...
- Using Spring to get the service for your class (e.g. YourAppClass) (recommended)
- Add the AuthzGroupService bean to the bean for YourAppClass
Code Block |
---|
|
<bean id="org.sakaiproject.yourapp.logic.YourAppClass"
class="org.sakaiproject.yourapp.logic.impl.YourAppClassImpl">
<property name="authzGroupService"
ref="org.sakaiproject.authz.api.AuthzGroupService" />
</bean>
|
- Add a variable and setter to YourAppClass to use the service in like so:
Code Block |
---|
|
private AuthzGroupService authzGroupService;
public void setAuthzGroupService(AuthzGroupService authzGroupService) {
this.authzGroupService = authzGroupService;
}
|
- Using the cover Component Manager to get the service
- Note: This is not the recommended method, you should be using Spring to inject the service
- Setup a variable to hold the instance from the cover Use the CM cover to get the service
Code Block |
---|
|
import org.sakaiproject.component.cover.ComponentManager;
import org.sakaiproject.authz.api.AuthzGroupService;
...
private AuthzGroupService authzGroupService;
|
Get access to the service using the cover Code Block |
---|
java | java |
...
authzGroupService = org.sakaiproject.authz.cover.AuthzGroupService.getInstance((AuthzGroupService) ComponentManager.get(AuthzGroupService.class);
|
Getting the users associated with a site which have a specific permission
...
- Use the ToolManager service to get the current context
Code Block |
---|
java | java |
String currentContext = toolManager.getCurrentPlacement().getContext();
|
- Note: You could also retrieve the context in other ways, this is just the common one
- Use the SiteService to get the site reference from the context
Code Block |
---|
java | java |
String siteRef = siteService.siteReference(context);
- Note: This could also be a group reference instead of a site reference (in theory)
- Create a Collection of the references and pass that to the AuthzGroupService to get the Set of userIds
Code Block |
---|
java | java
java.util.List azGroups = new java.util.ArrayList();
azGroups.add(siteRef);
java.util.Set userIds = authzGroupService.getUsersIsAllowed("tool.permission", azGroups);
|
- Note: In this case, tool.permission is the permission you registered earlier with the FunctionManager
Setting the permissions for the !site.template (or any template)
...
- Setup a constant for the site template string
...
...
...
try {
AuthzGroup ag = authzGroupService.getAuthzGroup(SITE_TEMPLATE);
...
if (authzGroupService.allowUpdate(ag.getId())) {
...
Role r = ag.getRole(ag.getMaintainRole());
r.allowFunction("tool.permission");
authzGroupService.save(ag);
log.info("Added Permissions to group:" + SITE_TEMPLATE);
...
toolManager.getCurrentPlacement().getContext(); // (1)
String siteRef = siteService.siteReference(context); // (2)
java.util.List azGroups = new java.util.ArrayList(); // (3)
azGroups.add(siteRef);
java.util.Set userIds = authzGroupService.getUsersIsAllowed("tool.permission", azGroups);
|
Getting the list of sites that a user has a specific permission in
- Use the AuthzGroupService to get the set of ids Ids related to a permission (tool.permission), then iterate
- Iterate through the Set of Ids
- Use the EntityManager to convert the authzGroupIds to Reference objects and then test if the type of object is a site
- Get the siteId or context from the Reference or use the SiteService to convert the siteId into a Site object
- Get the groupId from the Reference or use the SiteService to get the Group object
Code Block |
---|
|
java.util.Set authzGroupIds = authzGroupService.getAuthzGroupsIsAllowed(userId, "tool.permission", null); // (1)
java.util.Iterator it = authzGroupIds.iterator(); // (2)
while (it.hasNext()) {
|
...
String authzGroupId = (String) it.next();
|
...
Reference r = entityManager.newReference(authzGroupId); |
...
// (3)
if(r.isKnownType()) { |
...
if(r.getType().equals(SiteService. |
...
...
...
// (4)
// do something since this is a site |
...
String siteId = r.getId(); |
...
String context = r.getId();
|
...
...
Site site = siteService.getSite(siteId); |
...
} catch (IdUnusedException e) {
|
...
// invalid site Id returned |
...
throw new RuntimeException("Could not get site from siteId:" + siteId); |
...
}
} else if (r.getType().equals(SiteService.GROUP_SUBTYPE)) { |
...
// (5)
// do something since this is a site group
|
...
String groupId = r.getId(); |
...
String context = r.getId(); |
...
Group group = siteService.findGroup(groupId);
|
...
...
// found a valid group so do something |
...
- Note: The Group is a subgroup within a Site
Setting the permissions for the !site.template (or any template)
- Note: You have to be careful with this because it will overwrite the current permissions that the user has setup
- Setup a constant for the site template string
- Use the AuthzGroupService to get the AuthzGroup for SITE_TEMPLATE
- Use the AuthzGroupService to check if ag can be updated
- Use the AuthzGroup to set the maintain role to have the permission for the tool and the AuthzGroupService to save the group
- Log warnings and handle exceptions
Code Block |
---|
|
private final static String SITE_TEMPLATE = "!site.template"; // (1)
try {
AuthzGroup ag = authzGroupService.getAuthzGroup(SITE_TEMPLATE); // (2)
if (authzGroupService.allowUpdate(ag.getId())) { // (3)
Role r = ag.getRole(ag.getMaintainRole()); // (4)
r.allowFunction("tool.permission");
authzGroupService.save(ag);
log.info("Added Permissions to group:" + SITE_TEMPLATE);
} else { // (5)
log.warn("Cannot update authz group: " + SITE_TEMPLATE);
}
} catch (GroupNotDefinedException e) {
log.error("Could not find group: " + SITE_TEMPLATE + ", default perms will not be assigned");
} catch (AuthzPermissionException e) {
log.error("Could not save group: " + SITE_TEMPLATE);
}
|