Using the AuthzGroup Service

Information

This explains basic usage of the Sakai AuthzGroup Service. This service is used to find out things about Authz (permission) groups and the users who have those permissions.

• Trunk javadocs:
  • AuthzGroupService : http://nightly2.sakaiproject.org/javadoc/org/sakaiproject/authz/api/AuthzGroupService.html
  • AuthzGroup: http://nightly2.sakaiproject.org/javadoc/org/sakaiproject/authz/api/AuthzGroup.html
• Trunk source location: https://source.sakaiproject.org/svn/authz/trunk/

Accessing the AuthzGroupService

• You can use Spring Framework to inject the service or use the cover

1. Using Spring to get the service for your class (e.g. YourAppClass) (recommended)
   1. Add the AuthzGroupService bean to the bean for YourAppClass

      <bean id="org.sakaiproject.yourapp.logic.YourAppClass"
      		class="org.sakaiproject.yourapp.logic.impl.YourAppClassImpl">
      	<property name="authzGroupService"
      		ref="org.sakaiproject.authz.api.AuthzGroupService" />
      </bean>
      

   2. Add a variable and setter to YourAppClass to use the service in like so:

      private AuthzGroupService authzGroupService;
      public void setAuthzGroupService(AuthzGroupService authzGroupService) {
      	this.authzGroupService = authzGroupService;
      }
      

2. Using the cover to get the service
   • Note: This is not the recommended method, you should be using Spring to inject the service
   1. Setup a variable to hold the instance from the cover

      private AuthzGroupService authzGroupService;
      

   2. Get access to the service using the cover

      authzGroupService = org.sakaiproject.authz.cover.AuthzGroupService.getInstance();
      

Getting the users associated with a site which have a specific permission

• Use this to tie data to a specific use of a tool in an area (probably a site or a section)

1. Use the ToolManager service to get the current context

   String currentContext = toolManager.getCurrentPlacement().getContext();
   

   • Note: You could also retrieve the context in other ways, this is just the common one
2. Use the SiteService to get the site reference from the context

   String siteRef = siteService.siteReference(context);
   

   • Note: This could also be a group reference instead of a site reference (in theory)
3. Create a Collection of the references and pass that to the AuthzGroupService to get the Set of userIds

   java.util.List azGroups = new java.util.ArrayList();
   azGroups.add(siteRef);
   java.util.Set userIds = authzGroupService.getUsersIsAllowed("tool.permission", azGroups);
   

   • Note: In this case, tool.permission is the permission you registered earlier with the FunctionManager

Getting the list of sites that a user has a specific permission in

1. Use the AuthzGroupService to get the set of ids related to a permission (tool.permission), then iterate through the Set

   java.util.Set authzGroupIds = authzGroupService.getAuthzGroupsIsAllowed(userId, "tool.permission", null);
   java.util.Iterator it = authzGroupIds.iterator();
   while (it.hasNext()) {
   	String authzGroupId = (String) it.next();
   

2. Use the EntityManager to convert the authzGroupIds to Reference objects and then test if the type of object is a site

   	Reference r = entityManager.newReference(authzGroupId);
   	if(r.isKnownType()) {
   		if(r.getType().equals(SiteService.SITE_SUBTYPE)) {
   			// do something since this is a site
   

3. Get the siteId or context from the Reference or use the SiteService to convert the siteId into a Site object

   			String siteId = r.getId();
   			String context = r.getId();
   			try {
   				Site site = siteService.getSite(siteId);
   			} catch (IdUnusedException e) {
   				// invalid site Id returned
   				throw new RuntimeException("Could not get site from siteId:" + siteId);
   			}
   

4. Get the groupId from the Reference or use the SiteService to get the Group object

   		} else if (r.getType().equals(SiteService.GROUP_SUBTYPE)) {
   			// do something since this is a site group
   			String groupId = r.getId();
   			String context = r.getId();
   			Group group = siteService.findGroup(groupId);
   			if (group != null) {
   				// found a valid group so do something
   			}
   		}
   	}
   }
   

• Note: The Group is a subgroup within a Site

Setting the permissions for the !site.template (or any template)

• Note: You have to be careful with this because it will overwrite the current permissions that the user has setup

1. Setup a constant for the site template string

   private final static String SITE_TEMPLATE = "!site.template";
   

2. Use the AuthzGroupService to get the AuthzGroup for SITE_TEMPLATE

   try {
   	AuthzGroup ag = authzGroupService.getAuthzGroup(SITE_TEMPLATE);
   

3. Use the AuthzGroupService to check if ag can be updated

   	if (authzGroupService.allowUpdate(ag.getId())) {
   

4. Use the AuthzGroup to set the maintain role to have the permission for the tool and the AuthzGroupService to save the group

   		Role r = ag.getRole(ag.getMaintainRole());
   		r.allowFunction("tool.permission");
   		authzGroupService.save(ag);
   		log.info("Added Permissions to group:" + SITE_TEMPLATE);
   

5. Log warnings and handle exceptions

   	} else {
   		log.warn("Cannot update authz group: " + SITE_TEMPLATE);
   	}
   } catch (GroupNotDefinedException e) {
   	log.error("Could not find group: " + SITE_TEMPLATE + ", default perms will not be assigned");
   } catch (AuthzPermissionException e) {
   	log.error("Could not save group: " + SITE_TEMPLATE);
   }