Child pages
  • Delegated Access Tool
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 26 Next »

Delegated Access and Shopping Period Tools

Index

About

The delegated access tool controls both delegating access to users outside of the site membership realm as well as setting up and controlling site shopping period information.  To make it easier to describe, I will break the description into two tools: “Delegated Access Tool” and “Shopping Period Tool”.

Delegated Access Tool:

The delegated access tool has four primary functionalities:  
1)  Provide a friendly interface for administrators to delegated user access to specific sites or department levels.
2)  Provide a friendly interface for administrators to delegated shopping period admin privileges for users at the site or departments level.
3)  Provide a friendly interface for delegated users to view, search and access their delegated sites.
4)  Provide a friendly interface for delegated shopping period admins to adjust shopping period data within their scope of privileges.

The delegated access tool allows administrators to search for users and delegate site, role, and shopping period admin access.  It also allows you to select specific tools the user should not have access to.

The easiest way to think of how the tool works is liking it to the Role Swap feature in Sakai. Instead of just swapping the role, you can specify the realm and role the user will receive for that particular site or node in the hierarchy.  All child nodes will inherit the parent settings unless overridden.

Shopping Period Tool:

The shopping period tool is just a special use case of the Delegated Access Tool from the perspective of shopping consumer.  In another words, we treat the .anon or .auth role as a delegated user which we can determine what role they will inherit when they enter a site.  There are two user cases that the shopping period section handles:

User Case Administrator:

When a user who has been granted shopping period administrative privileges goes into the delegated access tool, they will see a link for “Shopping Period Admin”.  Here they can modify what role a .anon or .auth user will inherit when they enter.  They can also choose which tools are restricted as well as the open and close date for the shopping period for that site or department.

User Case Shopper:

When a user who wants to shop for a particular site goes to the Shopping Period tool, they will see a node structure and a search box to look for a particular site they want to test out.  This tool, for example, can be added to Sakai’s !Gateway site so unauthorized users can view it.  When the user finds the site they want, they just click the link and go to the site.

back to index

Screen Shots

Delegated Access Landing Page
This page will show which sites you’ve been granted access to.  You can search your sites or click the title in the node tree.

User Search Page
This page allows Sakai Administrators to search for user’s to grant privileges to.

Edit User Privileges Page
This page is where you set a user’s access and shopping admin privileges.

Shopping Period Settings Page
This is the page where a shopping period administrator can edit the shopping period information for their sites or departments.

back to index

Building

Source Location and Patches

Apply all patches and deploy/build all code below:

Delegated Access Code:https://source.sakaiproject.org/contrib//delegatedaccess/trunk/
Hierarchy Toolhttps://source.sakaiproject.org/contrib/caret/hierarchy/tags/hierarchy-1.2.6/
Site Manage Patch:https://source.sakaiproject.org/contrib//delegatedaccess/trunk/delegatedaccess_site-manage.patch
Kernel Patch:https://source.sakaiproject.org/contrib//delegatedaccess/trunk/delegatedaccess_kernel.patch
Portal Patch:https://source.sakaiproject.org/contrib//delegatedaccess/trunk/delegatedaccess_portal.patch

back to index

Sakai.Properties:

delegatedaccess.hierarchy.site.properties
This property allows you to overwrite the default site hierarchy properties expected in a Site.
Example:
delegatedaccess.hierarchy.site.properties.count=3
delegatedaccess.hierarchy.site.properties.1=School
delegatedaccess.hierarchy.site.properties.2=Department
delegatedaccess.hierarchy.site.properties.3=Subject

delegatedaccess.toolslist
This property allows you to specify a list of tools you want to be able to select in the “Restrict Tools” list.  Each tool is specified individually.
Example:
delegatedaccess.toolslist.count=4
delegatedaccess.toolslist.1=sakai.gradebook.tool
delegatedaccess.toolslist.2=sakai.resources
delegatedaccess.toolslist.3=sakai.samigo
delegatedaccess.toolslist.4=sakai.announcements

delegatedaccess.toolslist.sitetype
This property allows you to choose a site type which the “Restrict Tools” list will be populated from.
Example:
delegatedaccess.toolslist.sitetype=course

back to index

Using the Tool

Adding the Tool

There are two tools for delegated access:

sakai.delegatedaccess              
sakai.delegatedaccess.shopping

The “sakai.delegatedaccess” tool is set so anyone can add it to their MyWorkspace.  This isn’t a security issue since only Sakai Administrators have the ability to delegate site access and shopping period administration privileges.  If a user doesn’t have any privileges, it will just say they have no access.  You will want to add this to the Administration Workspace site.

The “sakai.delegatedaccess.shopping” tool is just a read only view of the Shopping period sites that are actively ready to be accessed.  This should be added somewhere where .anon user’s can access it.  One suggestion would be the !Gateway page.

back to index

Create a Site Hierarchy

The default hierarchy is based on a site's property values (in order):
School
Department
Subject

You can overwrite the hierarchy structure in sakai.properties with:

delegatedaccess.hierarchy.site.properties
ex:
delegatedaccess.hierarchy.site.properties.count=4
delegatedaccess.hierarchy.site.properties.1=Top
delegatedaccess.hierarchy.site.properties.2=Middle
delegatedaccess.hierarchy.site.properties.3=Middle2
delegatedaccess.hierarchy.site.properties.4=Bottom

Once you have set up your hierarchy properties, you will need to add these properties to your sites. This should be done during your site integration job.

back to index

Site Hierarchy Quartz Job

The name of the quartz job is: Delegated Access Site Hierarchy Job

This is the default quartz job to populate/update(add/remove) the Delegated Access site hierarchy. It searches through all sites in Sakai and looks for structure properties tied to the site. You can run it as many times as you want. The best bet would be to set up a quartz trigger to go off after every time your site integration runs.  This job will add/move/remove site’s within the hierarchy.

back to index

Shopping Period Quartz Job

The name of this quartz job is: Delegated Access Shopping period Job

This is the job that will populate the shopping period access tree.  It should be ran every morning (sometime after midnight).  This is used to open and close the shopping period for sites based on their open and close dates.

back to index

Sakai Administrator User Use Case

Go to the tool and click "Search Users" and find a user you want to delegate access for. Click their name.

The edit user page allows you to assign delegated access as well as shopping period admin permissions for this user.

For the "Shopping Admin" column, you can select the checkbox next to the level/site you want this user to have control over setting shopping period settings for. The nodes and children of the nodes you select for "Shopping Admin" will show up for the user in the "Shopping Period" link.

For the "Site Access" column, you can select which level/site you want the user to have access to. When you choose "Site Access", you must fill out what role the user will become when they visit that site or a site that under that level. You also have the ability to choose which tools are restricted for this user by clicking the "Restrict Tools" link. All child nodes will inherit their parents settings unless you have specifically overridden them. The nodes and children of the nodes you select for "Site Access" will show up for the user in the "Delegated Access" link. When you are done, click save or click cancel to undo all changes.      

back to index

Delegated Access User Use Case

By default the tool can be added to a user's My Workspace. Since only administrators can delegate access, a regular user won't be able to modify anything.  If the user doesn't have any access delegated to them, they will see a message saying so. Otherwise, you will see a node structure in which you can navigate and click on the sites you've been granted access to. Since this tool populates the delegated access information during login, a user could also use direct links to a delegated site.

back to index

Delegated Shopping Admin User Use Case

For a user who has been granted shopping admin privileges, they will be able to click the “Shopping Period” link on the top.

This page allows you to set the shopping period settings for the sites you've been granted permission to update. To set the shopping period settings, you can select the checkbox next to the level/site that you want to set. Note, you will only see a checkbox next to a node you have permission to modify. First, when you select a node, you must set the "Authorization" setting. The two options are ".anon" and ".auth". ".anon" is for anonymous users who do not need to log in to shop in this site. ".auth" is for users who must log in first in order to shop in this site. Next, you need to choose the role the user will become when they are shopping. Finally, you need to set the dates during which the shopping period will be open. You also have the ability to choose which tools are restricted for shoppers by clicking the "Restrict Tools" link and selecting the tools you want to restrict. All child nodes will inherit their parents settings unless you have specifically overridden them. When you are done, click save or click cancel to undo all changes.      

back to index

Shopping User Use Case

The shopping user is a person who is interested in trying a site that has been set up for shopping.  This user will go to shopping period tool (more than likely in the !Gateway page).  Here they will be able to see all their options in a node architecture and they will be able to search for sites by ID or Title.  When they have found the site they want to shop for, they will click the link for that site and inherit the privileges for that shopping period.

back to index

Architecture

Basic Tree Structure

This is the tree structure for both the Shopping Period Tree and Delegated Access Tree.

back to index

Delegated Access Tree Node

This is the basic tree node structure for every node in the Delegated Access tree.  The shopping period tree node is just 3 properties: Node Id, Site Id, Site Reference.

back to index

Site Hierarchy and Shopping Period Jobs

back to index

  • No labels