Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege


Chronological Thread 
  • From: Brad Westness <>
  • To: Chris Hyzer <>
  • Cc: "" <>
  • Subject: Re: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege
  • Date: Thu, 12 Jun 2014 12:14:22 -0500

Ah yep, looks like if they're both an Updater and a Reader it does the removal correctly. I'll have to follow up with my team to determine if/how we want to implement this workaround.

Thanks,


--
Brad Westness
Web Applications Developer
University of Wisconsin | DoIT | Web and Mobile Solutions (WaMS)
608.890.3934


On Thursday, June 12, 2014 12:00:36 PM, Chris Hyzer wrote:
Yeah, probably, what happens if the Updater is also a Reader? JOr will
that not work for you?

Thanks,

Chris

*From:*
[mailto:]
*On Behalf Of *Brad Westness
*Sent:* Thursday, June 12, 2014 12:57 PM
*To:*

*Subject:* [grouper-users] Issue with DeleteMembers web service when
acting as user with Update privilege

Hello,

I'm receiving a result code of "SUCCESS_WASNT_IMMEDIATE" when
attempting to remove members from a group while acting as a user that
is in the Updater privilege for the group (with no other privileges).
The member I'm attempting to remove /is/ a direct member, verified
through the Grouper UI.

Here's the request I'm sending:

POST:
/grouper-ws/servicesRest/v2_1_5/groups/u%3anetid%3adaconner%3aa_update_only/members

{
"WsRestDeleteMemberRequest": {
"actAsSubjectLookup": {
"subjectId": "000000001518"
},
"subjectLookups": [
{
"subjectId": "000000001084"
}
]
}
}


And here's the response:

{
"WsDeleteMemberResults": {
"responseMetadata": {
"millis": "43",
"serverVersion": "2.1.5"
},
"resultMetadata": {
"resultCode": "SUCCESS",
"resultMessage": "Success for: clientVersion: 2.1.5,
wsGroupLookup:
WsGroupLookup[pitGroups=[],groupName=u:netid:daconner:a_update_only],
subjectLookups: Array size: 1: [0]:
WsSubjectLookup[subjectId=000000001084]\n\n, actAsSubject:
WsSubjectLookup[subjectId=000000001518], fieldName: null, txType:
NONE\n, params: null",
"success": "T"
},
"results": [
{
"resultMetadata": {
"resultCode": "SUCCESS_WASNT_IMMEDIATE",
"success": "T"
},
"wsSubject": {
"id": "000000001084",
"name": "MICHAEL TESSMER",
"resultCode": "SUCCESS",
"sourceId": "jdbc",
"success": "T"
}
}
],
"wsGroup": {
"description": "a_update_only",
"displayExtension": "a_update_only",
"displayName": "u:netid:daconner:a_update_only",
"extension": "a_update_only",
"name": "u:netid:daconner:a_update_only",
"typeOfGroup": "group",
"uuid": "749909f32e364c6eb08ce6a679e622a2"
}
}
}

Meanwhile, if I add the same member to a group of which the
"actAsSubject" user has the Admin privilege, it works:

Request:

POST:
/grouper-ws/servicesRest/v2_1_5/groups/u%3anetid%3adaconner%3aa_admin_only/members

{
"WsRestDeleteMemberRequest": {
"actAsSubjectLookup": {
"subjectId": "000000001518"
},
"subjectLookups": [
{
"subjectId": "000000001084"
}
]
}
}

Response:
{
"WsDeleteMemberResults": {
"responseMetadata": {
"millis": "127",
"serverVersion": "2.1.5"
},
"resultMetadata": {
"resultCode": "SUCCESS",
"resultMessage": "Success for: clientVersion: 2.1.5,
wsGroupLookup:
WsGroupLookup[pitGroups=[],groupName=u:netid:daconner:a_admin_only],
subjectLookups: Array size: 1: [0]:
WsSubjectLookup[subjectId=000000001084]\n\n, actAsSubject:
WsSubjectLookup[subjectId=000000001518], fieldName: null, txType:
NONE\n, params: null",
"success": "T"
},
"results": [
{
"resultMetadata": {
"resultCode": "SUCCESS",
"success": "T"
},
"wsSubject": {
"id": "000000001084",
"name": "MICHAEL TESSMER",
"resultCode": "SUCCESS",
"sourceId": "jdbc",
"success": "T"
}
}
],
"wsGroup": {
"description": "a_admin_only",
"displayExtension": "a_admin_only",
"displayName": "u:netid:daconner:a_admin_only",
"extension": "a_admin_only",
"name": "u:netid:daconner:a_admin_only",
"typeOfGroup": "group",
"uuid": "e4aeb1d4d86b4f82815eabdb0b00e0b0"
}
}
}

I've tried using the DeleteMemberLite service too, with the same
results. Is this a bug?

Thanks,

--
Brad Westness
Web Applications Developer
University of Wisconsin | DoIT | Web and Mobile Solutions (WaMS)
608.890.3934





Archive powered by MHonArc 2.6.16.

Top of Page