Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-33228

Only allow subadmins to assign permissions at their permission level or lower

    XMLWordPrintable

    Details

    • Type: Feature Request
    • Status: RESOLVED
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.9.4 [Tentative]
    • Component/s: DelegatedAccess
    • Labels:
      None
    • Previous Issue Keys:
      DAC-36

      Description

      ex: A subadmin who was given "TA" access shouldn't be able to assign someone "Instructor" access. They should only be able to assign "TA" and "Student" access to other users.

      Sakai Property: delegatedaccess.subadmin.realmrole

      Create a list of "realm:role;realm:role;" from highest to lowest level of access.
      For instance, if you wanted to order the importance of roles
      of sakai's default permissions, it would look like:

      delegatedaccess.subadmin.realmrole.order.count=3
      delegatedaccess.subadmin.realmrole.order.1=!site.template.course:Instructor;!site.template:maintain;
      delegatedaccess.subadmin.realmrole.order.2=!site.template.course:Teaching Assistant
      delegatedaccess.subadmin.realmrole.order.3=!site.template.course:Student;!site.template:access;

      This will only allow subadmin to assign permissions at their level and below.
      Any realm/role that isn't in that list will be considered the last level on the bottom.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                baholladay Bryan Holladay
                Reporter:
                baholladay Bryan Holladay
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Git Source Code