Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] another use case

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] another use case


Chronological Thread 
  • From: "GW Brown, Information Systems and Computing" <>
  • To: Tom Barton <>, Joy Veronneau <>
  • Cc: , Grouper Users <>
  • Subject: Re: [grouper-dev] another use case
  • Date: Tue, 25 Jul 2006 16:43:19 +0100



--On 25 July 2006 09:03 -0500 Tom Barton
<>
wrote:

I've indicated how you can deploy grouper to meet your need, but I can
imagine it might be difficult to operate this way if there are many
different group managers using restricted groups - there's no guarantee
that they'll all follow the conventions above. Do you think that'll be
your circumstance, and that you'd really need some capability to
"override" the privilege assignments made by those with group management
authority?
If the capability is required, it may be possible to customise the UI to achieve it. One way would be to:

1) Write and configure a Servlet filter, which acts after the LoginCheckFilter, and which replaces the default GrouperSession instance with one for GrouperSystem - assuming some authorisation test is passed i.e. membership of the helpdesk group.

2) Override any 'write' action in Struts-config.xml, with an action which says 'This function is not available'.

This would allow the user to browse any stems/groups. Using the Subject Search tab would allow them to check memberships / privileges for any subject.

The advantage of this approach is that it can be achieved without modifying the UI source. The disadvantage is that links would still be provided for 'write' operations. However, it would only take a little effort to 'enhance' the UI so that it would behave as if the user only had read privilege, but for every group.


Tom



----------------------
GW Brown, Information Systems and Computing




Archive powered by MHonArc 2.6.16.

Top of Page