From d528d74542f2fcd947bc05dbcfb7b2c47cdde8e0 Mon Sep 17 00:00:00 2001 From: Miguel Carro Pellicer Date: Tue, 24 May 2016 19:09:19 +0200 Subject: [PATCH] SAK-29970 Allow roles returned by RoleProvider to be enabled/disabled. (#2566) Allow roles returned by RoleProvider to be enabled/disabled. --- .../sakaiproject/config/bundle/default.sakai.properties | 8 ++++++++ .../src/java/org/sakaiproject/site/tool/SiteAction.java | 7 ++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/config/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties b/config/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties index b3b4bda29160..9d59adf19c05 100644 --- a/config/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties +++ b/config/configuration/bundles/src/bundle/org/sakaiproject/config/bundle/default.sakai.properties @@ -4250,6 +4250,14 @@ # Should the .anon role be assignable to a realm? Defaults to false. # sitemanage.grant.anon=true +# SAK-29970 +# Should the additional roles be assignable to a realm? Defaults to false. +# sitemanage.grant.origin.provided = true +# sitemanage.grant.origin.internal = true +# sitemanage.grant.role.allstaff = true +# sitemanage.grant.role.allusers = true +# sitemanage.grant.role.allstudents = true + # ##### # SAK-27743 Quartz job to seed sites, users, and resources # ##### diff --git a/site-manage/site-manage-tool/tool/src/java/org/sakaiproject/site/tool/SiteAction.java b/site-manage/site-manage-tool/tool/src/java/org/sakaiproject/site/tool/SiteAction.java index 52f3e7e36037..ba37879371c4 100644 --- a/site-manage/site-manage-tool/tool/src/java/org/sakaiproject/site/tool/SiteAction.java +++ b/site-manage/site-manage-tool/tool/src/java/org/sakaiproject/site/tool/SiteAction.java @@ -3860,7 +3860,12 @@ private Map getAdditionalAccess(AuthzGroup realm) { */ protected Map loadAdditionalRoles() { Map additionalRoles = new HashMap(); - for (String roleId : authzGroupService.getAdditionalRoles()) { + for (String roleId : authzGroupService.getAdditionalRoles()) { + // Check if the role is allowed to be granted in the realm + boolean allowedRoleId = ServerConfigurationService.getBoolean("sitemanage.grant"+roleId, false); + if(!allowedRoleId){ + continue; + } AdditionalRole role = new AdditionalRole(); role.id = roleId; role.name = authzGroupService.getRoleName(role.id);