[Building Sakai] Controlling access to, and viewability of, a course tool?
Lydia Rice
lydia at sipx.com
Wed Aug 14 03:20:05 PDT 2013
Hi,
I have a course tool which works just fine in all respects
but one. I'd like the code for the tool to be accessible to
all users irrespective of privilege level, but I want the
button for it to be visible only to users with a defined >0
level of privilege. If I add a configuration constraint to
the sakai.tool.xml file such as:
<configuration name="functions.require" value="site.upd"/>
then the button appears in the UI under the correct
circumstances, but then users without the site.upd
privilege, who have cause to access URLs under the ægis of
the tool, get barfed out.
I've tried what feels like a million combinations of
different things to get around this problem, but have
completely failed. As far as I can tell from the code, the
viewability of a tool's button is intimately connected to
its applicability in ToolHelperImpl.allowTool, so it's
simply not possible in any obvious and declarative manner to
control the button independent of the access control to the
button. If I remove the <configuration> constraint, then
the button appears for generic users, which is exactly what
I'm trying to avoid.
I've tried a bunch of other approaches, such as trying to
define a second entry point for the tool, but that always
seems either to end up adding an unwanted button in the less
privileged mode and/or adding a second button to the
site.upd-level UI. If I simply try to add an extra servlet
to the tool, then it inherits the access control from the
sakai.too.xml file, and I lose again. I've tried defining a
separate tool with just an id, but no title or description
in the hope of creating a tool with no UI manifestation, but
this simply results in the tool not existing.
It feels like it might be possible, at least in principle,
to create a completely separate non-tool chunk of code that
has a servlet that somehow telepathically knows about the
main tool, and responds to the less privileged case, but I
really don't know how to do that, let alone in a way that
will cause the putative chunk of code to pick up all the
right user and course context that comes automatically from
being a course tool.
Any thoughts?
Lydia.
More information about the sakai-dev
mailing list