View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|16832||Feature requests||Plugins||public||2020-11-14 12:29||2020-11-22 22:46|
|Summary||16832: Extend Limesurvey public API to support user group functions|
For HIFIS (Helmholtz Federated IT Services, www.hifis.net) I am working on a LimeSurvey integration as a service in the federated Helmholtz Cloud (www.hifis.net/cloud-platform.html). Researchers from centres of the Helmholtz Association (www.helmholtz.de) can log into the LimeSurvey administration backend via OpenID connect using their federated identities provided by the Helmholtz-AAI identity federation (login.helmholtz.de).
When a federated user logs in, a shadow user is automatically created, as already implemented by the Authwebserver core authentication plugin. However, to support Virtual Organisations (VOs, wiki.egi.eu/wiki/Glossary_V1#VirtualOrganisation) as a core concept of the Helmholtz Cloud, support for shadow groups is required to provide the necessary capabilities when a federated identity belonging to a particular VO logs in. I have developed a plugin that provides the appropriate functionality (e.g. list user groups, create user group, add/remove user to/from group), but to ensure future compatibility, calling internal classes should be avoided as is correctly considered bad practice (manual.limesurvey.org/Plugins-_advanced).
Long story short, I would like to ask whether you would accept a pull request I propose to add three functions to LimesurveyApi.php:
Since the Helmholtz Cloud service LimeSurvey will be a long-term project among many other services, we would prefer to use the LTS version of the Community Edition. This would require the extension to be included in this branch.
|Tags||No tags attached.|
Personnaly : i prefer a clean way to extend remote_control via API.
I already have an hacked way (working since years now )
Thank you for pointing out the possibility of extending RemoteControl via API, which is a really interesting approach.
However, I did not originally intend to request a feature extension of the RemoteControl 2 API.
For the mentioned requirements it would be sufficient to have the functions in LimesurveyApi.php:
When a federated user logs in, the OIDC provider supplies a set of attributes in the login event, including the user's Virtual Organization (VO). The plugins then creates the user group per each VO the federated user belongs to and adds/removes the local representation of the user to the group. This is to isolate the VO's and its members from each other on a given level.
Nevertheless, it would generally be helpful to have support for user groups in the RemoteControl 2 API.
Calling the "external" API from within the plugin is one approach when there is nothing else, my concern here is that it slows things down quite a bit.
I understand your pointg of view.
With a plugin event (or another system) : no need to wait, more easy to create/adapt new fuinction, LimeSurey core can stray lighter.
Thank you for further clarifying this issue. In general, I agree that this is an appropriate solution regarding extensions of RemoteControl.
However, for my use case, which admittedly could be somehow special and therefore not of general interest, I do not see much benefit in avoiding the "direct use of classes found in the source code" by moving it to another location. So I could just be as happy with my plugin as it is and leave the functions I have provided as PR in it. If you think differently about it, please let me know.
I think I was a bit misled by the phrase "New functions can be added to the API object on request" in the plugins-advanced documentation.
|2020-11-14 12:29||doeringf||New Issue|
|2020-11-14 12:29||doeringf||File Added: image.png|
|2020-11-14 15:42||doeringf||File Deleted: image.png|
|2020-11-20 20:20||doeringf||Note Added: 60726|
|2020-11-21 10:53||DenisChenu||Note Added: 60728|
|2020-11-22 14:23||doeringf||Note Added: 60731|
|2020-11-22 18:02||DenisChenu||Note Added: 60732|
|2020-11-22 22:46||doeringf||Note Added: 60733|