> On 4/17/12 4:09 AM, Nicolaas Matthijs wrote: > > features in the UI to break. For example, you wouldn't be able to > > share content with a private user or add a private user to a group, as > > that user wouldn't show up in any searches, type-aheads or lists, > > which seems especially problematic when running a course through OAE.
I've been looking into this for much the same reasons as Jon - at Georgia Tech, we need to default users to a relatively private level for FERPA compliance, and in particular can't have the list of courses a user is taking be visible to other users. We also have 'confidential' users, whose full identity must be protected by policy & law. I found creative ways to solve many problems by directly hacking ACLs via REST calls - not the most pleasant solution, but better than nothing. The one thing I could never solve cleanly is the 'confidential' user issue (which equates to a 'fully private' user as described in this thread.) I could manually remove all ACL permissions from a user account via REST, but as described above, I was no longer able to add the user to groups or share anything with the user. It seems that the critical fix needed is to decouple the type-ahead/search interface from the user selection functionality, so that users can be added or selected by just entering their user account ID. The idea is that the value typed into the search field is first run through the normal search process, and then if that fails, it is checked against the user database (internal or LDAP or any other source being used) to see if it is a valid account (ignoring any ACLs that might be set). If it comes back valid, then the associated user object is returned to the GUI for display and addition to the selection list. I call this 'critical', because the current search method is going to be unusable for any organization with thousands of users, since it only returns a first and last name. Search for 'John Smith' in a large organization, and you might get fifteen people back, but with only the names, there's now way to tell which one you want. More data in the drop down list can help, but around here I know our users will want the ability to just add people they know well by entering the user account ID to be sure that they're adding the right person. Perhaps this is already in the works for 1.2 or 1.3, but if not, this should definitely be added to the roadmap ASAP IMHO. Kevin -- Kevin Pittman [email protected] ----------------------------------------------------------------------- Senior Systems Support Engineer Office of Information Technology Academic and Research Technologies Georgia Institute of Technology _______________________________________________ oae-dev mailing list [email protected] http://collab.sakaiproject.org/mailman/listinfo/oae-dev
