{"id":205,"date":"2006-09-08T18:37:41","date_gmt":"2006-09-08T22:37:41","guid":{"rendered":"http:\/\/www.dr-chuck.com\/wordpress\/?p=205"},"modified":"2011-12-17T12:20:44","modified_gmt":"2011-12-17T16:20:44","slug":"how-to-make-an-all-hands-group-in-sakai","status":"publish","type":"post","link":"https:\/\/www.dr-chuck.com\/csev-blog\/2006\/09\/how-to-make-an-all-hands-group-in-sakai\/","title":{"rendered":"How to make an All Hands Group in Sakai"},"content":{"rendered":"

Welcome to the experimental All Hands provider.
\nThe goal of this code is to allow the creation of Sites in Sakai in which
\nall users are automatically added.
\nThe basic idea is to make an external group provider id called “sakai.allhands” and then either produce a GroupProvider that indicates that all users are members of that group or add the code to an existing group provider.
\nIf you have an existing GroupProvider, simply add the following line of code:
\npublic Map getGroupRolesForUser(String userId)
\n{
\nMap rv = new HashMap();
\nrv.put(“sakai.allhands”,”access”); \/\/ Add this line
\nreturn rv;
\n}
\nIf you do not currently ave a GroupProvider, use the AllHandsGroupProvider provided herein.
\nTo enable this group provider, simply edit the file
\ncomponent\/src\/webapp\/WEB-INF\/components.xml
\nAnd add a bean entry as follows. Redeploy your Sakai and Viola!
\n
\n
\n
\n
\n<\/bean>
\n<\/beans>
\nThere are print statements in the code so you can be confident of that is happening. Remove those statements before you go to production.
\nHOW TO USE THIS
\nMake a new site. Either Setup or WorkSite Setup can be used.
\nLog in as Admin. Use the Sites Tool to find the site you just added. Grab the site ID using copy.
\nGo to the realm’s tool and past in the site ID and press “search” you will find the
\nrealm associated with the site.
\nClick on the realm – In the field “Provider Id” Enter “sakai.allhands” (no quotes) and save.
\nNow as people are logged in they get added to this site as “access”. If you change someone to maintain – they keep maintain.
\nWHY THIS WORKS?
\nWhen the user logs in, as part of their login the provider method
\ngetGroupRolesForUser(String userId)
\nThe real question being asked here is “For this user, what is the list of Provider IDs does this person belong to and what roles does that user have for each ID”. We indicate that “for all the sites with sakai.allhands the current user deserves access”. So authzGroups above us does magic SQL to make this so it looks for all of the sites with the provider ID “sakai.allhands” and simply pokes the user into those sites.
\nLook in this file:
\nauthz-impl\/impl\/src\/java\/org\/sakaiproject\/authz\/impl\/DbAuthzGroupService.java
\nLine 1554 to see the fun:
\n\/\/ for each realm that has a provider in the map, and does not have a grant for the user,
\n\/\/ add the active provided grant with the map’s role.
\n\/Chuck
\nSat Sep 9 00:34:37 CEST 2006<\/p>\n


\nUnrelated nerdy bits – ignore – they are just notes regarding an approach that I did not follow through with because the trivial solution presented itself.
\nauthenticateUser() userId=usera
\ngetGroupRolesForUser() user=user1
\ngetUserRolesForGroup() id=null
\ngetUserRolesForGroup() id=null
\ngetGroupRolesForUser() user=admin
\ngetUserRolesForGroup() id=null
\ngetUserRolesForGroup() id=null
\ngetUserRolesForGroup() id=sakai.access
\n— Really this is get the map of users and roles for this group
\ngetGroupRolesForUser() user=admin
\ngetGroupRolesForUser() user=user1
\n^C
\nauthz-impl\/impl\/src\/java\/org\/sakaiproject\/authz\/impl\/DbAuthzGroupService.java
\n\/\/ Simple serialization of the existing grants. A HashMap with each entry a list.
\n\/\/ keyed by user ID
\nMap grantMap = new HashMap();
\nfor (Iterator i = grants.iterator(); i.hasNext();)
\n{
\nUserAndRole uar = (UserAndRole) i.next();
\nList values = new ArrayList();
\nvalues.add(uar.role);
\nvalues.add(new Boolean(uar.active));
\nvalues.add(new Boolean(uar.provided));
\ngrantMap.put(uar.userId,values);
\n}
\nauthz-api\/api\/src\/java\/org\/sakaiproject\/authz\/api\/GroupProvider.java
\n\/**
\n* Access the user id – role name map for all users in the external group.
\n*
\n* @param id
\n* The external group id.
\n* @param grantMap
\n* A hash map keyed by userId. Each entry in the map is a List with three elements
\n* String current role in site
\n* Boolean active
\n* Boolean provided
\n* @return the user id – role name map for all users in the external group (may be empty).
\n*\/
\nMap getUserRolesForGroup(String id, Map grantMap);
\n“authz-impl\/impl\/src\/java\/org\/sakaiproject\/authz\/impl\/BaseAuthzGroupService.java” line 818 of 1448 –56%– col 4-25
\n“authz-impl\/impl\/src\/java\/org\/sakaiproject\/authz\/impl\/DbAuthzGroupService.java” line 1473 of 2069 –71%– col 35-49
\n\/\/ for each realm that has a provider in the map, and does not have a grant for the user,
\n\/\/ add the active provided grant with the map’s role.
\n“authz-impl\/impl\/src\/java\/org\/sakaiproject\/authz\/impl\/DbAuthzGroupService.java” line 1554 of 2069 –75%– col 5-33<\/p>\n","protected":false},"excerpt":{"rendered":"

Welcome to the experimental All Hands provider. The goal of this code is to allow the creation of Sites in Sakai in which all users are automatically added. The basic idea is to make an external group provider id called “sakai.allhands” and then either produce a GroupProvider that indicates that all users are members of […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-205","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/posts\/205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/comments?post=205"}],"version-history":[{"count":1,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/posts\/205\/revisions"}],"predecessor-version":[{"id":2311,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/posts\/205\/revisions\/2311"}],"wp:attachment":[{"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/media?parent=205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/categories?post=205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dr-chuck.com\/csev-blog\/wp-json\/wp\/v2\/tags?post=205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}