Presentation is loading. Please wait.

Presentation is loading. Please wait.

Creative Commons Attribution- NonCommercial-ShareAlike 2.5 License Sakai Programmer's Café Sakai Montreal CRIM Workshop Intro Sakai Auth Permissions Aaron.

Similar presentations


Presentation on theme: "Creative Commons Attribution- NonCommercial-ShareAlike 2.5 License Sakai Programmer's Café Sakai Montreal CRIM Workshop Intro Sakai Auth Permissions Aaron."— Presentation transcript:

1 Creative Commons Attribution- NonCommercial-ShareAlike 2.5 License Sakai Programmer's Café Sakai Montreal CRIM Workshop Intro Sakai Auth Permissions Aaron Zeckoski

2 2 Sakai authorization Handled via a set of permissions which are tied to roles in sites typically –Examples site.add - Can add a new site annc.delete.any - Can remove any announcement Roles are like positions in a group –Instructor –Maintain –Student

3 3 Sites and contexts In Sakai, a user group is called a site –Courses, project sites, groups However, there is a generic idea of a context which indicates the location of the user currently –This is what we will check against when checking permissions Each context has a reference which is what we will use for perm checks String siteRef = siteService.siteReference(siteId);

4 4 Creating new permissions Register new permissions using the Sakai FunctionManager –Call to registerFunction –Often done in the init method of a bean in the logic layer (recommended) Registered permissions will appear in the list perms in the Realms admin tool in Sakai URL: public final static String ITEM_WRITE_ANY = myappitem.write.any"; functionManager.registerFunction(ITEM_WRITE_ANY);

5 5 Checking a permission The Sakai SecurityService is used to do permission checks –userId - The internal Sakai user identifier Not the username (eid) –Perm - The registered permission Using the FunctionManager –sakaiRef - The entity reference Probably a site reference Not the entityId, siteId, or groupId Returns a boolean true if user has the permission in the reference securityService.unlock(userId, ITEM_WRITE_ANY, sakaiRef) URL:

6 6 Checking for super admin Check if the user is a super admin in the current Sakai instance –userId is the internal Sakai user id Not the username Returns true if the user is a super admin securityService.isSuperUser(userId) URL:

7 7 Setting permissions Use the Realms tool in the administration workspace to set permissions for roles –Must be a super admin

8 8 Setting permissions (contd) Search for the site (by id) or modify the !site.template –Modifying the site template only affects sites created after the modification

9 9 Setting permissions (contd) Select the role you want to modify –Maintain - a site maintainer (like instructor) –Access - a site user (like student)

10 10 Setting permissions (contd) Check boxes to add permissions for this role or uncheck to remove them –Done and Save both save the changes

11 11 Sakai Entities Permissions are associated with entities in Sakai –Entities include sites, users, announcements, etc. When we are checking a permission related to a reference it is actually an entity reference –This can be confusing so it is best to think of it as related to sites and contexts at first

12 12 Questions? More information in the Sakai Collab whitepapers in the DG: Development site


Download ppt "Creative Commons Attribution- NonCommercial-ShareAlike 2.5 License Sakai Programmer's Café Sakai Montreal CRIM Workshop Intro Sakai Auth Permissions Aaron."

Similar presentations


Ads by Google