...
- Using Spring to get the service for your class (e.g. YourAppClass) (recommended)
- Add the AuthzGroupService bean to the bean for YourAppClass
Code Block xml xml <bean id="org.sakaiproject.yourapp.logic.YourAppClass" class="org.sakaiproject.yourapp.logic.impl.YourAppClassImpl"> <property name="authzGroupService" ref="org.sakaiproject.authz.api.AuthzGroupService" /> </bean>
- Add a variable and setter to YourAppClass to use the service in like so:
Code Block java java private AuthzGroupService authzGroupService; public void setAuthzGroupService(AuthzGroupService authzGroupService) { this.authzGroupService = authzGroupService; }
- Add the AuthzGroupService bean to the bean for YourAppClass
- Using the cover Component Manager to get the service
- Note: This is not the recommended method, you should be using Spring to inject the service
- Setup a variable to hold the instance from the cover Use the CM cover to get the service
Get access to the service using the coverCode Block java java import org.sakaiproject.component.cover.ComponentManager; import org.sakaiproject.authz.api.AuthzGroupService; ... private AuthzGroupService authzGroupService;
Code Block java java ... authzGroupService = org.sakaiproject.authz.cover.AuthzGroupService.getInstance((AuthzGroupService) ComponentManager.get(AuthzGroupService.class);
Getting the users associated with a site which have a specific permission
...
- Use the ToolManager service to get the current context
Code Block java java String currentContext = toolManager.getCurrentPlacement().getContext();- Note: You could also retrieve the context in other ways, this is just the common one
- Use the SiteService to get the site reference from the context
Code Block java javaString siteRef = siteService.siteReference(context);
- Note: This could also be a group reference instead of a site reference (in theory)
- Create a Collection of the references and pass that to the AuthzGroupService to get the Set of userIds
Code Block java java java.util.List azGroups = new java.util.ArrayList(); azGroups.add(siteRef); java.util.Set userIds = authzGroupService.getUsersIsAllowed("tool.permission", azGroups);
- Note: In this case, tool.permission is the permission you registered earlier with the FunctionManager
...
- Note: You have to be careful with this because it will overwrite the current permissions that the user has setup
...
Code Block | ||||
---|---|---|---|---|
| ||||
|
...
String |
...
currentContext = |
...
try {
AuthzGroup ag = authzGroupService.getAuthzGroup(SITE_TEMPLATE);
...
if (authzGroupService.allowUpdate(ag.getId())) {
...
Role r = ag.getRole(ag.getMaintainRole());
r.allowFunction("tool.permission");
authzGroupService.save(ag);
log.info("Added Permissions to group:" + SITE_TEMPLATE);
...
toolManager.getCurrentPlacement().getContext(); // (1) String siteRef = siteService.siteReference(context); // (2) java.util.List azGroups = new java.util.ArrayList(); // (3) azGroups.add(siteRef); java.util.Set userIds = authzGroupService.getUsersIsAllowed("tool.permission", azGroups); |
Getting the list of sites that a user has a specific permission in
- Use the AuthzGroupService to get the set of ids Ids related to a permission (tool.permission), then iterate
- Iterate through the Set of Ids
- Use the EntityManager to convert the authzGroupIds to Reference objects and then test if the type of object is a site
- Get the siteId or context from the Reference or use the SiteService to convert the siteId into a Site object
- Get the groupId from the Reference or use the SiteService to get the Group object
Code Block | ||||
---|---|---|---|---|
| ||||
java.util.Set authzGroupIds = authzGroupService.getAuthzGroupsIsAllowed(userId, "tool.permission", null); // (1) java.util.Iterator it = authzGroupIds.iterator(); // (2) while (it.hasNext()) { |
...
String authzGroupId = (String) it.next(); |
...
Reference r = entityManager.newReference(authzGroupId); |
...
// (3) if(r.isKnownType()) { |
...
if(r.getType().equals(SiteService. |
...
APPLICATION_ |
...
ID)) { |
...
// (4) // do something since this is a site |
...
String siteId = r.getId(); |
...
String context = r.getId(); |
...
try { |
...
Site site = siteService.getSite(siteId); |
...
} catch (IdUnusedException e) { |
...
// invalid site Id returned |
...
throw new RuntimeException("Could not get site from siteId:" + siteId); |
...
} } else if (r.getType().equals(SiteService.GROUP_SUBTYPE)) { |
...
// (5) // do something since this is a site group |
...
String groupId = r.getId(); |
...
String context = r.getId(); Group group = siteService.findGroup(groupId); |
...
if (group != null) { |
...
// found a valid group so do something |
...
} } } } |
Setting the permissions for the !site.template (or any template)
- Note: You have to be careful with this because it will overwrite the current permissions that the user has setup
- Setup a constant for the site template string
- Use the AuthzGroupService to get the AuthzGroup for SITE_TEMPLATE
- Use the AuthzGroupService to check if ag can be updated
- Use the AuthzGroup to set the maintain role to have the permission for the tool and the AuthzGroupService to save the group
- Log warnings and handle exceptions
Code Block | ||||
---|---|---|---|---|
| ||||
private final static String SITE_TEMPLATE = "!site.template"; // (1)
try {
AuthzGroup ag = authzGroupService.getAuthzGroup(SITE_TEMPLATE); // (2)
if (authzGroupService.allowUpdate(ag.getId())) { // (3)
Role r = ag.getRole(ag.getMaintainRole()); // (4)
r.allowFunction("tool.permission");
authzGroupService.save(ag);
log.info("Added Permissions to group:" + SITE_TEMPLATE);
} else { // (5)
log.warn("Cannot update authz group: " + SITE_TEMPLATE);
}
} catch (GroupNotDefinedException e) {
log.error("Could not find group: " + SITE_TEMPLATE + ", default perms will not be assigned");
} catch (AuthzPermissionException e) {
log.error("Could not save group: " + SITE_TEMPLATE);
}
|