Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

  1. Using Spring to get the service for your class (e.g. YourAppClass) (recommended)
    1. Add the AuthzGroupService bean to the bean for YourAppClass
      Code Block
      xml
      xml
      <bean id="org.sakaiproject.yourapp.logic.YourAppClass"
		class="org.sakaiproject.yourapp.logic.impl.YourAppClassImpl">
	<property name="authzGroupService"
		ref="org.sakaiproject.authz.api.AuthzGroupService" />
</bean>
    2. Add a variable and setter to YourAppClass to use the service in like so:
      Code Block
      java
      java
      private AuthzGroupService authzGroupService;
public void setAuthzGroupService(AuthzGroupService authzGroupService) {
	this.authzGroupService = authzGroupService;
}
  2. Using the cover Component Manager to get the service
    • Note: This is not the recommended method, you should be using Spring to inject the service
    1. Setup a variable to hold the instance from the cover Use the CM cover to get the service
      Code Block
      java
      java
      
import org.sakaiproject.component.cover.ComponentManager;
import org.sakaiproject.authz.api.AuthzGroupService;
...
  private AuthzGroupService authzGroupService;
      Get access to the service using the cover
      Code Block
      javajava
      ...
    authzGroupService = org.sakaiproject.authz.cover.AuthzGroupService.getInstance((AuthzGroupService) ComponentManager.get(AuthzGroupService.class);

Getting the users associated with a site which have a specific permission

...

  1. Use the ToolManager service to get the current context Code Blockjavajava String currentContext = toolManager.getCurrentPlacement().getContext();
    • Note: You could also retrieve the context in other ways, this is just the common one
  2. Use the SiteService to get the site reference from the context
      Code Blockjavajava
      
String siteRef = siteService.siteReference(context);
      • Note: This could also be a group reference instead of a site reference (in theory)
    • Create a Collection of the references and pass that to the AuthzGroupService to get the Set of userIds
      • Note: In this case, tool.permission is the permission you registered earlier with the FunctionManager
Code Block
java
java

String currentContext = toolManager.getCurrentPlacement().getContext(); // (1)
String siteRef = siteService.siteReference(context); // (2)
java.util.List azGroups = new java.util.ArrayList(); // (3)
azGroups.add(siteRef);
java.util.Set userIds = authzGroupService.getUsersIsAllowed("tool.permission", azGroups);

...

Getting the list of sites that a user has a specific permission in
  1. Use the AuthzGroupService to get the set of Ids related to a permission (tool.permission)
  2. Iterate through the Set of Ids
  3. Use the EntityManager to convert the authzGroupIds to Reference objects and then test if the type of object is a site
  4. Get the siteId or context from the Reference or use the SiteService to convert the siteId into a Site object
  5. Get the groupId from the Reference or use the SiteService to get the Group object
 Code Block
java
java

java.util.Set authzGroupIds = authzGroupService.getAuthzGroupsIsAllowed(userId, "tool.permission", null); // (1)
java.util.Iterator it = authzGroupIds.iterator(); // (2)
while (it.hasNext()) {
   String authzGroupId = (String) it.next();
   Reference r = entityManager.newReference(authzGroupId); // (3)
   if(r.isKnownType()) {
      if(r.getType().equals(SiteService.APPLICATION_ID)) { // (4)
         // do something since this is a site
         String siteId = r.getId();
         String context = r.getId();
         try {
            Site site = siteService.getSite(siteId);
         } catch (IdUnusedException e) {
            // invalid site Id returned
            throw new RuntimeException("Could not get site from siteId:" + siteId);
         }
      } else if (r.getType().equals(SiteService.GROUP_SUBTYPE)) { // (5)
         // do something since this is a site group
         String groupId = r.getId();
         String context = r.getId();
         Group group = siteService.findGroup(groupId);
         if (group != null) {
            // found a valid group so do something
         }
      }
   }
}

Setting the permissions for the !site.template (or any template)
  • Note: You have to be careful with this because it will overwrite the current permissions that the user has setup
  1. Setup a constant for the site template string
  2. Use the AuthzGroupService to get the AuthzGroup for SITE_TEMPLATE
  3. Use the AuthzGroupService to check if ag can be updated
  4. Use the AuthzGroup to set the maintain role to have the permission for the tool and the AuthzGroupService to save the group
  5. Log warnings and handle exceptions
 Code Block
java
java

private final static String SITE_TEMPLATE = "!site.template"; // (1)
try {
   AuthzGroup ag = authzGroupService.getAuthzGroup(SITE_TEMPLATE); // (2)
   if (authzGroupService.allowUpdate(ag.getId())) { // (3)
      Role r = ag.getRole(ag.getMaintainRole()); // (4)
      r.allowFunction("tool.permission");
      authzGroupService.save(ag);
      log.info("Added Permissions to group:" + SITE_TEMPLATE);
   } else { // (5)
      log.warn("Cannot update authz group: " + SITE_TEMPLATE);
   }
} catch (GroupNotDefinedException e) {
   log.error("Could not find group: " + SITE_TEMPLATE + ", default perms will not be assigned");
} catch (AuthzPermissionException e) {
   log.error("Could not save group: " + SITE_TEMPLATE);
}