[Using Sakai] Does anyone know how the group permissions at the top of Resources tool work?
Jim Mezzanotte
jmezzanotte at anisakai.com
Wed Feb 25 08:38:37 PST 2015
Hi Adam,
I think the property would only enable group assignment of permissions
for all group-aware tools in your Sakai instance, so whether the
permissions actually get applied (in Resources or other tools) may be
a bug or design issue.
It does look like maybe the key to the problem is the "global" nature
of this enhancement--the functionality is available for multiple
group-aware tools, but they all have unique capabilities and
corresponding permissions, so the "group" permission-assignment
doesn't work in all cases.
An example: in the same community instance where I tested yesterday
(https://qa10-mysql.nightly.sakaiproject.org/portal), I went to the
Announcements tool and tried enabling the "create announcements"
permission for a group. In this case, it seems to work--as a group
member in the student role, I saw an extra "add" button in the tool
menu, and as a non-group member student, I did not.
One odd thing is this JIRA: https://jira.sakaiproject.org/browse/SAK-21525
That JIRA is for group permissions not working with the Assignments
tool, but the ticket includes reference to this working correctly in
Resources!
Perhaps others in Sakai dev can weigh in on this?
Best,
Jim Mezzanotte
Asahi Net International
On Wed, Feb 25, 2015 at 9:54 AM, Adam Marshall
<adam.marshall at it.ox.ac.uk> wrote:
> Jim
>
> Thanks for looking into this. I thought I was understanding what was supposed to happen. FWIW - the facility is even more broken at Oxford so we may hunt for that property you mention.
>
> adam
>
> --
>
> ** Note change of email address to adam.marshall at it.ox.ac.uk **
>
> Dr A C Marshall, WebLearn Service Manager, University of Oxford.
> IT Services, 13 Banbury Rd, Oxford. OX2 6NN.
>
>
>
> -----Original Message-----
> From: Jim Mezzanotte [mailto:jmezzanotte at anisakai.com]
> Sent: 24 February 2015 23:33
> To: Neal Caidin
> Cc: Adam Marshall; sakai-user at collab.sakaiproject.org Server; Sakai-Dev
> Subject: Re: Does anyone know how the group permissions at the top of Resources tool work?
>
> See my last post first--but I realized I should adjust my answer a bit. For approach "B" in which you set sub-folder permissions for a
> group: in this case, you must also target the folder only to that group. So this is another way the functionality is different. Group access must be set for a subfolder before you can then define capabilities for that group's members.
>
> Best,
> Jim Mezzanotte
>
> On Tue, Feb 24, 2015 at 6:21 PM, Jim Mezzanotte <jmezzanotte at anisakai.com> wrote:
>> I think there may be two separate functionalities to discuss here:
>>
>>
>> A. Group permissions. This enhancement has been in existence for
>> awhile (if I recall, since Sakai 2.7). I also seem to recall a few
>> issues with it, I'm not sure if they've been resolved? I'm assuming
>> this needs to be configured via prop setting. You can see the UI in
>> this community instance:
>>
>> https://qa10-mysql.nightly.sakaiproject.org/portal
>>
>> Just create a group and then go to the permissions UI in the Resources
>> tool--you'll see a dropdown menu for selecting the entire site or a
>> specific group (and applying permissions to that group).
>>
>> This is more of a global enhancement, since it allows for targeting
>> permissions to specific groups in several different group-aware Sakai
>> tools (not just Resources) that provide user-facing permissions.
>>
>> But I confirmed this doesn't seem to be working in that community
>> instance, at least not in Resources. Steps to reproduce:
>>
>> 1. Create group, add student members
>> 2. Go to Resources permissions UI and select group; then enable
>> "create resources" permission for student role 3. Go to Resources as
>> student member of group.
>>
>> Expected result is being able to add content. But the "Add" menu does
>> not display. I also tried hiding a content item and enabling the "read
>> hidden resource" permission for the group, but that didn't work
>> either. Here are some potential related JIRAs for this enhancement,
>> though not necessarily specific to Resources tool:
>>
>> https://jira.sakaiproject.org/browse/SAK-19645
>> https://jira.sakaiproject.org/browse/SAK-21525
>> https://jira.sakaiproject.org/browse/SAK-20921
>>
>>
>> B. Sub-folder permissions in Resources. Disregarding the enhancement
>> described above, permissions cannot be set for groups at the root
>> level in Resources, only for subfolders. In this case, however, you
>> don't set them via the permissions UI, but but via the "Actions" menu
>> for the appropriate folder--and by selecting "Edit Folder Permissions"
>> in that menu. With this approach, you have to keep in mind that the
>> subfolder inherits the parent folder permissions, and while you can
>> enable permissions, you can't disable inherited permissions.
>>
>> Best,
>> Jim Mezzanotte
>> Asahi Net International
>>
>>
>> On Tue, Feb 24, 2015 at 1:53 PM, Neal Caidin <neal.caidin at apereo.org> wrote:
>>> Finally came back to this issue.
>>>
>>> I cannot reproduce the steps, even on Longsight qa10 server. I've
>>> created a couple of groups but I don't see an option under Resources
>>> -> Permissions to select any of the groups and assign group specific permissions.
>>>
>>> Puzzled.
>>>
>>> -- Neal
>>>
>>>
>>> On Wed, Jan 28, 2015 at 7:15 AM, Adam Marshall
>>> <adam.marshall at it.ox.ac.uk>
>>> wrote:
>>>>
>>>> We have just looked in to this. We have a scenario:
>>>>
>>>>
>>>>
>>>> A lecturer wants 3 of his students to act as editors and upload PDFs
>>>> into a folder in resources. He wants all other students to be able
>>>> to read these PDFs. He doesn’t want to give the 3 editors a different role in the site.
>>>>
>>>>
>>>>
>>>> So I suggested this.
>>>>
>>>>
>>>>
>>>> +++++++++++++++++++++++
>>>>
>>>>
>>>>
>>>> 1/ Create 2 Site sub Groups
>>>>
>>>>
>>>>
>>>> Student Authors: includes the 3 authors
>>>>
>>>> Student Readers: includes all other students.
>>>>
>>>>
>>>>
>>>> 2/ In Resources – click on the Permissions button at the top of the
>>>> screen
>>>>
>>>>
>>>>
>>>> a/ select Student Authors from drop down list and give them “create”
>>>> permission (and edit & delete own)
>>>>
>>>> b/ select Student Readers from list and make sure they don’t have
>>>> ‘Create’ etc
>>>>
>>>>
>>>>
>>>> 3/ We then create a subfolder and make available only to the 2
>>>> groups the idea being that people in Authors group will have and
>>>> extra permission or 2 compared to the Readers group.
>>>>
>>>>
>>>>
>>>> ++++++++++++++++++++++
>>>>
>>>>
>>>>
>>>> If one logs in as a member of Authors group that one does indeed see
>>>> the “Add” option in Resources
>>>>
>>>>
>>>>
>>>> If one logs in as a Reader one also see the “Add” option.
>>>>
>>>>
>>>>
>>>> In both cases the individual user can upload files.
>>>>
>>>>
>>>>
>>>> That cant be right can it?
>>>>
>>>>
>>>>
>>>> Unless I’m misunderstanding how things are supposed to work, then
>>>> this is an escalation of privileges type bug isn’t it?
>>>>
>>>>
>>>>
>>>> This is all in place on fawei-test on https://qa10.longsight.com/
>>>>
>>>>
>>>>
>>>> adam
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>
>>>>
>>>> ** Note change of email address to adam.marshall at it.ox.ac.uk **
>>>>
>>>>
>>>>
>>>> Dr A C Marshall, WebLearn Service Manager, University of Oxford.
>>>>
>>>> IT Services, 13 Banbury Rd, Oxford. OX2 6NN.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> From: sakai-user-bounces at collab.sakaiproject.org
>>>> [mailto:sakai-user-bounces at collab.sakaiproject.org] On Behalf Of
>>>> Fawei Geng
>>>> Sent: 27 January 2015 17:29
>>>> To: Sakai-Dev; pedagogy at collab.sakaiproject.org;
>>>> sakai-docs at collab.sakaiproject.org; i18n at collab.sakaiproject.org
>>>> i18n; accessibility at collab.sakaiproject.org;
>>>> sakai-user at collab.sakaiproject.org
>>>> Server; portfolio at collab.sakaiproject.org;
>>>> sakai-qa at collab.sakaiproject.org QA;
>>>> sakai-pmc at collab.sakaiproject.org
>>>> Subject: [Using Sakai] Does anyone know how the group permissions at
>>>> the top of Resources tool work?
>>>>
>>>>
>>>>
>>>> Dear all,
>>>>
>>>>
>>>>
>>>> Does anyone know how the group permissions at the top of Resources
>>>> tool work?
>>>>
>>>>
>>>>
>>>> The purpose of my test was to allow members in a group with access
>>>> or student role to be able to create/delete files in a folder in
>>>> Resources while other users with access (student) role in the site
>>>> are still able to view the folder content.
>>>>
>>>>
>>>>
>>>> This is how I tested:
>>>>
>>>>
>>>>
>>>> · Log into a Sakai project site as a maintain role (I believe it
>>>> will be the same for a course site). Create a group via Site Info >
>>>> Manage Group. The group includes a few access users (or students)
>>>>
>>>> · Go to Resources and click on “Permissions” at the top: see
>>>> attached screen shot “Permissions -1”
>>>>
>>>> · On the next page, click on the drop-down list next to “Set
>>>> permissions for” and select the group created, e.g. group, and then
>>>> I granted ‘create’ and ‘delete own’ permissions for this group
>>>>
>>>>
>>>>
>>>> As a result of above, I was hoping that the group members would be able
>>>> to create/delete files in Resources in the site. However, after logging
>>>> into the site as a group member, I was not able to create/upload
>>>> files in Resources. In other words, the settings above did not make much difference.
>>>>
>>>>
>>>>
>>>> Could anyone please let me know where I did it wrong?
>>>>
>>>>
>>>>
>>>> Many thanks in advance.
>>>>
>>>>
>>>>
>>>> Fawei
>>>>
>>>> ------------------------------------------------------------
>>>> Fawei Geng, FHEA CMALT MBCS
>>>>
>>>> Learning Technology Support Officer
>>>> IT Services, University of Oxford
>>>>
>>>> 13 Banbury Road, Oxford OX2 6NN
>>>>
>>>> Blog: http://blogs.oucs.ox.ac.uk/fawei/
>>>>
>>>> Twitter: http://twitter.com/oxford4learning/
>>>>
>>>> ------------------------------------------------------------
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> sakai-dev mailing list
>>>> sakai-dev at collab.sakaiproject.org
>>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>>
>>>> TO UNSUBSCRIBE: send email to
>>>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>>>> "unsubscribe"
>>>
>>>
>>>
>>> _______________________________________________
>>> sakai-dev mailing list
>>> sakai-dev at collab.sakaiproject.org
>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>
>>> TO UNSUBSCRIBE: send email to
>>> sakai-dev-unsubscribe at collab.sakaiproject.org
>>> with a subject of "unsubscribe"
More information about the sakai-user
mailing list