[Building Sakai] NeoPortal dropdown tools not honoring permissions

Matthew Jones matthew at longsight.com
Fri May 10 15:20:18 PDT 2013 

I agree, sounds like a bug with the pages/site entity and probably
something being checked in the portal service or tool directly. You'd need
to file a jira. I'd agree it shouldn't pass this and decide afterward.


On Fri, May 10, 2013 at 6:09 PM, Steve Swinsburg
<steve.swinsburg at gmail.com>wrote:

> IMO what you see should be what you can access. So the data should return
> the correct list.
>
> Cheers
> Steve
>
> Sent from my iPhone
>
> On 10/05/2013, at 23:21, "Kusnetz, Jeremy" <JKusnetz at APUS.EDU> wrote:
>
>  We make extensive use of functions.required to give instructors and
> students a different set of tools in our instance.****
>
> ** **
>
> We found that the list of tools in the dropdown are just all the tools in
> the site, regardless of what the user should be seeing.  I found JIRA
> SAK-22982 but it doesn’t look like any work has started on it yet.  In my
> opinion this is a pretty major bug.  While clicking on a tool you aren’t
> supposed to have access to doesn’t actually go to that tool, it’s still a
> very confusing experience for the user to see tools that they shouldn’t.**
> **
>
> ** **
>
> Now it looks like the tool dropdown is driven by the site REST service
> (/direct/site/SITE_ID/pages.json).  It appears that this service isn’t
> honoring user permissions, and instead is just displaying all the pages in
> the site.****
>
> ** **
>
> We are looking to see if we can fix this problem, but my question to the
> community is, what is the more correct thing to do?  Is the more correct
> thing to not return any pages/tools that the user shouldn’t see?  Or should
> the JSON contain other variables like functions.required that then can be
> looked up against the /direct/site/SITE_ID/userPerms.json REST service via
> the neoportal javascript?****
>
> This message is private and confidential. If you have received it in
> error, please notify the sender and remove it from your system.
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130510/bbd9df8a/attachment.html

More information about the sakai-dev mailing list