[
http://jira.dspace.org/jira/browse/DS-109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=10164#action_10164
]
Mark Diggory commented on DS-109:
---------------------------------
The Contexts Special Groups are evaluated in ... line 478 of Group.java
(allMemberGroupIDs)
AuthorizeManager.authorizeAction(Context c, DSpaceObject o, int action)
--> AuthorizeManager.authorize(Context c, DSpaceObject o, int action,
EPerson e)
--> Group.isMember(Context c, int groupid)
--> Group.epersonInGroup(Context c, int groupID, EPerson e)
--> Group.allMemberGroupIDs(Context c, EPerson e)
--> Context.getSpecialGroups();
It should be verified if the groups assigned by the
ShibbolethAuthenticator.getSpecialGroups are properly added to the Context and
visible at that point.
UIUtil.obtainContext(...)
--> AuthenticationManager.getSpecialGroups(..)
--> AuthenticationMethod.getSpecialGroups(..)
They are then added to the Context at line 140. It should be verified that the
apporpate special groups are retieved from the AuthenticationManager and that
they are poperly added to the Context at that point.
Hope this is helpfull, if I had your example configuration (dspace.cfg) and a
way to generate mock Shibboleth headers, I should be able to test this further.
Mark
-->
> Consistent treatment to users in special groups
> -----------------------------------------------
>
> Key: DS-109
> URL: http://jira.dspace.org/jira/browse/DS-109
> Project: DSpace 1.x
> Issue Type: Improvement
> Components: DSpace API
> Affects Versions: 1.5.0, 1.5.1, 1.5.2
> Reporter: Bruc Liong
> Assignee: Andrea Bollini
> Fix For: 1.5.2
>
>
> We populate users into their groups via the use of "special groups" on the
> fly (as part of Shibboleth authN integration into DSpace) and had been
> noticing that the mapped users cannot gain access to their resources despite
> they have the aforementioned groups in the special group.
> Temporary fix for this is to persist the group membership, e.g.
> int[] groupIDs = AuthenticationManager.getSpecialGroups(context,request);
> for(int i=0;i<groupIDs.length;i++){
> Group g = Group.find(context, groupIDs[i]);
> //.....
> g.addMember(eperson);
> g.update();
> }
> This is not ideal, it would be better if the special groups are
> loaded/integrated into Group.isMember(eperson), or Group.isMember(groupid),
> etc calls. These isMember seem to be only honouring explicit users assigned
> in DB. Currently special groups only included in Group.allMemberGroupIDs and
> isMember(context,groupid).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.dspace.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
