|   
  JA-SIG
Home  About uPortal  Documentation 
Getting Started 
Developers  Implementors  Users 
Background  Release  
 |   
 Prerequisites: You should be able to edit groups with the Groups Manager channel and know how
to publish a channel using the Channel
Manager channel.This tutorial assumes a base distribution, like the
Quick-start, of uPortal version 2.2 or greater.  However, it should
work with a locally configured instance of uPortal if you substitute
the names of your own users for the sample names.  The
instructions assume Windows, but the Mac and Unix substitutions are
pretty obvious. 
 
         Create a directory called C:\temp\myGroups\org.jasig.portal.security.IPerson.In this directory, using a text editor like Notepad, create a new file
named
 Special_Developers(notSpecial_Developers.txt). Add
the following 2 lines containing names of portal users: studentfaculty
 Save the file. 
You have now created a group calledSpecial_Developersthat contains 2 members,studentandfaculty.
 
         Edit your composite groups configuration file, properties/groups/compositeGroupServices.xmland comment in the filesystem
group service.  Change the groups root attribute to"C:/temp/myGroups".   <service
groupsRoot="C:/temp/myGroups"><name>filesystem</name>
 <service_factory>org.jasig.portal.groups.ReferenceIndividualGroupServiceFactory</service_factory>
 <entity_store_factory>org.jasig.portal.groups.filesystem.FileSystemGroupStoreFactory</entity_store_factory>
 <group_store_factory>org.jasig.portal.groups.filesystem.FileSystemGroupStoreFactory</group_store_factory>
 <entity_searcher_factory>org.jasig.portal.groups.filesystem.FileSystemEntitySearcherFactory</entity_searcher_factory>
 <internally_managed>false</internally_managed>
 <caching_enabled>false</caching_enabled>
 </service>
 
 Save your changes.  You have
now made the group you just created available to the composite group
service via a component service named filesystem. 
         
        
        Start up your portal.Log on as student.  You should not see the Channel Admin link in the header
sincestudentdoes not have permission to render the Channel Manager channel.
 LogoutStudent.
Logon as admin.   In Groups Manager (on the Admin Tools
tab), expandEveryone, expandStaff, and
selectDevelopers(You are going to makeSpecial_Developersa member ofDevelopers.)
Lock Developersfor update and choose Add Members.Search for a Group of Persons containing "Special".  Groups Manager should find your new
group.  Select Special_Developersand add it toDevelopers.
Unlock Developersand selectSpecial_Developers. 
It should have 2 members, Faculty User and Student User.
Still logged on as admin, publish a
new channel, giving access only to the groupSpecial_Developers. 
Logoutadmin.
Log on as student.  You should
now see the Channel Admin link
in the header and be able to publish channels since members ofDevelopershave permission to render Channel
Manager andstudentis now a member ofDevelopersviaSpecial_Developers.Subscribe to the new channel via the User Preferences channel.  
Log off studentand log on asdeveloper.
Try to subscribe to the new channel via the User Preferences channel.  You
should not be able to see the
new channel.  Both developerandSpecial_Developersare members ofDevelopers, but only members ofSpecial_Developershave subscribe permission for the new channel.
Log off developerand log on asfaculty. 
You should now be able to subscribe to the new channel.  Do so.Using your text editor, edit Special_Developersand removefacultyfrom the group by commenting out thefacultyline:
 student#faculty
 
 
         
        
        Still logged on as faculty, refresh
your browser.  The new channel should still successfully
render.  Why?   Althoughfacultyis no longer a
member ofSpecial_Developers,the filesystem group service
is externally-managed (you edited it with a text editor).  While the
filesystem service itself stays up-to-date by checking file timestamps,
it has no way of knowing what has changed or that previously-cached
membership information for a particular group member is now out of
sync.On the other hand, if you remove Special_DevelopersfromDevelopersusing Groups
Manager, this change will be visible in real time becauseDevelopersbelongs to an internally-managed service.  As soon as you refreshfaculty'sbrowser, the Channel Admin link
will disappear from the header.   You'll need 2 different user
agents (browser types) on your workstation to try this, one forfacultyand one foradminto make the change in Groups Manager.) Log off and log on once again asfaculty.This
time, the new channel should fail to render, and the Error Channel should appear in its
place with the annoying "You are not authorized to view this channel"
message.  The Channel Admin
link should also be gone from the header.  The memberships forfacultyare now correctly assessed because membership information for a user is
un-cached when the user's session is destroyed. 
   |