Grouper Users - Open Discussion List

["GW Brown, Information Systems and Computing" <>]

--On 25 July 2006 09:03 -0500 Tom Barton 
<>
 wrote:

> I've indicated how you can deploy grouper to meet your need, but I can
> imagine it might be difficult to operate this way if there are many
> different group managers using restricted groups - there's no guarantee
> that they'll all follow the conventions above. Do you think that'll be
> your circumstance, and that you'd really need some capability to
> "override" the privilege assignments made by those with group management
> authority?
If the capability is required, it may be possible to customise the UI to 
achieve it. One way would be to:

1) Write and configure a Servlet filter, which acts after the 
LoginCheckFilter, and which replaces the default GrouperSession instance 
with one for GrouperSystem - assuming some authorisation test is passed 
i.e. membership of the helpdesk group.

2) Override any 'write' action in Struts-config.xml, with an action which 
says 'This function is not available'.

This would allow the user to browse any stems/groups. Using the Subject 
Search tab would allow them to check memberships / privileges for any 
subject.

The advantage of this approach is that it can be achieved without modifying 
the UI source. The disadvantage is that links would still be provided for 
'write' operations. However, it would only take a little effort to 
'enhance' the UI so that it would behave as if the user only had read 
privilege, but for every group.

> Tom



----------------------
GW Brown, Information Systems and Computing