Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] question on privileges

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] question on privileges


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Martin Feller <>, "" <>
  • Subject: RE: [grouper-users] question on privileges
  • Date: Thu, 20 Jan 2011 23:55:37 -0500
  • Accept-language: en-US
  • Acceptlanguage: en-US

I see your program, isn't it the GrouperSystem version? I don't see the
version that fails. Anyways, I attached a version that runs as both and
works fine, try it out. Btw, your constructor opened a session, then closed
it, which doesn't really do anything, so I got rid of it. Also, I included
code which creates the group and subjects if they don't exist.

This prints (which is correct, right?):

Subjects with admin priv on group BIRN:F-BIRN:performancetest:
- c
- GrouperSystem
Subjects with read priv on group BIRN:F-BIRN:performancetest:
- c
c has read privs on group BIRN:F-BIRN:performancetest: true
Members of group BIRN:F-BIRN:performancetest:
- c
- a
- b


###############


Subjects with admin priv on group BIRN:F-BIRN:performancetest:
- c
- GrouperSystem
Subjects with read priv on group BIRN:F-BIRN:performancetest:
- c
c has read privs on group BIRN:F-BIRN:performancetest: true
Members of group BIRN:F-BIRN:performancetest:
- c
- a
- b


Thanks,
Chris

-----Original Message-----
From:


[mailto:]
On Behalf Of Martin Feller
Sent: Thursday, January 20, 2011 5:37 PM
To:

Subject: [grouper-users] question on privileges

Hi,

I'm quite new to grouper.
Here's a problem I face while playing with the grouper API (1.6.3):

I have a group BIRN:F-BIRN:performancetest. The privilege for everyone is
only 'view'.
The group has 3 members a, b and c. All of them have only the 'member'
privilege, except for c, which also has the 'admin' and 'read' privilege.

However, if I try to get a list of members for that group as member 'c' (i.e.
the session has been started with the subject of 'c'),
'c' doesn't get a list of users. Even if I grant 'c' the admin privilege on
that group, I don't get the list members.

If I run the session as 'GrouperSystem', I get the list of members, and I see
that 'c' is on the readers list and admin list,
But a call to hasRead() with the subject of 'c' still returns false.

I guess my questions are:
* Why don't I get the memberlist if the session is run with 'c', and 'c' has
read and admin privileges on the group?
* Why does the call to group.hasRead(<subject of c>) as 'GrouperSystem'
return false, even though 'c' is on the readers list?

I assume I'm doing something wrong, or have wrong assumptions.
Let me know if you need more information about my setup.

Find the source code of my small example program attached.

Thanks for feedback!

Martin


#############

Output of the program, when the session has been started with the subject of
'GrouperSystem':

subject id of caller: GrouperSystem
Subjects with admin priv on group BIRN:F-BIRN:performancetest:
- c
- GrouperSystem
Subjects with read priv on group BIRN:F-BIRN:performancetest:
- c
c has read privs on group BIRN:F-BIRN:performancetest: false
Members of group BIRN:F-BIRN:performancetest:
- a
- b
- c


Output of program, when the session has been started with the subject of 'c':

Subject id of caller: c
Subjects with admin priv on group BIRN:F-BIRN:performancetest:
Subjects with read priv on group BIRN:F-BIRN:performancetest:
c has read privs on group BIRN:F-BIRN:performancetest: false
No read privilege on group for subject c

Attachment: GroupTest.java
Description: GroupTest.java




Archive powered by MHonArc 2.6.16.

Top of Page