[Building Sakai] Use of GradebookService as a web service
Steve Swinsburg
steve.swinsburg at gmail.com
Wed May 30 05:40:52 PDT 2012
Not yet, was going to see how it played out, it was just from a high level read of the code. But it probably needs a Jira to make the error message more correct.
On 30/05/2012, at 10:35 PM, David Horwitz wrote:
> Hi Steve,
>
> Have you jira'ed this?
>
> D
>
> On 05/30/2012 02:08 PM, Steve Swinsburg wrote:
>>
>> I think that error message is a red herring. Its not the correct reason anyway.
>>
>> In this:
>> http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1575
>>
>> There are two places where that is thrown:
>> if (!authz.isUserAbleToGrade(gradebook.getUid())) {
>> 1554 throw new SecurityException("User " + authn.getUserUid() +
>> 1555 " attempted to access grade information without permission in gb " +
>> 1556 gradebook.getUid() + " using gradebookService.getGradesForStudentsForItem");
>> 1557 }
>> which is above this section:
>>
>> if (!studentIdEnrRecMap.containsKey(studentId)) {
>> 1576 throw new SecurityException("User " + authn.getUserUid() +
>> 1577 " attempted to access grade information for student " + studentId +
>> 1578 " without permission in gb " + gradebook.getUid() +
>> 1579 " using gradebookService.getGradesForStudentsForItem");
>> 1580 }
>> The first is correct since it is checking the permissions, the second is actually just checking if an enrolment record exists in a map, but the error is the same.
>>
>> The cause of this being empty is probably here:
>>
>> 1560 Map enrRecFunctionMap = authz.findMatchingEnrollmentsForItem(gradebook.getUid(), categoryId, gradebook.getCategory_type(), null, null);
>> And in checking through that it ends up at:
>>
>> AuthzSakai2Impl.findMatchingEnrollmentsForItemOrCourseGrade
>>
>> which again does permission checks, so take a look through there and check you have all of the permissions set.
>>
>> Can you perhaps post the grade book related permissions for this role and we can compare them with a standard set?
>>
>>
>> cheers,
>> Steve
>>
>>
>> On 30/05/2012, at 8:00 PM, Shoji Kajita wrote:
>>
>>> Hi Steve,
>>>
>>> Thank you for your detailed analysis.
>>>
>>> After setting the proper role (gradebook.gradeAll) as you suggested, I
>>> have faced another similar exception:
>>>
>>> java.lang.SecurityException : User d14275f2-bd9b-4b9d-99e1-91869bfc1fc1 attempted to access grade information for student student0162 without permission in gb 0279a90b-61ab-4b58-86ce-70e4ef937906 using gradebookService.getGradesForStudentsForItem
>>>
>>> As far as I digged by remote debugging using eclipse, the above
>>> exception is caused because studentIdEnrRecMap() is null at
>>>
>>> http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1575
>>>
>>> and this null is caused because enrRecFunctionMap() is also null at
>>>
>>> http://source.sakaiproject.org/release/edu-services/1.1.5/xref/org/sakaiproject/component/gradebook/GradebookServiceHibernateImpl.html#1560
>>>
>>> ... I need to trace more but do you have any suggestions at this moment?
>>>
>>> Shoji
>>>
>>> At Wed, 23 May 2012 08:06:37 +1000,
>>> Steve Swinsburg wrote:
>>>>
>>>> It works via the permission I sent earlier. So tick that in the role for the realm and you should be set.
>>>>
>>>> I'm not near a computer but it would be good to verify the permissions for grade book in the default project site realm roles. I use the grade book in project sites.
>>>>
>>>> Cheers
>>>> Steve
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On 23/05/2012, at 0:59, Shoji Kajita <kajita at nagoya-u.jp> wrote:
>>>>
>>>>> Hi there,
>>>>>
>>>>> Thank you for your suggestions.
>>>>>
>>>>> I think that Aaron is getting the point, i.e., the worksite I'm using
>>>>> is a project site, not a course site.
>>>>>
>>>>> So, I think that isUserAbleToGrade should be true even if in Maintain
>>>>> Role to reduce this kind of confusion.
>>>>>
>>>>> Shoji at Kyoto (not Nagoya)
>>>>>
>>>>> At Mon, 21 May 2012 10:50:43 -0400,
>>>>> Aaron Zeckoski wrote:
>>>>>>
>>>>>> Yeah, that should probably check a permission like site.upd or
>>>>>> section.role.instructor or something to that effect. Checking the role
>>>>>> directly is definitely not the way to go.
>>>>>>
>>>>>> -AZ
>>>>>>
>>>>>>
>>>>>> On Mon, May 21, 2012 at 10:42 AM, David Horwitz <david.horwitz at uct.ac.za> wrote:
>>>>>>> Also assuming that Role.INSTRUCTOR is "Instructor" this fails on systems
>>>>>>> that use other role names (for localisation or i18n)
>>>>>>>
>>>>>>> D
>>>>>>>
>>>>>>>
>>>>>>> On 05/21/2012 04:32 PM, Matthew Jones wrote:
>>>>>>>
>>>>>>> Hmm,
>>>>>>>
>>>>>>> It's possible that could be a bug, try it in a course site with an
>>>>>>> instructor.
>>>>>>>
>>>>>>> It looks like the call for isUserAbleToGrade checks specific INSTRUCTOR and
>>>>>>> QA roles, so might not work in a project site. It should probably check
>>>>>>> against the specific maintain role defined on the site as well.
>>>>>>>
>>>>>>> public boolean isUserAbleToGrade(String gradebookUid, String userUid) {
>>>>>>> return (getSectionAwareness().isSiteMemberInRole(gradebookUid,
>>>>>>> userUid, Role.INSTRUCTOR) ||
>>>>>>> getSectionAwareness().isSiteMemberInRole(gradebookUid, userUid, Role.TA));
>>>>>>> }
>>>>>>>
>>>>>>> Otherwise verify that in that realm that user has all permissions to grade.
>>>>>>> This looks suspicious though.
>>>>>>>
>>>>>>> On Mon, May 21, 2012 at 7:16 AM, Shoji Kajita <kajita at nagoya-u.jp> wrote:
>>>>>>>>
>>>>>>>> Hi Chuck and Matthew,
>>>>>>>>
>>>>>>>> Thank you for your advices.
>>>>>>>>
>>>>>>>> I'm now taking a look on these pointers and getting close to
>>>>>>>> work. However, I'm still getting the following exception:
>>>>>>>>
>>>>>>>> java.lang.SecurityException : User shoji attempted to access grade
>>>>>>>> information for student kajita without permission in gb
>>>>>>>> 8e328a23-c343-40cc-bcb0-547553b9cd46 using
>>>>>>>> gradebookService.getGradesForStudentsForItem
>>>>>>>>
>>>>>>>> As far as I see, "shoji" has the permission to grade because he has the
>>>>>>>> maintain role.
>>>>>>>>
>>>>>>>> Any thoughts?
>>>>>>>>
>>>>>>>> Best regards,
>>>>>>>> Shoji
>>>>>>>>
>>>>>>>> At Sun, 20 May 2012 12:59:33 -0400,
>>>>>>>> Charles Severance wrote:
>>>>>>>>>
>>>>>>>>> [1 <text/plain; us-ascii (quoted-printable)>]
>>>>>>>>> Shoji,
>>>>>>>>>
>>>>>>>>> If you look here
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> https://source.sakaiproject.org/svn//basiclti/trunk/basiclti-blis/src/java/org/sakaiproject/blti/ServiceServlet.java
>>>>>>>>>
>>>>>>>>> You will find some simple calls to the gradebook service to set grades.
>>>>>>>>>
>>>>>>>>> Here
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> https://source.sakaiproject.org/svn//basiclti/trunk/basiclti-portlet/src/java/org/sakaiproject/portlets/IMSBLTIPortlet.java
>>>>>>>>>
>>>>>>>>> It makes gradebook items.
>>>>>>>>>
>>>>>>>>> I borrowed the code from the Assignments tool/
>>>>>>>>>
>>>>>>>>> /Chuck
>>>>>>>>>
>>>>>>>>
>>>>>>>> At Sat, 19 May 2012 23:50:30 -0400,
>>>>>>>> Matthew Jones wrote:
>>>>>>>>>
>>>>>>>>> Hi Shoji!
>>>>>>>>>
>>>>>>>>> This probably just looks like a confusing special case. You have to use
>>>>>>>>> component manager to get the beans from the spring components, then cast
>>>>>>>>> it
>>>>>>>>> to the interfaces (apis) that are in shared.
>>>>>>>>>
>>>>>>>>> For gradebook, they're probably just named differently, for whatever
>>>>>>>>> reason.
>>>>>>>>>
>>>>>>>>> Look at this webservice for some example gradebook code for getting
>>>>>>>>> gradebooks and grades. Hopefully you can use this for whatever you need.
>>>>>>>>>
>>>>>>>>> https://source.sakaiproject.org/svn/msub/longsight.com/webservices/webservices-1.0.x/axis/src/webapp/WSLongsight.jws
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> And I think this one on confluence still works too?
>>>>>>>>>
>>>>>>>>> https://confluence.sakaiproject.org/display/~steve.swinsburg/Additional+web+services+for+Sakai#AdditionalwebservicesforSakai-SakaiGradebook
>>>>>>>>>
>>>>>>>>> -Matthew
>>>>>>>>>
>>>>>>>>> On Sat, May 19, 2012 at 10:13 PM, Shoji Kajita <kajita at nagoya-u.jp>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Dear Sakai Developers,
>>>>>>>>>>
>>>>>>>>>> I'm trying to develop a new web service for getting information from
>>>>>>>>>> Gradebook, but I have been struggling from using GradebookService.
>>>>>>>>>>
>>>>>>>>>> For example, I can call
>>>>>>>>>>
>>>>>>>>>> gradebookService.isGradebookDefined
>>>>>>>>>>
>>>>>>>>>> successfully when I use
>>>>>>>>>>
>>>>>>>>>> gradebookService = (GradebookService)
>>>>>>>>>>
>>>>>>>>>> ComponentManager.get("org.sakaiproject.service.gradebook.GradebookService");
>>>>>>>>>>
>>>>>>>>>> as seen in the following simple code. But, it is failed when I use
>>>>>>>>>>
>>>>>>>>>> gradebookService = (GradebookService)
>>>>>>>>>>
>>>>>>>>>> ComponentManager.get("org.sakaiproject.service.gradebook.shared.GradebookService");
>>>>>>>>>>
>>>>>>>>>> in line 31. I'm probably misunderstanding something.
>>>>>>>>>>
>>>>>>>>>> I really appreciate if someone gives me any pointer to address this.
>>>>>>>>>>
>>>>>>>>>> Best regards,
>>>>>>>>>> Shoji Kajita
>>>>>>>>>> Kyoto University
>>>>>>>>>> ----
>>>>>>>>>> 01: import org.apache.axis.AxisFault;
>>>>>>>>>> 02: import org.apache.commons.logging.Log;
>>>>>>>>>> 03: import org.apache.commons.logging.LogFactory;
>>>>>>>>>> 04: import org.sakaiproject.service.gradebook.shared.GradebookService;
>>>>>>>>>> 05: import org.sakaiproject.tool.api.Session;
>>>>>>>>>> 06: import org.sakaiproject.tool.api.SessionManager;
>>>>>>>>>> 07: import org.sakaiproject.component.cover.ComponentManager;
>>>>>>>>>> 08:
>>>>>>>>>> 09: public class CourseGradebook {
>>>>>>>>>> 10:
>>>>>>>>>> 11: private GradebookService gradebookService;
>>>>>>>>>> 12: private SessionManager sessionManager;
>>>>>>>>>> 13:
>>>>>>>>>> 14: private static Log LOG =
>>>>>>>>>> LogFactory.getLog(CourseGradebook.class);
>>>>>>>>>> 15:
>>>>>>>>>> 16: private Session establishSession(String sessionId) throws
>>>>>>>>>> AxisFault
>>>>>>>>>> 17: {
>>>>>>>>>> 18: Session s = sessionManager.getSession(sessionId);
>>>>>>>>>> 19:
>>>>>>>>>> 20: if (s == null)
>>>>>>>>>> 21: {
>>>>>>>>>> 22: throw new AxisFault("Session \""+sessionId+"\"
>>>>>>>>>> is
>>>>>>>>>> not active");
>>>>>>>>>> 23: }
>>>>>>>>>> 24: s.setActive();
>>>>>>>>>> 25: sessionManager.setCurrentSession(s);
>>>>>>>>>> 26: return s;
>>>>>>>>>> 27: }
>>>>>>>>>> 28:
>>>>>>>>>> 29: public CourseGradebook() {
>>>>>>>>>> 30: // gradebookService = (GradebookService)
>>>>>>>>>> ComponentManager.get(GradebookService.class.getName());
>>>>>>>>>> 31: gradebookService = (GradebookService)
>>>>>>>>>>
>>>>>>>>>> ComponentManager.get("org.sakaiproject.service.gradebook.shared.GradebookService");
>>>>>>>>>> 32: // gradebookService = (GradebookService)
>>>>>>>>>>
>>>>>>>>>> ComponentManager.get("org.sakaiproject.service.gradebook.GradebookService");
>>>>>>>>>> 33: sessionManager = (SessionManager)
>>>>>>>>>> ComponentManager.get(SessionManager.class.getName());
>>>>>>>>>> 34: }
>>>>>>>>>> 35:
>>>>>>>>>> 36: public String getCompletedDate(String sessionId, String
>>>>>>>>>> siteId)
>>>>>>>>>> throws AxisFault {
>>>>>>>>>> 37:
>>>>>>>>>> 38: Session session = establishSession(sessionId);
>>>>>>>>>> 39:
>>>>>>>>>> 40: String gbID = siteId;
>>>>>>>>>> 41: if (!gradebookService.isGradebookDefined(gbID)) {
>>>>>>>>>> 42: System.out.println("Debug: Not found.");
>>>>>>>>>> 43: return "No gradebook found for this site.";
>>>>>>>>>> 44: }
>>>>>>>>>> 45: return "Gradebook found for this site.";
>>>>>>>>>> 46: }
>>>>>>>>>> 47:
>>>>>>>>>> 48: }
>>>>>>>>>> -----
>>>>>>>>>> _______________________________________________
>>>>>>>>>> sakai-dev mailing list
>>>>>>>>>> sakai-dev at collab.sakaiproject.org
>>>>>>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>>>>>>>
>>>>>>>>>> TO UNSUBSCRIBE: send email to
>>>>>>>>>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>>>>>>>>>> "unsubscribe"
>>>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> sakai-dev mailing list
>>>>>>> sakai-dev at collab.sakaiproject.org
>>>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>>>>
>>>>>>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org
>>>>>>> with a subject of "unsubscribe"
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> sakai-dev mailing list
>>>>>>> sakai-dev at collab.sakaiproject.org
>>>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>>>>
>>>>>>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org
>>>>>>> with a subject of "unsubscribe"
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Aaron Zeckoski - Software Architect - http://tinyurl.com/azprofile
>>>>>> _______________________________________________
>>>>>> sakai-dev mailing list
>>>>>> sakai-dev at collab.sakaiproject.org
>>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>>>
>>>>>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
>>>>> _______________________________________________
>>>>> sakai-dev mailing list
>>>>> sakai-dev at collab.sakaiproject.org
>>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>>
>>>>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
>>
>>
>>
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120530/444d7ef0/attachment.html
More information about the sakai-dev
mailing list