Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] question on privileges

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] question on privileges


Chronological Thread 
  • From: Martin Feller <>
  • To: Chris Hyzer <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] question on privileges
  • Date: Fri, 21 Jan 2011 00:50:42 -0600

On 1/20/11 10:55 PM, Chris Hyzer wrote:
> I see your program, isn't it the GrouperSystem version? I don't see the
> version that fails.

Yeah, I changed the subject manually in my tests.

> Anyways, I attached a version that runs as both and works fine, try it out.

It works fine for me here, too. I have to check what the difference is.

> Btw, your constructor opened a session, then closed it, which doesn't
> really do anything, so I got rid of it.

When I started testing the API, I figured there is a delay somewhere, and i
wanted to check if
this is maybe only on initial Grouper calls, maybe when Grouper is
initialized.
You are right, it doesn't do anything.
I *think* the OSU folks did something similar in GridGrouper in a
constructor, maybe to avoid delays in the first service call.
But I'm just speculating here.

> Also, I included code which creates the group and subjects if they don't
> exist.

Cool, that is useful example code for newbies like me.
Thanks a lot for the quick response!

-Martin

>
> This prints (which is correct, right?):
>
> Subjects with admin priv on group BIRN:F-BIRN:performancetest:
> - c
> - GrouperSystem
> Subjects with read priv on group BIRN:F-BIRN:performancetest:
> - c
> c has read privs on group BIRN:F-BIRN:performancetest: true
> Members of group BIRN:F-BIRN:performancetest:
> - c
> - a
> - b
>
>
> ###############
>
>
> Subjects with admin priv on group BIRN:F-BIRN:performancetest:
> - c
> - GrouperSystem
> Subjects with read priv on group BIRN:F-BIRN:performancetest:
> - c
> c has read privs on group BIRN:F-BIRN:performancetest: true
> Members of group BIRN:F-BIRN:performancetest:
> - c
> - a
> - b
>
>
> Thanks,
> Chris
>
> -----Original Message-----
> From:
>
>
> [mailto:]
> On Behalf Of Martin Feller
> Sent: Thursday, January 20, 2011 5:37 PM
> To:
>
> Subject: [grouper-users] question on privileges
>
> Hi,
>
> I'm quite new to grouper.
> Here's a problem I face while playing with the grouper API (1.6.3):
>
> I have a group BIRN:F-BIRN:performancetest. The privilege for everyone is
> only 'view'.
> The group has 3 members a, b and c. All of them have only the 'member'
> privilege, except for c, which also has the 'admin' and 'read' privilege.
>
> However, if I try to get a list of members for that group as member 'c'
> (i.e. the session has been started with the subject of 'c'),
> 'c' doesn't get a list of users. Even if I grant 'c' the admin privilege on
> that group, I don't get the list members.
>
> If I run the session as 'GrouperSystem', I get the list of members, and I
> see that 'c' is on the readers list and admin list,
> But a call to hasRead() with the subject of 'c' still returns false.
>
> I guess my questions are:
> * Why don't I get the memberlist if the session is run with 'c', and 'c'
> has read and admin privileges on the group?
> * Why does the call to group.hasRead(<subject of c>) as 'GrouperSystem'
> return false, even though 'c' is on the readers list?
>
> I assume I'm doing something wrong, or have wrong assumptions.
> Let me know if you need more information about my setup.
>
> Find the source code of my small example program attached.
>
> Thanks for feedback!
>
> Martin
>
>
> #############
>
> Output of the program, when the session has been started with the subject
> of 'GrouperSystem':
>
> subject id of caller: GrouperSystem
> Subjects with admin priv on group BIRN:F-BIRN:performancetest:
> - c
> - GrouperSystem
> Subjects with read priv on group BIRN:F-BIRN:performancetest:
> - c
> c has read privs on group BIRN:F-BIRN:performancetest: false
> Members of group BIRN:F-BIRN:performancetest:
> - a
> - b
> - c
>
>
> Output of program, when the session has been started with the subject of
> 'c':
>
> Subject id of caller: c
> Subjects with admin priv on group BIRN:F-BIRN:performancetest:
> Subjects with read priv on group BIRN:F-BIRN:performancetest:
> c has read privs on group BIRN:F-BIRN:performancetest: false
> No read privilege on group for subject c
>





Archive powered by MHonArc 2.6.16.

Top of Page