[SAK-13205] Permissions for CIG Participant are empty for 2.5 upgrade Created: 13-Mar-2008  Updated: 13-Jul-2016  Resolved: 20-Mar-2008

Status: CLOSED
Project: Sakai
Component/s: OSP: Portfolios, OSP: Wizards - General, OSP: Wizards - Hierarchy, OSP: Wizards - Matrix, OSP: Wizards - Sequential
Affects Version/s: 2.5.0
Fix Version/s: 2.5.2, 2.6.0

Type: Bug Priority: Critical
Reporter: Lynn E. Ward Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Win XP, IE 7.x, Sakai QA Network qa2-osp (svn tags/sakai_2-5-0_RC_03_GMT) using Oracle


Issue Links:
Relate
is related to SAK-10672 osp perms need default settings CLOSED
is related to SAK-12016 Coordinator permissions for Resources... CLOSED
is related to SAK-13333 OSP Permissions upgrade displays nume... CLOSED
is related to SAK-9782 change osp tools to use sakai authz CLOSED

 Description   

I just created a new account and a new portfolio site on QA2. No permissions are checked for the CIg participant in the matrices, wizards, and portfolio tools.

Note that the QA2 database is created from a 2.4 snapshot, which is then upgraded to 2.5 using conversion scripts. The problem appears to be with upgrade. New sites in an upgrade sakai instance have incorrect/incomplete osp permissions, while existing sites have no permissions at all for many osp tools.



 Comments   
Comment by Beth Kirschner [ 19-Mar-2008 ]

Current permissions defaults for new 2.5 worksites:

Role: CIG Coordinator
Wizard: publish delete, create, edit, review, evaluate, view, export
Portfolio: delete, comment, create
Matrix: create, edit, delete, publish, export, review, evaluate
Styles: global publish, publish, delete, create, edit, suggest global publish
Portfolio Layouts: publish, delete, create, edit, suggest global publish
Portfolio Templates: copy, publish, delete, create, edit, export
Glossary: delete, add, edit, export
Evaluations: evaluate, view owner
Reports: create, run, view, edit, delete, share
Forms: create, edit, delete, publiish, suggest.global.publish

Role: CIG Participant
Wizard: view
Portfolio: create, comment
Matrix: use
Styles: create
[? does this make sense? Evaluator & Reviewer cannot]
Portfolio Layouts: delete, create, edit
[? does this make sense? Evaluator & Reviewer cannot]
Portfolio Templates:
Glossary:
Evaluations:
Reports:
Forms:

Role: Evaluator
Wizard: evaluate, view
Portfolio: comment
Matrix: evaluate
Styles:
Portfolio Layouts:
Portfolio Templates:
Glossary:
Evaluations: evaluate, view owner
Reports: run, view
Forms:

Role: Reviewer
Wizard: publish delete, create, edit, review, evaluate, view, export
Portfolio: delete, comment, create
Matrix: use, create, edit, delete, publish, export, review, evaluate
Styles:
Portfolio Layouts:
Portfolio Templates:
Glossary:
Evaluations:
Reports: run, view
Forms:

Role: Program Admin
[ same as CIG Coordinator ]

Role: Program Coordinator
[ same as CIG Coordinator ]

Role: Instructor
[ same as CIG Coordinator ]

Role: Teaching Assistant
Wizard: view
Portfolio: comment, create
Matrix: use
Styles: create
Portfolio Layouts: delete, create, edit
Portfolio Templates:
Glossary:
Evaluations:
Reports: run, view, share
Forms:

Role: Student
[ same as CIG Partipant ]

Role: access
[ same as CIG Partipant ]

Role: maintain
[ same as CIG Coordinator ]

Role: admin
[ same as CIG Coordinator ]

Comment by Beth Kirschner [ 20-Mar-2008 ]

There were a couple problems found: (1) default permissions were not correctly set in an upgrade; (2) older 2.4 permissions were not upgraded to 2.5.

Fix:
(1) modified upgrade script to correctly set default osp permissions
(2) change code to look for old 2.4 permissions by default. This is benign if there is no upgrade, and can be disabled in sakai.properties by setting osp.upgrade25=false (though this is not recommended prior to upgrading to 2.5 for the first time).

    • This fix is highly recommended for all OSP installations **

Please merge into 2.5.x

Comment by David Horwitz [ 27-Mar-2008 ]

merged into 2-5-x with r43716.

Comment by Kevin Chan [ 31-Mar-2008 ]

As a non-OSP user for our Sakai 2.4, I just tried a 2.5.x upgrade deployment and ran into the warnings from updates related to this JIRA:

[This was first brought up by Stephen Marquard on sakai-dev:
http://www.nabble.com/Odd-2-5-x-metaobj---osp-errors-on-startup-td16358147.html]

WARN: Unable to find user: /site/c8f56c54-23ed-4f87-00c1-6f5d1463cb5e/Student org.sakaiproject.exception.IdUnusedException id=/site/c8f56c54-23ed-4f87-00c1-6f5d1463cb5e (2008-03-28 19:04:28,688 main_org.sakaiproject.metaobj.security.impl.sakai.AgentManager)
WARN: Unable to find user: /site/fec90b08-e254-46c1-8003-3ab9045abc03/Student org.sakaiproject.exception.IdUnusedException id=/site/fec90b08-e254-46c1-8003-3ab9045abc03 (2008-03-28 19:04:28,779 main_org.sakaiproject.metaobj.security.impl.sakai.AgentManager)
WARN: Unable to find user: /site/837b2be9-09dd-4302-80c7-ee7cc6772aab/Instructor (2008-03-28 19:04:29,189

Though warnings are generally benign, for some reason, these warnings prevented my Sakai 2.5.x instance from deploying. I had to turn it off in sakai.properties (via osp.upgrade25=false) before the deployment was successful.

So if there is some time, can someone make sure that this upgrade script plays nicely for those installations that did not use OSP prior to Sakai 2.5?

Comment by Megan May [ 03-Oct-2008 ]

These fixes have been included in an official foundation release so I am marking them as closed and unassigning them from the Sakai QA account

Generated at Wed Sep 18 03:03:58 CDT 2019 using Jira 8.0.3#800011-sha1:073e8b433c2c0e389c609c14a045ffa7abaca10d.