[Building Sakai] Setting a resource's permissions

Matthew Jones matthew at longsight.com
Wed Sep 5 07:31:55 PDT 2012 

Well the problem is for the certificate tool, the students need permission
to access the certificate templates because they need these templates to
generate their actual certificate. The tool or services needs to be able to
access the file in the context of the student to generate the filled in
template. The tool could potentially override this with a local
SecurityAdvisor but then you're getting into a lot more code and a
potential security problem.

The students won't ever see this internal URL though and won't be able to
browse the actual file names, so the chances of them guessing it should be
about the same as a brute force password attack.

On Wed, Sep 5, 2012 at 10:30 AM, Diego del Blanco Orobitg <
diego.delblanco at samoo.es> wrote:

> Hidden is the word, but really they don't have permissions to access in any
> way neither knowing the url, because they need the "View hidden resources"
> permission that is checked when accessing to a resource that is hidden.
>
> So finally all depends on the permissions security system. It's almost the
> same than change their read or write permission for that folder.
>
> Diego
>
>
> -----Mensaje original-----
> De: Brian Baillargeon [mailto:bbailla2 at uwo.ca]
> Enviado el: miércoles, 05 de septiembre de 2012 16:16
> Para: Diego del Blanco Orobitg
> CC: sakai-dev at collab.sakaiproject.org
> Asunto: Re: [Building Sakai] Setting a resource's permissions
>
> Yes, it seems this is the way to go. I'm a little concerned about security
> by obscurity, but I'll discuss it with my team
>
> On 12-09-05 07:24 AM, Diego del Blanco Orobitg wrote:
> > There is the hide option for any folder or file in resources.
> >
> > Maybe instead try  to change permissions, you can use "public void
> > setAvailability(boolean hidden, Time releaseDate, Time retractDate)"
> > from the ContentHostingService to edit a collection and hide a folder
> > to the users without the permission of "view hidden resources".
> > Students usually have this permission disabled by default and instructors
> have it enabled.
> >
> > Saludos!
> >
> >
> > Diego del Blanco Orobitg
> > Director de operaciones
> > diego.delblanco at samoo.es
> > Tlf Oficina: 673 80 32 69
> > Tlf Móvil: 653 683 489
> > www.samoo.es
> >
> > -----Mensaje original-----
> > De: sakai-dev-bounces at collab.sakaiproject.org
> > [mailto:sakai-dev-bounces at collab.sakaiproject.org] En nombre de Brian
> > Baillargeon Enviado el: martes, 04 de septiembre de 2012 20:33
> > Para: sakai-dev at collab.sakaiproject.org
> > Asunto: [Building Sakai] Setting a resource's permissions
> >
> > Hi all,
> >
> > I'm working on a fork of the certification tool. I want the tool to
> > save PDFs somewhere in the site's resources rather than
> root/certification/...
> > However, I don't want students to have any permissions to view/modify
> > the template PDFs, so I want to disable all of the resource
> > permissions (such as Create resources, Read resources...) on the
> > related directories for roles who don't have certificate.admin
> permissions.
> >
> > So for example, if we had
> > root/certification/templates/<siteId>/<certificateDefinitionId>/myPdf.
> > pdf In my implementation it should be somewhere like
> > <siteCollection>/certification/templates/<certificateDefinitionId>/myP
> > df.pdf and the <siteCollection>/certification/templates/ folder's
> > permissions would all be enabled for Instructor and disabled for
> > Student
> >
> > I've been poking around ContentHostingService, and I see ways to check
> > for permissions but nothing to set them. I also poked around in
> > AuthzGroupService, but didn't see how to use it with ContentResources.
> > Does anybody know a way to set permissions on a ContentCollection?
> >
> > Thanks,
> > Brian
> > _______________________________________________
> > sakai-dev mailing list
> > sakai-dev at collab.sakaiproject.org
> > http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> >
> > TO UNSUBSCRIBE: send email to
> > sakai-dev-unsubscribe at collab.sakaiproject.org
> > with a subject of "unsubscribe"
> >
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120905/3ecdcc79/attachment.html

More information about the sakai-dev mailing list