Reiter

Unterpunkte

Modifying an Existing Role

To realise a specific didactic scenario you often need only to modify an existing role and give it some more permissions or take some away. Because this is often only necessary for a specific object or section usually a local policy is created to change permissions only for a local area in the repository and not for the entire role.
The following example shows the section of a didactic template where an existing course role is modified. This template would be applied within a course folder to create a space where course members could exchange files.
<actions>
...
<localPolicyAction>
<roleFilter source="title">
<includePattern preg="il_crs_member"/>
</roleFilter>
<localPolicyTemplate type="union">
<role type="rolt">
<title>DTPL_MEMBER_WORK_AREA</title>
<operations>
<operation group="file">visible</operation>
<operation group="file">read</operation>
<operation group="file">write</operation>
<operation group="fold">visible</operation>
<operation group="fold">read</operation>
<operation group="fold">create_file</operation>
</operations>
</role>
</localPolicyTemplate>
</localPolicyAction>
...
</actions>
  • The element localPolicyAction opens the section for modifying a role's permission.
  • At first, the element roleFilter is used to identify the role that shall be modified. In the example above the course member role is selected (il_crs_member).
  • The element localPolicyTemplate assigns the permissions created within this element to the selected role. Due to the type union in the example the existing permissions of this role will be merged with the given permissions of the new template. At the time being there are three types available in this element:
    • union: permissions of the existing role and new permissions of the template are added.
    • intersect: an intersection of the permissions of the existing role and the new permissions of the template is created (only permissions granted both in the existing permissions and the template are kept).
    • overwrite: the permissions of the existing role are overwritten by the permission definition of the imported template.
    • The following role element with type="rolt" is creating a new role template. The title of the role template and its given permissions are defined in the following elements title and operations.
Note: Permissions for a modified role are always assigned through a role template not by adding permissions directly to the existing role.