[Building Sakai] NeoPortal dropdown tools not honoring permissions

JOSE MARIANO LUJáN GONZáLEZ jmariano at um.es
Tue May 21 01:25:31 PDT 2013 

Hi everyone,

I was wondering if such jira was created after this discussion?. We just 
came across this issue during our 2.9 upgrading plans. I couldn't find 
such jira so I just created a new one to track the issue, please close 
it if it is duplicated.

https://jira.sakaiproject.org/browse/SAK-23632

At Murcia, we also make extensive use of 'function.requireds'  when 
creating custom tools that will only be used by instructors. We just 
started the discussion in the jira so feel free to add your views to 
find the best solution.
Thanks, mariano.


El 11/05/2013 0:20, Matthew Jones escribió:
> I agree, sounds like a bug with the pages/site entity and probably 
> something being checked in the portal service or tool directly. You'd 
> need to file a jira. I'd agree it shouldn't pass this and decide 
> afterward.
>
>
> On Fri, May 10, 2013 at 6:09 PM, Steve Swinsburg 
> <steve.swinsburg at gmail.com <mailto:steve.swinsburg at gmail.com>> wrote:
>
>     IMO what you see should be what you can access. So the data should
>     return the correct list.
>
>     Cheers
>     Steve
>
>     Sent from my iPhone
>
>     On 10/05/2013, at 23:21, "Kusnetz, Jeremy" <JKusnetz at APUS.EDU
>     <mailto:JKusnetz at APUS.EDU>> wrote:
>
>>     We make extensive use of functions.required to give instructors
>>     and students a different set of tools in our instance.
>>
>>     We found that the list of tools in the dropdown are just all the
>>     tools in the site, regardless of what the user should be seeing. 
>>     I found JIRA SAK-22982 but it doesn't look like any work has
>>     started on it yet.  In my opinion this is a pretty major bug. 
>>     While clicking on a tool you aren't supposed to have access to
>>     doesn't actually go to that tool, it's still a very confusing
>>     experience for the user to see tools that they shouldn't.
>>
>>     Now it looks like the tool dropdown is driven by the site REST
>>     service (/direct/site/SITE_ID/pages.json).  It appears that this
>>     service isn't honoring user permissions, and instead is just
>>     displaying all the pages in the site.
>>
>>     We are looking to see if we can fix this problem, but my question
>>     to the community is, what is the more correct thing to do?  Is
>>     the more correct thing to not return any pages/tools that the
>>     user shouldn't see?  Or should the JSON contain other variables
>>     like functions.required that then can be looked up against the
>>     /direct/site/SITE_ID/userPerms.json REST service via the
>>     neoportal javascript?
>>
>>     This message is private and confidential. If you have received it
>>     in error, please notify the sender and remove it from your system.
>>
>>     _______________________________________________
>>     sakai-dev mailing list
>>     sakai-dev at collab.sakaiproject.org
>>     <mailto:sakai-dev at collab.sakaiproject.org>
>>     http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>>     TO UNSUBSCRIBE: send email to
>>     sakai-dev-unsubscribe at collab.sakaiproject.org
>>     <mailto:sakai-dev-unsubscribe at collab.sakaiproject.org> with a
>>     subject of "unsubscribe"
>
>     _______________________________________________
>     sakai-dev mailing list
>     sakai-dev at collab.sakaiproject.org
>     <mailto:sakai-dev at collab.sakaiproject.org>
>     http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
>     TO UNSUBSCRIBE: send email to
>     sakai-dev-unsubscribe at collab.sakaiproject.org
>     <mailto:sakai-dev-unsubscribe at collab.sakaiproject.org> with a
>     subject of "unsubscribe"
>
>
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"

-- 
******************************************
José Mariano Luján González - Aula Virtual
Area de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
UNIVERSIDAD DE MURCIA - http://www.um.es

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130521/680c6c17/attachment.html

More information about the sakai-dev mailing list