[Building Sakai] Setting a resource's permissions
Brian Baillargeon
bbailla2 at uwo.ca
Wed Sep 5 07:47:04 PDT 2012
So, just to clarify - is there a way for students to be denied access to
the pdf templates, while maintaining the ability to trigger the
certification tool to read the pdf for them? Also, something that's been
at the back of my mind is preventing students from seeing eachother's
awarded certificates. We may not need this latter functionality, but I
suspect we will.
On 12-09-05 10:31 AM, Matthew Jones wrote:
> Well the problem is for the certificate tool, the students need
> permission to access the certificate templates because they need these
> templates to generate their actual certificate. The tool or services
> needs to be able to access the file in the context of the student to
> generate the filled in template. The tool could potentially override
> this with a local SecurityAdvisor but then you're getting into a lot
> more code and a potential security problem.
>
> The students won't ever see this internal URL though and won't be able
> to browse the actual file names, so the chances of them guessing it
> should be about the same as a brute force password attack.
>
> On Wed, Sep 5, 2012 at 10:30 AM, Diego del Blanco Orobitg
> <diego.delblanco at samoo.es <mailto:diego.delblanco at samoo.es>> wrote:
>
> Hidden is the word, but really they don't have permissions to
> access in any
> way neither knowing the url, because they need the "View hidden
> resources"
> permission that is checked when accessing to a resource that is
> hidden.
>
> So finally all depends on the permissions security system. It's
> almost the
> same than change their read or write permission for that folder.
>
> Diego
>
>
> -----Mensaje original-----
> De: Brian Baillargeon [mailto:bbailla2 at uwo.ca
> <mailto:bbailla2 at uwo.ca>]
> Enviado el: miércoles, 05 de septiembre de 2012 16:16
> Para: Diego del Blanco Orobitg
> CC: sakai-dev at collab.sakaiproject.org
> <mailto:sakai-dev at collab.sakaiproject.org>
> Asunto: Re: [Building Sakai] Setting a resource's permissions
>
> Yes, it seems this is the way to go. I'm a little concerned about
> security
> by obscurity, but I'll discuss it with my team
>
> On 12-09-05 07:24 AM, Diego del Blanco Orobitg wrote:
> > There is the hide option for any folder or file in resources.
> >
> > Maybe instead try to change permissions, you can use "public void
> > setAvailability(boolean hidden, Time releaseDate, Time retractDate)"
> > from the ContentHostingService to edit a collection and hide a
> folder
> > to the users without the permission of "view hidden resources".
> > Students usually have this permission disabled by default and
> instructors
> have it enabled.
> >
> > Saludos!
> >
> >
> > Diego del Blanco Orobitg
> > Director de operaciones
> > diego.delblanco at samoo.es <mailto:diego.delblanco at samoo.es>
> > Tlf Oficina: 673 80 32 69
> > Tlf Móvil: 653 683 489
> > www.samoo.es <http://www.samoo.es>
> >
> > -----Mensaje original-----
> > De: sakai-dev-bounces at collab.sakaiproject.org
> <mailto:sakai-dev-bounces at collab.sakaiproject.org>
> > [mailto:sakai-dev-bounces at collab.sakaiproject.org
> <mailto:sakai-dev-bounces at collab.sakaiproject.org>] En nombre de Brian
> > Baillargeon Enviado el: martes, 04 de septiembre de 2012 20:33
> > Para: sakai-dev at collab.sakaiproject.org
> <mailto:sakai-dev at collab.sakaiproject.org>
> > Asunto: [Building Sakai] Setting a resource's permissions
> >
> > Hi all,
> >
> > I'm working on a fork of the certification tool. I want the tool to
> > save PDFs somewhere in the site's resources rather than
> root/certification/...
> > However, I don't want students to have any permissions to
> view/modify
> > the template PDFs, so I want to disable all of the resource
> > permissions (such as Create resources, Read resources...) on the
> > related directories for roles who don't have certificate.admin
> permissions.
> >
> > So for example, if we had
> >
> root/certification/templates/<siteId>/<certificateDefinitionId>/myPdf.
> > pdf In my implementation it should be somewhere like
> >
> <siteCollection>/certification/templates/<certificateDefinitionId>/myP
> > df.pdf and the <siteCollection>/certification/templates/ folder's
> > permissions would all be enabled for Instructor and disabled for
> > Student
> >
> > I've been poking around ContentHostingService, and I see ways to
> check
> > for permissions but nothing to set them. I also poked around in
> > AuthzGroupService, but didn't see how to use it with
> ContentResources.
> > Does anybody know a way to set permissions on a ContentCollection?
> >
> > Thanks,
> > Brian
> > _______________________________________________
> > sakai-dev mailing list
> > sakai-dev at collab.sakaiproject.org
> <mailto:sakai-dev at collab.sakaiproject.org>
> > http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> >
> > TO UNSUBSCRIBE: send email to
> > sakai-dev-unsubscribe at collab.sakaiproject.org
> <mailto:sakai-dev-unsubscribe at collab.sakaiproject.org>
> > with a subject of "unsubscribe"
> >
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> <mailto:sakai-dev at collab.sakaiproject.org>
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org
> <mailto:sakai-dev-unsubscribe at collab.sakaiproject.org> with a
> subject of "unsubscribe"
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120905/e3a304f0/attachment.html
More information about the sakai-dev
mailing list