[Building Sakai] Controlling access to, and viewability of, a course tool?

Lydia Rice lydia at sipx.com
Wed Aug 14 03:20:05 PDT 2013 

Hi,
I have a course tool which works just fine in all respects 
but one. I'd like the code for the tool to be accessible to 
all users irrespective of privilege level, but I want the 
button for it to be visible only to users with a defined >0 
level of privilege.  If I add a configuration constraint to 
the sakai.tool.xml file such as:

     <configuration name="functions.require" value="site.upd"/>

then the button appears in the UI under the correct 
circumstances, but then users without the site.upd 
privilege, who have cause to access URLs under the ægis of 
the tool, get barfed out.

I've tried what feels like a million combinations of 
different things to get around this problem, but have 
completely failed.  As far as I can tell from the code, the 
viewability of a tool's button is intimately connected to 
its applicability in ToolHelperImpl.allowTool, so it's 
simply not possible in any obvious and declarative manner to 
control the button independent of the access control to the 
button.  If I remove the <configuration> constraint, then 
the button appears for generic users, which is exactly what 
I'm trying to avoid.

I've tried a bunch of other approaches, such as trying to 
define a second entry point for the tool, but that always 
seems either to end up adding an unwanted button in the less 
privileged mode and/or adding a second button to the 
site.upd-level UI.  If I simply try to add an extra servlet 
to the tool, then it inherits the access control from the 
sakai.too.xml file, and I lose again.  I've tried defining a 
separate tool with just an id, but no title or description 
in the hope of creating a tool with no UI manifestation, but 
this simply results in the tool not existing.

It feels like it might be possible, at least in principle, 
to create a completely separate non-tool chunk of code that 
has a servlet that somehow telepathically knows about the 
main tool, and responds to the less privileged case, but I 
really don't know how to do that, let alone in a way that 
will cause the putative chunk of code to pick up all the 
right user and course context that comes automatically from 
being a course tool.

Any thoughts?



Lydia.

More information about the sakai-dev mailing list