...
At the end of the day, it's all about saying yes or no to an Agent. The service architect looks at authorization without concerning herself with how it got there. Immediately she notices something disturbing. The application is performing its own authorization in the checkPlaceHold() method and not even allowing the Hold OSID Provider to perform its own authorization enforcement. The enforcement must occur within the provider and the Authorization OSID can be brought in to help it out.
| Gliffy | ||||
|---|---|---|---|---|
|
Authorization Mapping
An Authorization check based on an Agent, Function, and Qualifier.
...
Holds are created to an Issue and a Resource (student) in the context of a Oubliette OsidCatalog. The qualifier can only be one of these as this is the only information we have on which to authorize. It's probably more common in OSIDs to align Qualifiers with OsidCatalogs. This doesn't necessarily need to be the case. The project wanted Organizations associated with Issues, so aligning Qualifiers to Issues is a good place to start.
Again, this is not concerning itself about managing Authorizations. The choice of Qualifier for the purpose of checking Authorizations is based on what is known at the time of the check. This narrows it down quite a bit.
| Code Block |
|---|
org.osid.hold.HoldForm getHoldFormForCreate(org.osid.id.Id issueId, org.osid.id.Id resourceId, org.osid.type.Type[] recordTypes) { if (authzSession.isAuthorized(getAuthenticatedAgentId(), createHoldFunctionId, issueId) { throw org.osid.PermissionDeniedException(); } .... } org.osid.hold.HoldForm getHoldFormForUpdate(org.osid.id.Id holdId) { if (authzSession.isAuthorized(getAuthenticatedAgentId(), updateHoldFunctionId, holdId) { throw org.osid.PermissionDeniedException(); } .... } void deleteHold(org.osid.id.Id holdId) { if (authzSession.isAuthorized(getAuthenticatedAgentId(), deleteHoldFunctionId, holdId) { throw org.osid.PermissionDeniedException(); } .... } |