Skip to Content.
Sympa Menu

grouper-users - [grouper-users] question on privileges

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] question on privileges


Chronological Thread 
  • From: Martin Feller <>
  • To:
  • Subject: [grouper-users] question on privileges
  • Date: Thu, 20 Jan 2011 16:36:51 -0600

Hi,

I'm quite new to grouper.
Here's a problem I face while playing with the grouper API (1.6.3):

I have a group BIRN:F-BIRN:performancetest. The privilege for everyone is
only 'view'.
The group has 3 members a, b and c. All of them have only the 'member'
privilege, except for c, which also has the 'admin' and 'read' privilege.

However, if I try to get a list of members for that group as member 'c' (i.e.
the session has been started with the subject of 'c'),
'c' doesn't get a list of users. Even if I grant 'c' the admin privilege on
that group, I don't get the list members.

If I run the session as 'GrouperSystem', I get the list of members, and I see
that 'c' is on the readers list and admin list,
But a call to hasRead() with the subject of 'c' still returns false.

I guess my questions are:
* Why don't I get the memberlist if the session is run with 'c', and 'c' has
read and admin privileges on the group?
* Why does the call to group.hasRead(<subject of c>) as 'GrouperSystem'
return false, even though 'c' is on the readers list?

I assume I'm doing something wrong, or have wrong assumptions.
Let me know if you need more information about my setup.

Find the source code of my small example program attached.

Thanks for feedback!

Martin


#############

Output of the program, when the session has been started with the subject of
'GrouperSystem':

subject id of caller: GrouperSystem
Subjects with admin priv on group BIRN:F-BIRN:performancetest:
- c
- GrouperSystem
Subjects with read priv on group BIRN:F-BIRN:performancetest:
- c
c has read privs on group BIRN:F-BIRN:performancetest: false
Members of group BIRN:F-BIRN:performancetest:
- a
- b
- c


Output of program, when the session has been started with the subject of 'c':

Subject id of caller: c
Subjects with admin priv on group BIRN:F-BIRN:performancetest:
Subjects with read priv on group BIRN:F-BIRN:performancetest:
c has read privs on group BIRN:F-BIRN:performancetest: false
No read privilege on group for subject c

import java.util.Iterator;
import java.util.Set;

import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.Member;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.subject.Subject;

public class GroupTest {

public GroupTest() throws Exception {

System.out.println("---------- initializing grouper");
GrouperSession session = null;
try {
session =
GrouperSession.start(SubjectFinder.findById("GrouperSystem", true));
} finally {
if (session != null) {
session.stop();
}
}
System.out.println("---------- done initializing grouper");
}

public static void main(String[] args) throws Exception {
GroupTest gs = new GroupTest();
gs.testStuff();
}

public void testStuff() throws Exception {
GrouperSession session = null;
String groupName = "BIRN:F-BIRN:performancetest";
String admin = "GrouperSystem";
String user = "martinfeller";

try {
Subject caller = SubjectFinder.findById(admin, true);
System.out.println("Subject id of caller: " + caller.getId());
session = GrouperSession.start(caller);
Group group = GroupFinder.findByName(session, groupName, true);

this.printAdmins(group);
this.printReaders(group);

Subject s = SubjectFinder.findById(user, true);
System.out.println(user + " has read privs on group " + groupName
+ ": " + group.hasRead(s));

if (group.hasRead(caller)) {
System.out.println("Members of group " + groupName + ":");
this.printMembers(group.getMembers());
} else {
System.out.println("No read privilege on group for subject "
+ caller.getId());
}
} finally {
if (session != null) {
session.stop();
}
}
}

private void printAdmins(Group group) {
System.out.println("Subjects with admin priv on group " +
group.getName() + ":");
this.printSubjectSet(group.getAdmins());
}

private void printReaders(Group group) {
System.out.println("Subjects with read priv on group " +
group.getName() + ":");
this.printSubjectSet(group.getReaders());
}

private void printSubjectSet(Set subjectSet) {
Iterator iter = subjectSet.iterator();
while (iter.hasNext()) {
Subject s = (Subject) iter.next();
System.out.println("- " + s.getId());
}
}

private void printMembers(Set members) {
if (members != null) {
Iterator iter = members.iterator();
while (iter.hasNext()) {
Member m = (Member) iter.next();
System.out.println("- " + m.getSubjectId());
}
} else {
System.out.println("member set is null");
}
}
}




Archive powered by MHonArc 2.6.16.

Top of Page