Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Re: finding entity privileges

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Re: finding entity privileges


Chronological Thread 
  • From: Rahul Doshi <>
  • To: Chris Hyzer <>, "" <>
  • Subject: [grouper-users] Re: finding entity privileges
  • Date: Tue, 11 Sep 2012 20:33:10 +0000
  • Accept-language: en-US

I compared the results with and without my changes and those seem to be identical.  Only thing that concerns me is results includes every single group entity is admin even though I am running the report as self (non-admin).  I was expecting result will only include groups that I am also a member.  That is our use case that only the members of the group can see who the admins of the group are.  Is this something that is supported in grouper? If so how would I configure that?

Thanks,
Rahul

From: Chris Hyzer <>
Date: Tuesday, September 11, 2012 3:39 PM
To: Rahul Doshi <>, "" <>
Subject: RE: finding entity privileges

I would think if the way it had it now was cached, then it runs that query once, and not again, it might be the fastest.  If not, then I think your way of getting only the memberships for the user/field/group is better then getting all groups the user has the field on.   I think your way sounds good if you see it working as far as accuracy and security…  it seems like kind of a central change though, if we aren’t 100% sure it is correct we should put it in the 2.2 branch…

 

Thanks,

Chris

 

From: [] On Behalf Of Rahul Doshi
Sent: Tuesday, September 11, 2012 12:53 PM
To:
Subject: [grouper-users] Re: finding entity privileges

 

I did more troubleshooting on this issue and found that method below gets called once for every single group  entity is admin while trying to determine whether entity has direct or indirect admin privilege to the group.  It appears method is taking long time to return because it tries to calculate effective membership of all the groups entity is member instead of just the group that is passed in as an argument.  I tried an alternate implementation where method just looks at the effective membership of group that is passed in.  It seems to have no performance issue but I wasn't sure whether it would have any side effects or would return incorrect results.  Thoughts?

 

/**

* Given a Group and Subject return the effective memberships keyed on

* the via group

* @param s

* @param group

* @param subject

* @param field

* @return Map keyed on via groups

* @throws Exception

*/

publicstatic Map getEffectiveMembershipsForGroupAndSubject(GrouperSession s,Group group,Subject subject,Field field) throws Exception{

Member member = MemberFinder.findBySubject(s,subject);

Map res = new HashMap();

Set memberships = member.getEffectiveMemberships(field);

Membership m;

Iterator it = memberships.iterator();

while(it.hasNext()){

m = (Membership)it.next();

if(m.getGroup().equals(group)) res.put(m.getViaGroup(),m);

}

return res;

}

 

 

publicstatic Map getEffectiveMembershipsForGroupAndSubject(GrouperSession s,Group group,Subject subject,Field field) throws Exception{

Member member = MemberFinder.findBySubject(s,subject);

Map res = new HashMap();

List<Member> memberList = new ArrayList<Member>();

memberList.add(member);

Set memberships = group.getEffectiveMemberships(field, memberList);

Membership m;

Iterator it = memberships.iterator();

while(it.hasNext()){

m = (Membership)it.next();

res.put(m.getViaGroup(),m);

}

return res;

}

 

Thanks,

Rahul

 

From: Rahul Doshi <>
Date: Friday, August 31, 2012 9:49 AM
To: "" <>
Subject: finding entity privileges

 

Logged in as admin in the Entity Details screen, if I run the filter "Show all GROUPS where this entity has the privilege admin" for an entity that is admin to say 100 groups, it returns instantly but if I run the same query logged in as self, I immediately see the count of groups and partial results but it takes about 2 minutes to print full list.  I have setup the page size as 100. From little troubleshooting that I did it doesn't appear a single SQL query is taking long time.  It's just lot of SQL getting executed to pull the results.  Is it expected behavior or there is some problem in my setup?

 

Thanks,

Rahul




Archive powered by MHonArc 2.6.16.

Top of Page