Intro Sakai Auth Permissions Aaron Zeckoski

Intro Sakai Auth Permissions • Aaron Zeckoski • [email protected] com Sakai Montreal CRIM Workshop Creative Commons Attribution. Non. Commercial-Share. Alike 2. 5 License Sakai Programmer's Café

Sakai authorization • Handled via a set of permissions which are tied to roles in sites typically – Examples • site. add - Can add a new site • annc. delete. any - Can remove any announcement • Roles are like positions in a group – Instructor – Maintain – Student 2

Sites and contexts • In Sakai, a user group is called a site – Courses, project sites, groups • However, there is a generic idea of a context which indicates the location of the user currently – This is what we will check against when checking permissions • Each context has a reference which is what we will use for perm checks String site. Ref = site. Service. site. Reference(site. Id); 3

Creating new permissions public final static String ITEM_WRITE_ANY = ”myappitem. write. any"; function. Manager. register. Function(ITEM_WRITE_ANY); • Register new permissions using the Sakai Function. Manager – Call to register. Function – Often done in the init method of a bean in the logic layer (recommended) • Registered permissions will appear in the list perms in the Realms admin tool in Sakai URL: http: //bugs. sakaiproject. org/confluence/display/BOOT/Using+the+Function. Manager+Service 4

Checking a permission security. Service. unlock(user. Id, ITEM_WRITE_ANY, sakai. Ref) • The Sakai Security. Service is used to do permission checks – user. Id - The internal Sakai user identifier • Not the username (eid) – Perm - The registered permission • Using the Function. Manager – sakai. Ref - The entity reference • Probably a site reference • Not the entity. Id, site. Id, or group. Id • Returns a boolean true if user has the permission in the reference URL: http: //bugs. sakaiproject. org/confluence/display/BOOT/Using+the+Security. Service 5

Checking for super admin security. Service. is. Super. User(user. Id) • Check if the user is a super admin in the current Sakai instance – user. Id is the internal Sakai user id • Not the username • Returns true if the user is a super admin URL: http: //bugs. sakaiproject. org/confluence/display/BOOT/Using+the+Security. Service 6

Setting permissions • Use the Realms tool in the administration workspace to set permissions for roles – Must be a super admin 7

Setting permissions (contd) • Search for the site (by id) or modify the !site. template – Modifying the site template only affects sites created after the modification 8

Setting permissions (contd) • Select the role you want to modify – Maintain - a site maintainer (like instructor) – Access - a site user (like student) 9

Setting permissions (contd) • Check boxes to add permissions for this role or uncheck to remove them – Done and Save both save the changes 10

Sakai Entities • Permissions are associated with entities in Sakai – Entities include sites, users, announcements, etc. • When we are checking a permission related to a reference it is actually an entity reference – This can be confusing so it is best to think of it as related to sites and contexts at first 11

Questions? • More information in the Sakai Collab whitepapers in the DG: Development site 12