>>>>>> TO UNSUBSCRIBE: send email to 
>>>>>> sakai-dev-unsubscribe at collab.sakaiproject.org
>>>>>> with a subject of "unsubscribe"
>>>>>
>>>>>
>>>>>
>>>>> -- 
>>>>> Aaron Zeckoski - Software Architect - http://tinyurl.com/azprofile
>>>>> _______________________________________________
>>>>> sakai-dev mailing list
>>>>> sakai-dev at collab.sakaiproject.org
>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>>
>>>>> TO UNSUBSCRIBE: send email to 
>>>>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of 
>>>>> "unsubscribe"
>>>> _______________________________________________
>>>> sakai-dev mailing list
>>>> sakai-dev at collab.sakaiproject.org
>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>
>>>> TO UNSUBSCRIBE: send email to 
>>>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of 
>>>> "unsubscribe"
>
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120530/9bd9cbb0/attachment.html

More information about the sakai-dev mailing list