Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-17713

Evaluation Tool: If User has a wizard to eval from a different site and was selected by role as evaluator, the eval tool will crash when viewing from a different site

    Details

    • Type: Bug
    • Status: CLOSED
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.7.x
    • Fix Version/s: 2.7.0, 2.8.0
    • Component/s: OSP: Wizards - General
    • Labels:
      None

      Description

      Setup:
      -create 2 users: 1 evaluator and 1 participant
      -Create 2 eport sites w/the eval tool and wizards.
      -Create a wizard in the first site. For the wizard, select the evaluator role (not id) as an evaluator
      -Create wizard page (this isn't important, just allows the wizard to work)
      -Publish Wizard
      -As participant, submit wizard for evaluation (important: submit entire wizard, not wizard page)
      -As evaluator: go to the other eport site and go to the eval tool. Then select view all evals from all sites
      -Crash

      This only happens in non-myWorksite pages when trying to view wizards from a different site. What is happening is the permission to view that wizard is denied because it only looks for permission for the current site and the role in that site. Not for the site the wizard is in.

      After inspecting what is causing this, I found a few areas that could fix it:

      1)
      WorksiteAwareAuthorizationFacade.java at getAgentRoles(Agent agent)

      This function only returns all roles for every site if the user is in MyWorkspace. The issue is the user is in a portfolio site, but that site isn't the portfolio site the wizard is contained in.

      2)
      WizardManagerImpl.java at getEvaluatableWizards(Agent agent, List<Agent> roles, List<String> worksiteIds, HashMap siteHash)

      at Wizard wizard = getWizard( evalItem.getId() );

      If you call getWizard( evalItem.getId(), WIZARD_NO_CHECK), then the permission check gets bypassed and the tool works.

        Gliffy Diagrams

          Zeplin

            Attachments

              Activity

                People

                Assignee:
                chmaurer@iupui.edu Chris Maurer
                Reporter:
                bahollad@indiana.edu Bryan Holladay (old account) (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Git Integration