Grouper Users - Open Discussion List

[Chris Hyzer <>]

I made this change in v2.2, but you can make a change in 2.1 to fix the 
issue.  If you don't care about the response code, you should just need to 
change this in grouper-ws GrouperServiceLogic.java and rebuild the WS.

Around line 565:

FROM:

                      if (fieldName == null) {
                        // dont fail if already a direct member
                        hasEffective = member.isEffectiveMember(group);
                        hasImmediate = member.isImmediateMember(group);
                        if (hasImmediate) {
                          group.deleteMember(member);
                        }
                      } else {
                        // dont fail if already a direct member
                        hasEffective = member.isEffectiveMember(group, 
fieldName);
                        hasImmediate = member.isImmediateMember(group, 
fieldName);
                        if (hasImmediate) {
                          group.deleteMember(member, fieldName);
                        }
                      }

TO:

                      if (fieldName == null) {
                        // dont fail if already a direct member
                        hasEffective = member.isEffectiveMember(group);
                        hasImmediate = member.isImmediateMember(group);
                        group.deleteMember(member, false);
                      } else {
                        // dont fail if already a direct member
                        hasEffective = member.isEffectiveMember(group, 
fieldName);
                        hasImmediate = member.isImmediateMember(group, 
fieldName);
                        group.deleteMember(member, fieldname, false);
                      }


If you care about the response codes, you can see the diff of this commit 
(note, diffs might not work on the svn viewer, but you could diff the files 
in eclipse... (and don't worry about the unit test)

http://anonsvn.internet2.edu/viewvc/viewvc.py/i2mi?view=revision&revision=9059

Thanks
Chris


-----Original Message-----
From: Brad Westness 
[mailto:]
 
Sent: Thursday, June 12, 2014 1:19 PM
To: Chris Hyzer
Cc: 

Subject: Re: [grouper-users] Issue with DeleteMembers web service when acting 
as user with Update privilege

That'd be great!

Thanks,

-Brad

On Thursday, June 12, 2014 12:15:22 PM, Chris Hyzer wrote:
> It is a bug, I can give you a patch if you like...
>
> -----Original Message-----
> From: Brad Westness 
> [mailto:]
> Sent: Thursday, June 12, 2014 1:14 PM
> To: Chris Hyzer
> Cc: 
> 
> Subject: Re: [grouper-users] Issue with DeleteMembers web service when 
> acting as user with Update privilege
>
> Ah yep, looks like if they're both an Updater and a Reader it does the
> removal correctly. I'll have to follow up with my team to determine
> if/how we want to implement this workaround.
>
> Thanks,
>
>
> --
> Brad Westness
> Web Applications Developer
> University of Wisconsin | DoIT | Web and Mobile Solutions (WaMS)
> 608.890.3934
>
>
> On Thursday, June 12, 2014 12:00:36 PM, Chris Hyzer wrote:
>> Yeah, probably, what happens if the Updater is also a Reader? JOr will
>> that not work for you?
>>
>> Thanks,
>>
>> Chris
>>
>> *From:*
>> [mailto:]
>>  *On Behalf Of *Brad Westness
>> *Sent:* Thursday, June 12, 2014 12:57 PM
>> *To:* 
>> 
>> *Subject:* [grouper-users] Issue with DeleteMembers web service when
>> acting as user with Update privilege
>>
>> Hello,
>>
>> I'm receiving a result code of "SUCCESS_WASNT_IMMEDIATE" when
>> attempting to remove members from a group while acting as a user that
>> is in the Updater privilege for the group (with no other privileges).
>> The member I'm attempting to remove /is/ a direct member, verified
>> through the Grouper UI.
>>
>> Here's the request I'm sending:
>>
>> POST:
>> /grouper-ws/servicesRest/v2_1_5/groups/u%3anetid%3adaconner%3aa_update_only/members
>>
>> {
>>    "WsRestDeleteMemberRequest": {
>>      "actAsSubjectLookup": {
>>        "subjectId": "000000001518"
>>      },
>>      "subjectLookups": [
>>        {
>>          "subjectId": "000000001084"
>>        }
>>      ]
>>    }
>> }
>>
>>
>> And here's the response:
>>
>> {
>>    "WsDeleteMemberResults": {
>>      "responseMetadata": {
>>        "millis": "43",
>>        "serverVersion": "2.1.5"
>>      },
>>      "resultMetadata": {
>>        "resultCode": "SUCCESS",
>>        "resultMessage": "Success for: clientVersion: 2.1.5,
>> wsGroupLookup:
>> WsGroupLookup[pitGroups=[],groupName=u:netid:daconner:a_update_only],
>> subjectLookups: Array size: 1: [0]:
>> WsSubjectLookup[subjectId=000000001084]\n\n, actAsSubject:
>> WsSubjectLookup[subjectId=000000001518], fieldName: null, txType:
>> NONE\n, params: null",
>>        "success": "T"
>>      },
>>      "results": [
>>        {
>>          "resultMetadata": {
>>            "resultCode": "SUCCESS_WASNT_IMMEDIATE",
>>            "success": "T"
>>          },
>>          "wsSubject": {
>>            "id": "000000001084",
>>            "name": "MICHAEL TESSMER",
>>            "resultCode": "SUCCESS",
>>            "sourceId": "jdbc",
>>            "success": "T"
>>          }
>>        }
>>      ],
>>      "wsGroup": {
>>        "description": "a_update_only",
>>        "displayExtension": "a_update_only",
>>        "displayName": "u:netid:daconner:a_update_only",
>>        "extension": "a_update_only",
>>        "name": "u:netid:daconner:a_update_only",
>>        "typeOfGroup": "group",
>>        "uuid": "749909f32e364c6eb08ce6a679e622a2"
>>      }
>>    }
>> }
>>
>> Meanwhile, if I add the same member to a group of which the
>> "actAsSubject" user has the Admin privilege, it works:
>>
>> Request:
>>
>> POST:
>> /grouper-ws/servicesRest/v2_1_5/groups/u%3anetid%3adaconner%3aa_admin_only/members
>>
>> {
>>    "WsRestDeleteMemberRequest": {
>>      "actAsSubjectLookup": {
>>        "subjectId": "000000001518"
>>      },
>>      "subjectLookups": [
>>        {
>>          "subjectId": "000000001084"
>>        }
>>      ]
>>    }
>> }
>>
>> Response:
>> {
>>    "WsDeleteMemberResults": {
>>      "responseMetadata": {
>>        "millis": "127",
>>        "serverVersion": "2.1.5"
>>      },
>>      "resultMetadata": {
>>        "resultCode": "SUCCESS",
>>        "resultMessage": "Success for: clientVersion: 2.1.5,
>> wsGroupLookup:
>> WsGroupLookup[pitGroups=[],groupName=u:netid:daconner:a_admin_only],
>> subjectLookups: Array size: 1: [0]:
>> WsSubjectLookup[subjectId=000000001084]\n\n, actAsSubject:
>> WsSubjectLookup[subjectId=000000001518], fieldName: null, txType:
>> NONE\n, params: null",
>>        "success": "T"
>>      },
>>      "results": [
>>        {
>>          "resultMetadata": {
>>            "resultCode": "SUCCESS",
>>            "success": "T"
>>          },
>>          "wsSubject": {
>>            "id": "000000001084",
>>            "name": "MICHAEL TESSMER",
>>            "resultCode": "SUCCESS",
>>            "sourceId": "jdbc",
>>            "success": "T"
>>          }
>>        }
>>      ],
>>      "wsGroup": {
>>        "description": "a_admin_only",
>>        "displayExtension": "a_admin_only",
>>        "displayName": "u:netid:daconner:a_admin_only",
>>        "extension": "a_admin_only",
>>        "name": "u:netid:daconner:a_admin_only",
>>        "typeOfGroup": "group",
>>        "uuid": "e4aeb1d4d86b4f82815eabdb0b00e0b0"
>>      }
>>    }
>> }
>>
>> I've tried using the DeleteMemberLite service too, with the same
>> results. Is this a bug?
>>
>> Thanks,
>>
>> --
>> Brad Westness
>> Web Applications Developer
>> University of Wisconsin | DoIT | Web and Mobile Solutions (WaMS)
>> 608.890.3934
>>
>

--
Brad Westness
Web Applications Developer
University of Wisconsin | DoIT | Web and Mobile Solutions (WaMS)
608.890.3934