Grouper Users - Open Discussion List

[Paul Gazda <>]

Thank you for the proof. Much appreciated!

 

Paul Gazda

 

From: Chris Hyzer [mailto:]
Sent: Tuesday, July 28, 2009 11:32 PM
To: Paul Gazda;
Subject: RE: Deleting a group with GrouperClient

 

Here is proof (note, going between grouper client and gsh):

 

 

## First see how many memberships there are with GSH:

 

gsh 0% HibernateSession.bySqlStatic().select(int.class, "select count(1) from grouper_memberships");

798545

 

## Add a group with the client

 

[mchyzer@x temp]$ java -jar grouperClient.jar --operation=groupSaveWs --name=test:isc:astt:chris:test:test1

Success: T: code: SUCCESS_INSERTED: test:isc:astt:chris:test:test1

 

## Add a member

 

[mchyzer@x temp]$ java -jar grouperClient.jar --operation=addMemberWs --groupName=test:isc:astt:chris:test:test1 --subjectIds=10021368

Index 0: success: T: code: SUCCESS: 10021368

 

## Add a privilege

 

[mchyzer@x temp]$ java -jar grouperClient.jar --operation=assignGrouperPrivilegesLiteWs --groupName=test:isc:astt:chris:test:test1 --subjectId=10021368 --privilegeName=read --allowed=true

Success: T: code: SUCCESS_ALLOWED: group: test:isc:astt:chris:test:test1: subject: 10021368: access: read

 

## See that there are now 3 more memberships (creating the group gave admin to the creator)

 

gsh 1% HibernateSession.bySqlStatic().select(int.class, "select count(1) from grouper_memberships");

798548

 

## Delete the group

 

[mchyzer@x temp]$ java -jar grouperClient.jar --operation=groupDeleteWs --groupNames=test:isc:astt:chris:test:test1

Index 0: success: T: code: SUCCESS: test:isc:astt:chris:test:test1

 

## See that there are the original number of memberships in the table, the three new ones are gone (note, this assumes there was no other activity in the registry J )

 

gsh 2% HibernateSession.bySqlStatic().select(int.class, "select count(1) from grouper_memberships");

798545

 

## Create the group again

 

[mchyzer@x temp]$ java -jar grouperClient.jar --operation=groupSaveWs --name=test:isc:astt:chris:test:test1

Success: T: code: SUCCESS_INSERTED: test:isc:astt:chris:test:test1

 

## See that it has no members

 

[mchyzer@x temp]$ java -jar grouperClient.jar --operation=getMembersWs --groupNames=test:isc:astt:chris:test:test1

[mchyzer@x temp]$

 

## See that no one explicitly has READ on the group

 

[mchyzer@x temp]$ java -jar grouperClient.jar --operation=getGrouperPrivilegesLiteWs --groupName=test:isc:astt:chris:test:test1 --privilegeName=read

[mchyzer@x temp]$

 

From: Paul Gazda [mailto:]
Sent: Tuesday, July 28, 2009 2:16 PM
To: Chris Hyzer;
Subject: RE: Deleting a group with GrouperClient

 

Thanks. I am glad there is no way to keep memberships of deleted groups. To me, that would be a data integrity violation. I just want to make sure that if I delete a group all the memberships and privileges associated with it will be gone without having to specifically delete them.

 

Paul Gazda

 

From: Chris Hyzer [mailto:]
Sent: Tuesday, July 28, 2009 11:13 AM
To: Paul Gazda;
Subject: RE: Deleting a group with GrouperClient

 

Ok, I will do a proof of concept.  The added_exists means you are adding someone and they are already there (that is still a success=T).

There isn’t a way currently to keep memberships of a deleted group since the memberships are foreign keys… if we had a way to disable a group, that might do it, but it doesn’t exist now and there are no current plans.

 

Chris

 

From: Paul Gazda [mailto:]
Sent: Tuesday, July 28, 2009 2:07 PM
To: Chris Hyzer;
Subject: RE: Deleting a group with GrouperClient

 

Thanks, Chris. I would appreciate a definitive answer. I thought I saw a result code something like “added_exists” when I was assigning admin privileges to a test group that I had been creating and deleting through successive tests. I haven’t seen it since, but was wondering if privileges or memberships could be left in database tables for a group that no longer exists, and then if a group by the same name was subsequently created, those privileges and memberships would attach to it, without the creator knowing.

 

Paul Gazda

 

From: Chris Hyzer [mailto:]
Sent: Tuesday, July 28, 2009 10:49 AM
To: Paul Gazda;
Subject: RE: Deleting a group with GrouperClient

 

My understanding is that all memberships and privileges will be deleted automatically.  The only things that would hold it up are if the user (or actAs user) doesn’t have admin privileges on the group, or if the group is used as a factor in another composite group.

 

I can do a quick proof of concept demonstrating this with the client, do you need this?

 

Thanks,

Chris

 

From: Paul Gazda [mailto:]
Sent: Monday, July 27, 2009 5:19 PM
To:
Subject: [grouper-users] Deleting a group with GrouperClient

 

When a group is deleted using the GrouperClient 1.4.2 groupDeleteWs method, are all of the privileges and memberships associated with the group deleted automatically, or do they have to be explicitly deleted before deleting the group? Thanks.

 

Paul Gazda