Information
This explains basic usage of the Sakai AuthzGroup Service. This service is used to find out things about Authz (permission) groups and the users who have those permissions.
- Trunk javadocs:
- Trunk source location: https://source.sakaiproject.org/svn/authz/trunk/
Accessing the AuthzGroupService
- You can use Spring Framework to inject the service or use the cover
- Using Spring to get the service for your class (e.g. YourAppClass) (recommended)
- Add the AuthzGroupService bean to the bean for YourAppClass
<bean id="org.sakaiproject.yourapp.logic.YourAppClass" class="org.sakaiproject.yourapp.logic.impl.YourAppClassImpl"> <property name="authzGroupService" ref="org.sakaiproject.authz.api.AuthzGroupService" /> </bean>
- Add a variable and setter to YourAppClass to use the service in like so:
private AuthzGroupService authzGroupService; public void setAuthzGroupService(AuthzGroupService authzGroupService) { this.authzGroupService = authzGroupService; }
- Add the AuthzGroupService bean to the bean for YourAppClass
- Using the cover to get the service
- Note: This is not the recommended method, you should be using Spring to inject the service
- Setup a variable to hold the instance from the cover
private AuthzGroupService authzGroupService;
- Get access to the service using the cover
authzGroupService = org.sakaiproject.authz.cover.AuthzGroupService.getInstance();
Getting the users associated with a site which have a specific permission
- Use this to tie data to a specific use of a tool in an area (probably a site or a section)
- Use the ToolManager service to get the current context
- Note: You could also retrieve the context in other ways, this is just the common one
- Use the SiteService to get the site reference from the context
- Note: This could also be a group reference instead of a site reference (in theory)
- Create a Collection of the references and pass that to the AuthzGroupService to get the Set of userIds
- Note: In this case, tool.permission is the permission you registered earlier with the FunctionManager
String currentContext = toolManager.getCurrentPlacement().getContext(); // (1) String siteRef = siteService.siteReference(context); // (2) java.util.List azGroups = new java.util.ArrayList(); // (3) azGroups.add(siteRef); java.util.Set userIds = authzGroupService.getUsersIsAllowed("tool.permission", azGroups);
Getting the list of sites that a user has a specific permission in
- Use the AuthzGroupService to get the set of Ids related to a permission (tool.permission)
- Iterate through the Set of Ids
- Use the EntityManager to convert the authzGroupIds to Reference objects and then test if the type of object is a site
- Get the siteId or context from the Reference or use the SiteService to convert the siteId into a Site object
- Get the groupId from the Reference or use the SiteService to get the Group object
java.util.Set authzGroupIds = authzGroupService.getAuthzGroupsIsAllowed(userId, "tool.permission", null); // (1) java.util.Iterator it = authzGroupIds.iterator(); // (2) while (it.hasNext()) { String authzGroupId = (String) it.next(); Reference r = entityManager.newReference(authzGroupId); // (3) if(r.isKnownType()) { if(r.getType().equals(SiteService.APPLICATION_ID)) { // (4) // do something since this is a site String siteId = r.getId(); String context = r.getId(); try { Site site = siteService.getSite(siteId); } catch (IdUnusedException e) { // invalid site Id returned throw new RuntimeException("Could not get site from siteId:" + siteId); } } else if (r.getType().equals(SiteService.GROUP_SUBTYPE)) { // (5) // do something since this is a site group String groupId = r.getId(); String context = r.getId(); Group group = siteService.findGroup(groupId); if (group != null) { // found a valid group so do something } } } }
Setting the permissions for the !site.template (or any template)
- Note: You have to be careful with this because it will overwrite the current permissions that the user has setup
- Setup a constant for the site template string
- Use the AuthzGroupService to get the AuthzGroup for SITE_TEMPLATE
- Use the AuthzGroupService to check if ag can be updated
- Use the AuthzGroup to set the maintain role to have the permission for the tool and the AuthzGroupService to save the group
- Log warnings and handle exceptions
private final static String SITE_TEMPLATE = "!site.template"; // (1) try { AuthzGroup ag = authzGroupService.getAuthzGroup(SITE_TEMPLATE); // (2) if (authzGroupService.allowUpdate(ag.getId())) { // (3) Role r = ag.getRole(ag.getMaintainRole()); // (4) r.allowFunction("tool.permission"); authzGroupService.save(ag); log.info("Added Permissions to group:" + SITE_TEMPLATE); } else { // (5) log.warn("Cannot update authz group: " + SITE_TEMPLATE); } } catch (GroupNotDefinedException e) { log.error("Could not find group: " + SITE_TEMPLATE + ", default perms will not be assigned"); } catch (AuthzPermissionException e) { log.error("Could not save group: " + SITE_TEMPLATE); }