View Issue Details

IDProjectCategoryView StatusLast Update
16832Feature requestsPluginspublic2020-11-22 22:46
Reporterdoeringf Assigned To 
PrioritynoneSeverityfeature 
Status newResolutionopen 
Summary16832: Extend Limesurvey public API to support user group functions
Description

For HIFIS (Helmholtz Federated IT Services, www.hifis.net) I am working on a LimeSurvey integration as a service in the federated Helmholtz Cloud (www.hifis.net/cloud-platform.html). Researchers from centres of the Helmholtz Association (www.helmholtz.de) can log into the LimeSurvey administration backend via OpenID connect using their federated identities provided by the Helmholtz-AAI identity federation (login.helmholtz.de).

When a federated user logs in, a shadow user is automatically created, as already implemented by the Authwebserver core authentication plugin. However, to support Virtual Organisations (VOs, wiki.egi.eu/wiki/Glossary_V1#VirtualOrganisation) as a core concept of the Helmholtz Cloud, support for shadow groups is required to provide the necessary capabilities when a federated identity belonging to a particular VO logs in. I have developed a plugin that provides the appropriate functionality (e.g. list user groups, create user group, add/remove user to/from group), but to ensure future compatibility, calling internal classes should be avoided as is correctly considered bad practice (manual.limesurvey.org/Plugins-_advanced).

Long story short, I would like to ask whether you would accept a pull request I propose to add three functions to LimesurveyApi.php:

(1) getUserGroups()
(2) addUserGroup($groupName, $groupDescription)
(3) userInGroupAction($ugid, $uid, $action)

Since the Helmholtz Cloud service LimeSurvey will be a long-term project among many other services, we would prefer to use the LTS version of the Community Edition. This would require the extension to be included in this branch.

Kind regards,
Florian Döring

Group Compute Platforms, IT Core Facility
German Cancer Research Center (DKFZ)

TagsNo tags attached.

Activities

doeringf

doeringf

2020-11-20 20:20

reporter   ~60726

PR: https://github.com/LimeSurvey/LimeSurvey/pull/1663

DenisChenu

DenisChenu

2020-11-21 10:53

developer   ~60728

Personnaly : i prefer a clean way to extend remote_control via API.

I already have an hacked way (working since years now )

Sample : https://gitlab.com/SondagesPro/RemoteControl/extendRemoteControl
And a branch : https://gitlab.com/SondagesPro/RemoteControl/extendRemoteControl/-/tree/exportReponseFiltered

doeringf

doeringf

2020-11-22 14:23

reporter   ~60731

Thank you for pointing out the possibility of extending RemoteControl via API, which is a really interesting approach.

However, I did not originally intend to request a feature extension of the RemoteControl 2 API.

For the mentioned requirements it would be sufficient to have the functions in LimesurveyApi.php:

When a federated user logs in, the OIDC provider supplies a set of attributes in the login event, including the user's Virtual Organization (VO). The plugins then creates the user group per each VO the federated user belongs to and adds/removes the local representation of the user to the group. This is to isolate the VO's and its members from each other on a given level.

Nevertheless, it would generally be helpful to have support for user groups in the RemoteControl 2 API.

Calling the "external" API from within the plugin is one approach when there is nothing else, my concern here is that it slows things down quite a bit.

DenisChenu

DenisChenu

2020-11-22 18:02

developer   ~60732

I understand your pointg of view.

Mine is

  1. current LimeSurvey core dev can not really construct new featire since they are only in bug fixing
  2. We have another RC update pull request : https://github.com/LimeSurvey/LimeSurvey/pull/1660
  3. remotecontrol_handle have mote than 3000 lines
  4. To have your feature in core : you have to wait some week (or month) before it was merged.

With a plugin event (or another system) : no need to wait, more easy to create/adapt new fuinction, LimeSurey core can stray lighter.

doeringf

doeringf

2020-11-22 22:46

reporter   ~60733

Thank you for further clarifying this issue. In general, I agree that this is an appropriate solution regarding extensions of RemoteControl.

However, for my use case, which admittedly could be somehow special and therefore not of general interest, I do not see much benefit in avoiding the "direct use of classes found in the source code" by moving it to another location. So I could just be as happy with my plugin as it is and leave the functions I have provided as PR in it. If you think differently about it, please let me know.

I think I was a bit misled by the phrase "New functions can be added to the API object on request" in the plugins-advanced documentation.

Issue History

Date Modified Username Field Change
2020-11-14 12:29 doeringf New Issue
2020-11-14 12:29 doeringf File Added: image.png
2020-11-14 15:42 doeringf File Deleted: image.png
2020-11-20 20:20 doeringf Note Added: 60726
2020-11-21 10:53 DenisChenu Note Added: 60728
2020-11-22 14:23 doeringf Note Added: 60731
2020-11-22 18:02 DenisChenu Note Added: 60732
2020-11-22 22:46 doeringf Note Added: 60733