Welcome to the experimental All Hands provider.
The goal of this code is to allow the creation of Sites in Sakai in which
all users are automatically added.
The basic idea is to make an external group provider id called “sakai.allhands” and then either produce a GroupProvider that indicates that all users are members of that group or add the code to an existing group provider.
If you have an existing GroupProvider, simply add the following line of code:
public Map getGroupRolesForUser(String userId)
{
Map rv = new HashMap();
rv.put(“sakai.allhands”,”access”); // Add this line
return rv;
}
If you do not currently ave a GroupProvider, use the AllHandsGroupProvider provided herein.
To enable this group provider, simply edit the file
component/src/webapp/WEB-INF/components.xml
And add a bean entry as follows. Redeploy your Sakai and Viola!






There are print statements in the code so you can be confident of that is happening. Remove those statements before you go to production.
HOW TO USE THIS
Make a new site. Either Setup or WorkSite Setup can be used.
Log in as Admin. Use the Sites Tool to find the site you just added. Grab the site ID using copy.
Go to the realm’s tool and past in the site ID and press “search” you will find the
realm associated with the site.
Click on the realm – In the field “Provider Id” Enter “sakai.allhands” (no quotes) and save.
Now as people are logged in they get added to this site as “access”. If you change someone to maintain – they keep maintain.
WHY THIS WORKS?
When the user logs in, as part of their login the provider method
getGroupRolesForUser(String userId)
The real question being asked here is “For this user, what is the list of Provider IDs does this person belong to and what roles does that user have for each ID”. We indicate that “for all the sites with sakai.allhands the current user deserves access”. So authzGroups above us does magic SQL to make this so it looks for all of the sites with the provider ID “sakai.allhands” and simply pokes the user into those sites.
Look in this file:
authz-impl/impl/src/java/org/sakaiproject/authz/impl/DbAuthzGroupService.java
Line 1554 to see the fun:
// for each realm that has a provider in the map, and does not have a grant for the user,
// add the active provided grant with the map’s role.
/Chuck
Sat Sep 9 00:34:37 CEST 2006

Unrelated nerdy bits – ignore – they are just notes regarding an approach that I did not follow through with because the trivial solution presented itself.
authenticateUser() userId=usera
getGroupRolesForUser() user=user1
getUserRolesForGroup() id=null
getUserRolesForGroup() id=null
getGroupRolesForUser() user=admin
getUserRolesForGroup() id=null
getUserRolesForGroup() id=null
getUserRolesForGroup() id=sakai.access
— Really this is get the map of users and roles for this group
getGroupRolesForUser() user=admin
getGroupRolesForUser() user=user1
^C
authz-impl/impl/src/java/org/sakaiproject/authz/impl/DbAuthzGroupService.java
// Simple serialization of the existing grants. A HashMap with each entry a list.
// keyed by user ID
Map grantMap = new HashMap();
for (Iterator i = grants.iterator(); i.hasNext();)
{
UserAndRole uar = (UserAndRole) i.next();
List values = new ArrayList();
values.add(uar.role);
values.add(new Boolean(uar.active));
values.add(new Boolean(uar.provided));
grantMap.put(uar.userId,values);
}
authz-api/api/src/java/org/sakaiproject/authz/api/GroupProvider.java
/**
* Access the user id – role name map for all users in the external group.
*
* @param id
* The external group id.
* @param grantMap
* A hash map keyed by userId. Each entry in the map is a List with three elements
* String current role in site
* Boolean active
* Boolean provided
* @return the user id – role name map for all users in the external group (may be empty).
*/
Map getUserRolesForGroup(String id, Map grantMap);
“authz-impl/impl/src/java/org/sakaiproject/authz/impl/BaseAuthzGroupService.java” line 818 of 1448 –56%– col 4-25
“authz-impl/impl/src/java/org/sakaiproject/authz/impl/DbAuthzGroupService.java” line 1473 of 2069 –71%– col 35-49
// for each realm that has a provider in the map, and does not have a grant for the user,
// add the active provided grant with the map’s role.
“authz-impl/impl/src/java/org/sakaiproject/authz/impl/DbAuthzGroupService.java” line 1554 of 2069 –75%– col 5-33