Skip to end of metadata
Go to start of metadata

Sakai Become User Tool Customisation

This is working in 2.4, we are upgrading this to 2.6, thanks to Jon Higham for this. This is now upgraded for 2.6 rc06, see the patch file.The Become User tool allows a user to login as someone else. This would be useful for Support & Helpdesk staff, but by default is only available to Admin. Have altered this so that any user of type Support or Registered and user will also have to be a member of the Support Staff site. Also, a non-administrator cannot become an administrator through this. All use and attempted use is logged in catalina.out.

Code Changes:

in $SRC/tool/tool-tool/su/src/java/org/sakaiproject/tool/su/SuTool.java:

//jh
import org.sakaiproject.site.api.Site;
import org.sakaiproject.site.cover.SiteService;
import org.sakaiproject.exception.IdUnusedException;
import java.util.List;
import java.util.ArrayList;
public String su()
{
Session sakaiSession = M_session.getCurrentSession();
FacesContext fc = FacesContext.getCurrentInstance();
userinfo = null;
message = "";

//jh check non-admin is trying to become an admin
if (\!M_security.isSuperUser()) {
M_log.info("\[SuTool\] " + M_uds.getCurrentUser().getEid() + " is NOT admin AND trying to become another user");

SiteService M_ss = null;
Site adminSite = null;

try {
adminSite = SiteService.getSite("\!admin");
}
catch(IdUnusedException e){
M_log.warn("ServiceBean: no site found with id: " + "\!admin");
return "error";
}
List<String> userIds = new ArrayList<String>();
userIds.addAll(adminSite.getUsers());
try {
User userToBecome = M_uds.getUserByEid(username.trim());

if (userIds.contains( userToBecome.getId()) ) {
M_log.info("\[SuTool\] " + M_uds.getCurrentUser().getEid() + " is NOT admin AND trying to become admin user: " + userToBecome.getEid() );
return "unauthorized";
}
}
catch (UserNotDefinedException e) {
M_log.warn("\[SuTool\] Exception: " + "username" + username.trim() + " not found");
}
}
//jh end of check non-admin is trying to become an admin

if (\!getAllowed())
{
confirm = false;
return "unauthorized";
public boolean getAllowed()
{
Session sakaiSession = M_session.getCurrentSession();
FacesContext fc = FacesContext.getCurrentInstance();

//jh subadmin - check if current user is admin or of type support or of type registered
String currentUserType = null;
currentUserType = M_uds.getCurrentUser().getType();

if (\!M_security.isSuperUser() && \!("support".equalsIgnoreCase(currentUserType)) && \!("registered".equalsIgnoreCase(currentUserType)) ){
message = msgs.getString("unauthorized") + " " + sakaiSession.getUserId();
M_log.info("\[SuTool\] " + M_uds.getCurrentUser().getEid() + " is NOT admin or support or registered AND trying to become another user");
M_log.error("\[SuTool\] Fatal Error: " + message);
fc.addMessage("allowed", new FacesMessage(FacesMessage.SEVERITY_FATAL, message, message));
allowed = false;
}
else
{
allowed = true;
}
return allowed;
}
  • No labels