Sakai
 » 
Sakai - Development (2)

running tool under different userId than current user

View: New views
2 Messages — Rating Filter:   Alert me  

running tool under different userId than current user

by Juan Velasquez :: Rate this Message:

Reply (Restricted by the Administrator) | Reply to Author | View Threaded | Show Only this Message

Aloha,
I've got a new tool,  called  UrlFiltering,  it's purpose is
to track whitelisted URLs that a 'firewall/proxy server' will allow
students to access.
There's alot of content in our site's Melete Modules,  the teachers want
to be able to have my UrlFiltering tool search through the Modules
content automatically.
So I've got it working for Admin just fine.  My code uses the Melete api
to get and then scan through it's content for URLs.
But even though teachers have all the Melete permissions, it's api still
doesn't let them access the content.   I suppose I'm not using melete's
api the same way it does.
But after hours of looking at their code and trying to use the api the
same way,  I don't see a way without changing their code.

Any way to just have my tool "su" to admin for 1 routine,  so that I can
get the melete content,  then return to the original user permissions?
My tool code is simple,  if anyone wants to see it,  it's available upon
request until I put it on svn (i use cvs right now).



thanks in advance,
Juan.


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

----------------------
This automatic notification message was sent by Sakai Collab (https://collab.sakaiproject.org/portal) from the DG: Development (a.k.a. sakai-dev) site.
You can modify how you receive notifications at My Workspace > Preferences.


Re: running tool under different userId than current user

by csev :: Rate this Message:

Reply (Restricted by the Administrator) | Reply to Author | View Threaded | Show Only this Message

Juan,

The trick for this is to use the SecurityAdvisor.  The SecurityAdvisor  
allows a tool to assert that it has done the necessary security checks  
and the rest of the checks for this thread in this request can bypass  
checks.   Changing the user back and forth is a little more dangerous  
as you might leave a sesssion it in the wrong state by some weird  
chain of events.  The Secuirty Advisor is nice and clean and goes away  
when the thread finishes the request.

/Chuck

On Mar 20, 2008, at 10:29 PM, Juan Velasquez wrote:

> Aloha,
> I've got a new tool,  called  UrlFiltering,  it's purpose is to  
> track whitelisted URLs that a 'firewall/proxy server' will allow  
> students to access.
> There's alot of content in our site's Melete Modules,  the teachers  
> want to be able to have my UrlFiltering tool search through the  
> Modules content automatically.
> So I've got it working for Admin just fine.  My code uses the Melete  
> api to get and then scan through it's content for URLs.
> But even though teachers have all the Melete permissions, it's api  
> still doesn't let them access the content.   I suppose I'm not using  
> melete's api the same way it does.
> But after hours of looking at their code and trying to use the api  
> the same way,  I don't see a way without changing their code.
>
> Any way to just have my tool "su" to admin for 1 routine,  so that I  
> can get the melete content,  then return to the original user  
> permissions?
> My tool code is simple,  if anyone wants to see it,  it's available  
> upon request until I put it on svn (i use cvs right now).
>
>
>
> thanks in advance,
> Juan.
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ----------------------
> This automatic notification message was sent by Sakai Collab (https://collab.sakaiproject.org/portal 
> ) from the DG: Development (a.k.a. sakai-dev) site.
> You can modify how you receive notifications at My Workspace >  
> Preferences.
>
>
>

----------------------
This automatic notification message was sent by Sakai Collab (https://collab.sakaiproject.org/portal) from the DG: Development (a.k.a. sakai-dev) site.
You can modify how you receive notifications at My Workspace > Preferences.

Free embeddable forum powered by Nabble Forum Help