Scott Amerson
I have a very generic question about providers and authzgroupservice interaction, which I hope someone can help me with.
I'm referring to Sakai 2.1.x, and here's our situation:
GroupProvider, UserDirectoryProvider, and CourseManagementProvider implementations are all custom. They allow for dynamic lookup of user attributes, roles, and course data/membership from an external source. Here's a scenario we just tested, and during the test we encountered a peculiar situation:
1. Course ABC originally had a unknown instructor "The Staff" assigned to it in our external data.
2. We changed the instructor in our external data from "The Staff" to instructor X.
3. After waiting for the external data to propogate through to Sakai (using Oracle materialized views), we noticed that Course ABC has both instructor X and "The Staff" listed as instructors in the Site Info Tool.
4. We checked our external data, and only instructor X is listed as the instructor for the course.
5. After checking the internal Sakai tables (SAKAI_REALM_RL_GR), "The Staff" member and the instructor X have rows in the table, with respect to the group in question. We had to manually remove "The Staff"'s membership in the course via the UI, in order to remove the given row from the SAKAI_REALM_RL_GR table.
Note: Courses were initially created using a batch mechanism, and setting the ProviderId to an internal id. No instructors are assigned at time of course creation.
Questions:
a. Is our case a direct result of the "PROVIDED" field in the table SAKAI_REALM_RL_GR being of certain value? If so, what process activates this change from being provided to not-- the AuthZService?
b. Is Sakai caching involved somehow?
clement Wong replies:
Probably yes, with provided = 0 (i.e non-provided), the refreshAuthzGroup
will not handle it.
There are some cases that the external user is persisted in
SAKAI_REALM_RL_GR with provided = 0.
For example, in worksite setup, you manually add an external user into the
course site even if the user doesn't really join the course class.
Another example, in worksite setup, you change the role of an external user
into another role in which the role doesn't exist in external data.
We've tune the AuthzGroupService little bit to cater our synchronization
requirement (external data and sakai internal grants) but still get some
tradeoff.
It's hoped that sakai will have a complete and customizable implementation
for external data integration (Course, Class, Group, Section..bla bla bla)
for both pull and push mechanism. I think this is not easy work.