Developer Area/Specifications in Development/Isolated Institutions
From Mahara Wiki
< Developer Area | Specifications in DevelopmentRevision as of 21:53, 25 May 2011 by Kabalin (moved Developer Area/Specifications in Development/Walled Gardens to Developer Area/Specifications in Development/Isolated Institutions: as agreed on the dev meeting 25/05/2011)
Mahara is designed to allow many "institutions" all share the same instance, which allows their pupils to interact together across institution boundaries. This can be a very useful feature, not least because it allows several institutions to share the cost of running a Mahara instance. But some schools still wish to maintain the "walled garden" effect of not allowing their students to see others outside their institution - or potentially allowing only some of the institutions in the system to interact with their students. (Taken from http://wiki.mahara.org/Roadmap/School_Usage)
Walled garden makes it possible to control interaction between members of different institutions. Whether the institution is in a walled garden or not is controlled by additional setting at "Administer Institution" page. If the “Walled garden" setting is set to “Yes”, users are allowed to interact with members of the same institution only. Access to users outside the walled garden institution is also possible for users in a “Walled garden” institution. The trust relationship control mechanism is designed for that purpose. Trust relationships are controlled by an "Institution Administrator" and "Site Administrator" only. On the "Institution Administrator" level, trust relationships are controlled on request/approve basis: An Institution administrator is able to list existing institutions and send a trust request to those institutions they want to create trust relationships with, once request is sent and approved by aimed institution's admin, a reciprocal trust relationship between institutions is established (pretty similar to friendship maintaining mechanism that already exists in Mahara). On the "Site Administrator" level trust relationships are controlled through the "Institution Trust Relationsips" interface that allows an administrator to maintain reciprocal trust relationships between any institutions directly as well as allowing replies to trust relationships request on behalf of the admin of any intuition.
Therefore, members of a "Walled garden" institution are able to communicate with members within institution and members of institutions outside the walled garden with which trust relationships have been established (by an Institutional or Site Administrator). When a new institution is created, by default institutions have "Walled Garden" set to "No", i.e. members of the particular institution can interact to any users in the system except members of any "Walled garden" institutions. Any user that does not belong to any institution will only be able to communicate with similar users and members of intuitions with walled garden setting set to “No”.
To illustrate what is said above, say member of institution is finding friends using Groups->Find friends menu. Depending on "Walled garden" option setting for the institution, the following users will be listed:
Members of "Walled garden" institution are able to find:
- users in all institutions with a trust relationship
- users in own institution
Members of "No walled garden"(default) institution are able to find:
- users in all default institutions (which includes own institution)
- users in all institutions with explicit trust relationships
Members of "no institution" are able to find:
- users in all default institutions
It is important to understand that the Walled Garden concept relies on a trust relationships control mechanism, but it does not depend on it, i.e. an institution may have several trust relations, but it should not necessary be in the Walled Garden (have Walled Garden setting on). This allows users of a walled garden institute to communicate with those in an institute without a walled garden if a trust relationship is defined.
Trust Relationships Control on Institution Admin Level
For the institution admin level, Walled Garden Trust Relationships are controlled using two additional sub-menu items in “Walled Garden Control” page: "Institutions we trust" and "Find Institution". Both of these pages allow the institutional admin to choose the institutions to act on behalf of, which is relevant when the user can administer more than one institution. The "Find Institution" page shows all available institutions, provides direct links to actions and provides searching and pagination features for convenience. The "Institutions we trust" page shows only institutions with which trust relationships are already established, and allows the admin to filter the list based on trust relationships status (pending or current).
The following actions are possible depending on the current relations:
- Sending trust request – if there are no trust relationships with destination institution.
- Denying trust request – if incoming trust relation request is pending.
- Approving trust request - if incoming trust relation request is pending.
- Breaking trust relationships – if a trust relationship already exists
As a result of each action, institution admins of the affected institutions will be notified.
If the chosen institution is one the user can administer, the interface for explicit trust relationships control between all "own" institutions is shown (similar to one that is used by site administrator but the number of institutions is limited to those each user is administrator of).
Trust Relationships Control on Site Admin Level
For the site admin, Walled Garden Trust Relationships are controlled explicitly. A searching block and pagination has been added to the institutions page in order to facilitate institution management. The "Trustees" column shows the number of current trustees and it is also the link to “View Institution” page for controlling trust relationships between corresponding institution and any other. As was mentioned above, the “View Institution” page shows elements based on user type and institution for administering permissions. For site admin it shows an interface for explicit trust relationships control by default (institutions mode), and it can also show an interface for responding to trust proposals addressed to the chosen institution (requesters mode). The desired interface is controlled by the “mode” dropdown menu. In the case of changing trust relationships or replying to a trust request, all affected institutions (institution admins) will be notified.
The walled garden framework is applied to following communication paths:
- User to user – the access check is based on whether user can access the institution which destination user belongs to. If the destination user is a member of multiple institutions, access is granted if user can access at least one of destination user’s institutions. If the destination user is already a friend, access is permitted.
- User to group – the access check is based on whether the user can access the institution which the destination group admins belong to. If destination group has several admins or any admin is a member of multiple institutions, access is granted if the user can access at least one of institutions which the destination group admins belong to. If the user is a member of destination group, access is permitted.
- User to Institution - the access check is based on whether user can access the destination institution. If a user is a member of the destination institution, access is permitted.
A variety of checks are performed based on the above framework, for example the check if a user can access view or artefact uses this apporach (each view or artifact can belong to either user, group or institution).
If trust relationships between institutions have been broken, current group membership in an “enemy” group as well as friendships and view access permissions will not be broken. If this is required, one should use “Break external relationships” group of buttons in institution settings. As a result of this action corresponding permissions will be broken and all affected users will be notified by email. Institution admins will receive a digest email with a list of all users that were affected.
The "Walled garden" option in "Administer Institution" interface requires a corresponding flag in 'institution' table. Trust relationships control requires two extra tables for its functioning: "institution_trust" is a mapping table which is used for storing current trust relationships between institutions. "institution_trust_request" is used for registering trust requests initiated by the "requestor" institution and addressed to the "owner" institution, it also stores the message that has been specified at the time a trust request had been sent.
All checks related to a single item are performed using following methods in the user class (auth/user.php):can_access_group, can_access_user, can_access_institution For multi-item output, walled garden checks are usually embedded in the SQL queries for scalability reasons (see for details search_user, search_group functions in search/internal/lib.php).