Grouper Users - Open Discussion List

[Chris Hyzer <>]

I see your program, isn't it the GrouperSystem version?  I don't see the 
version that fails.  Anyways, I attached a version that runs as both and 
works fine, try it out.  Btw, your constructor opened a session, then closed 
it, which doesn't really do anything, so I got rid of it.  Also, I included 
code which creates the group and subjects if they don't exist.

This prints (which is correct, right?):

Subjects with admin priv on group BIRN:F-BIRN:performancetest:
- c
- GrouperSystem
Subjects with read priv on group BIRN:F-BIRN:performancetest:
- c
c has read privs on group BIRN:F-BIRN:performancetest: true
Members of group BIRN:F-BIRN:performancetest:
- c
- a
- b


###############


Subjects with admin priv on group BIRN:F-BIRN:performancetest:
- c
- GrouperSystem
Subjects with read priv on group BIRN:F-BIRN:performancetest:
- c
c has read privs on group BIRN:F-BIRN:performancetest: true
Members of group BIRN:F-BIRN:performancetest:
- c
- a
- b


Thanks,
Chris

-----Original Message-----
From: 

 
[mailto:]
 On Behalf Of Martin Feller
Sent: Thursday, January 20, 2011 5:37 PM
To: 

Subject: [grouper-users] question on privileges

Hi,

I'm quite new to grouper.
Here's a problem I face while playing with the grouper API (1.6.3):

I have a group BIRN:F-BIRN:performancetest. The privilege for everyone is 
only 'view'.
The group has 3 members a, b and c. All of them have only the 'member' 
privilege, except for c, which also has the 'admin' and 'read' privilege.

However, if I try to get a list of members for that group as member 'c' (i.e. 
the session has been started with the subject of 'c'),
'c' doesn't get a list of users. Even if I grant 'c' the admin privilege on 
that group, I don't get the list members.

If I run the session as 'GrouperSystem', I get the list of members, and I see 
that 'c' is on the readers list and admin list,
But a call to hasRead() with the subject of 'c' still returns false.

I guess my questions are:
* Why don't I get the memberlist if the session is run with 'c', and 'c' has 
read and admin privileges on the group?
* Why does the call to group.hasRead(<subject of c>) as 'GrouperSystem' 
return false, even though 'c' is on the readers list?

I assume I'm doing something wrong, or have wrong assumptions.
Let me know if you need more information about my setup.

Find the source code of my small example program attached.

Thanks for feedback!

Martin


#############

Output of the program, when the session has been started with the subject of 
'GrouperSystem':

subject id of caller: GrouperSystem
Subjects with admin priv on group BIRN:F-BIRN:performancetest:
- c
- GrouperSystem
Subjects with read priv on group BIRN:F-BIRN:performancetest:
- c
c has read privs on group BIRN:F-BIRN:performancetest: false
Members of group BIRN:F-BIRN:performancetest:
- a
- b
- c


Output of program, when the session has been started with the subject of 'c':

Subject id of caller: c
Subjects with admin priv on group BIRN:F-BIRN:performancetest:
Subjects with read priv on group BIRN:F-BIRN:performancetest:
c has read privs on group BIRN:F-BIRN:performancetest: false
No read privilege on group for subject c

Attachment: GroupTest.java
Description: GroupTest.java