[Using Sakai] Roles and access permissions...
Steve Swinsburg
steve.swinsburg at gmail.com
Wed Jul 9 05:03:15 PDT 2014
Hi Gregory,
Answers inline:
*- are there global roles? i.e. not site(course/project/...) specific?
e.g. can someone be an "admin" which trumps any specific site
permissions?*
Yes, an admin trumps all. If you are part of the admin workspace you are a
superuser and all permission checks will return true to allow access.
However, don't forget the concept of a user type. These are the permissions
you have when you are not in the context of a site. They don't (or at least
aren't meant to, IIRC there was a bug, maybe fixed) flow through to any
site, so you could technically define some extra permissions that are only
set for a user type and work from that. That is if you don't want to use a
site context, but it sounds like you do.
* - can one user have multiple roles on a site (like an ACL?) (I
think no, just checking). For example could a student also be a TA?*
No, you can only have one role in a site, however your role can
theoretically differ between the site and groups in the site. For your
purposes, a normal lookup on the site would suffice to check the user has a
certain permission.
* Then I will need a webservice to get this information, I see several
candidates, but have not tried them yet.*
You can use /direct/site/SITEID/userPerms.json to get the permissions for
the current user in a specific site. Note that you can get the permissions
for the user role (ie no site context) by replacing the siteId with the
user eid, if you need that, eg:
http://localhost:8081/direct/site/steve/userPerms.json
* Basically the reporting tool will have a course name, and then want to
check permissions.*
Yep, achievable via the web services.
cheers,
Steve
On Wed, Jul 9, 2014 at 2:50 AM, Gregory Guthrie <guthrie at mum.edu> wrote:
> I want to have some reports we use which run from an external tool (to the
> database) allowed only for users with certain Sakai permissions.
>
> For example I would allow anyone with admin status to get a report for any
> site (or realm?), and for any specific site any instructor (or evaluator,
> program admin, ...) can get a report.
>
> The basic idea is that when someone asks for a report on a course, we
> would ask Sakai about their permissions on that site, and use that to
> decide on authentication (allow them to get a report).
>
> But I am mot sure of a few points (or more...!?);
> - are there global roles? i.e. not site(course/project/...) specific?
> e.g. can someone be an "admin" which trumps any specific site
> permissions?
> - can one user have multiple roles on a site (like an ACL?)
> (I think no, just checking).
> For example could a student also be a TA?
>
> Then I will need a webservice to get this information, I see several
> candidates, but have not tried them yet.
> Basically the reporting tool will have a course name, and then want to
> check permissions.
>
> Am I approaching this correctly, and any suggestions on a best solution?
> -------------------------------------------
> _______________________________________________
> sakai-user mailing list
> sakai-user at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-user
>
> TO UNSUBSCRIBE: send email to
> sakai-user-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-user/attachments/20140709/79c3c7d0/attachment.html
More information about the sakai-user
mailing list