grouper-users - RE: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege
Subject: Grouper Users - Open Discussion List
List archive
RE: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege
Chronological Thread
- From: Chris Hyzer <>
- To: Brad Westness <>
- Cc: "" <>
- Subject: RE: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege
- Date: Mon, 23 Jun 2014 10:27:17 +0000
- Accept-language: en-US
I made this change in v2.2, but you can make a change in 2.1 to fix the
issue. If you don't care about the response code, you should just need to
change this in grouper-ws GrouperServiceLogic.java and rebuild the WS.
Around line 565:
FROM:
if (fieldName == null) {
// dont fail if already a direct member
hasEffective = member.isEffectiveMember(group);
hasImmediate = member.isImmediateMember(group);
if (hasImmediate) {
group.deleteMember(member);
}
} else {
// dont fail if already a direct member
hasEffective = member.isEffectiveMember(group,
fieldName);
hasImmediate = member.isImmediateMember(group,
fieldName);
if (hasImmediate) {
group.deleteMember(member, fieldName);
}
}
TO:
if (fieldName == null) {
// dont fail if already a direct member
hasEffective = member.isEffectiveMember(group);
hasImmediate = member.isImmediateMember(group);
group.deleteMember(member, false);
} else {
// dont fail if already a direct member
hasEffective = member.isEffectiveMember(group,
fieldName);
hasImmediate = member.isImmediateMember(group,
fieldName);
group.deleteMember(member, fieldname, false);
}
If you care about the response codes, you can see the diff of this commit
(note, diffs might not work on the svn viewer, but you could diff the files
in eclipse... (and don't worry about the unit test)
http://anonsvn.internet2.edu/viewvc/viewvc.py/i2mi?view=revision&revision=9059
Thanks
Chris
-----Original Message-----
From: Brad Westness
[mailto:]
Sent: Thursday, June 12, 2014 1:19 PM
To: Chris Hyzer
Cc:
Subject: Re: [grouper-users] Issue with DeleteMembers web service when acting
as user with Update privilege
That'd be great!
Thanks,
-Brad
On Thursday, June 12, 2014 12:15:22 PM, Chris Hyzer wrote:
> It is a bug, I can give you a patch if you like...
>
> -----Original Message-----
> From: Brad Westness
> [mailto:]
> Sent: Thursday, June 12, 2014 1:14 PM
> To: Chris Hyzer
> Cc:
>
> Subject: Re: [grouper-users] Issue with DeleteMembers web service when
> acting as user with Update privilege
>
> Ah yep, looks like if they're both an Updater and a Reader it does the
> removal correctly. I'll have to follow up with my team to determine
> if/how we want to implement this workaround.
>
> Thanks,
>
>
> --
> Brad Westness
> Web Applications Developer
> University of Wisconsin | DoIT | Web and Mobile Solutions (WaMS)
> 608.890.3934
>
>
> On Thursday, June 12, 2014 12:00:36 PM, Chris Hyzer wrote:
>> Yeah, probably, what happens if the Updater is also a Reader? JOr will
>> that not work for you?
>>
>> Thanks,
>>
>> Chris
>>
>> *From:*
>> [mailto:]
>> *On Behalf Of *Brad Westness
>> *Sent:* Thursday, June 12, 2014 12:57 PM
>> *To:*
>>
>> *Subject:* [grouper-users] Issue with DeleteMembers web service when
>> acting as user with Update privilege
>>
>> Hello,
>>
>> I'm receiving a result code of "SUCCESS_WASNT_IMMEDIATE" when
>> attempting to remove members from a group while acting as a user that
>> is in the Updater privilege for the group (with no other privileges).
>> The member I'm attempting to remove /is/ a direct member, verified
>> through the Grouper UI.
>>
>> Here's the request I'm sending:
>>
>> POST:
>> /grouper-ws/servicesRest/v2_1_5/groups/u%3anetid%3adaconner%3aa_update_only/members
>>
>> {
>> "WsRestDeleteMemberRequest": {
>> "actAsSubjectLookup": {
>> "subjectId": "000000001518"
>> },
>> "subjectLookups": [
>> {
>> "subjectId": "000000001084"
>> }
>> ]
>> }
>> }
>>
>>
>> And here's the response:
>>
>> {
>> "WsDeleteMemberResults": {
>> "responseMetadata": {
>> "millis": "43",
>> "serverVersion": "2.1.5"
>> },
>> "resultMetadata": {
>> "resultCode": "SUCCESS",
>> "resultMessage": "Success for: clientVersion: 2.1.5,
>> wsGroupLookup:
>> WsGroupLookup[pitGroups=[],groupName=u:netid:daconner:a_update_only],
>> subjectLookups: Array size: 1: [0]:
>> WsSubjectLookup[subjectId=000000001084]\n\n, actAsSubject:
>> WsSubjectLookup[subjectId=000000001518], fieldName: null, txType:
>> NONE\n, params: null",
>> "success": "T"
>> },
>> "results": [
>> {
>> "resultMetadata": {
>> "resultCode": "SUCCESS_WASNT_IMMEDIATE",
>> "success": "T"
>> },
>> "wsSubject": {
>> "id": "000000001084",
>> "name": "MICHAEL TESSMER",
>> "resultCode": "SUCCESS",
>> "sourceId": "jdbc",
>> "success": "T"
>> }
>> }
>> ],
>> "wsGroup": {
>> "description": "a_update_only",
>> "displayExtension": "a_update_only",
>> "displayName": "u:netid:daconner:a_update_only",
>> "extension": "a_update_only",
>> "name": "u:netid:daconner:a_update_only",
>> "typeOfGroup": "group",
>> "uuid": "749909f32e364c6eb08ce6a679e622a2"
>> }
>> }
>> }
>>
>> Meanwhile, if I add the same member to a group of which the
>> "actAsSubject" user has the Admin privilege, it works:
>>
>> Request:
>>
>> POST:
>> /grouper-ws/servicesRest/v2_1_5/groups/u%3anetid%3adaconner%3aa_admin_only/members
>>
>> {
>> "WsRestDeleteMemberRequest": {
>> "actAsSubjectLookup": {
>> "subjectId": "000000001518"
>> },
>> "subjectLookups": [
>> {
>> "subjectId": "000000001084"
>> }
>> ]
>> }
>> }
>>
>> Response:
>> {
>> "WsDeleteMemberResults": {
>> "responseMetadata": {
>> "millis": "127",
>> "serverVersion": "2.1.5"
>> },
>> "resultMetadata": {
>> "resultCode": "SUCCESS",
>> "resultMessage": "Success for: clientVersion: 2.1.5,
>> wsGroupLookup:
>> WsGroupLookup[pitGroups=[],groupName=u:netid:daconner:a_admin_only],
>> subjectLookups: Array size: 1: [0]:
>> WsSubjectLookup[subjectId=000000001084]\n\n, actAsSubject:
>> WsSubjectLookup[subjectId=000000001518], fieldName: null, txType:
>> NONE\n, params: null",
>> "success": "T"
>> },
>> "results": [
>> {
>> "resultMetadata": {
>> "resultCode": "SUCCESS",
>> "success": "T"
>> },
>> "wsSubject": {
>> "id": "000000001084",
>> "name": "MICHAEL TESSMER",
>> "resultCode": "SUCCESS",
>> "sourceId": "jdbc",
>> "success": "T"
>> }
>> }
>> ],
>> "wsGroup": {
>> "description": "a_admin_only",
>> "displayExtension": "a_admin_only",
>> "displayName": "u:netid:daconner:a_admin_only",
>> "extension": "a_admin_only",
>> "name": "u:netid:daconner:a_admin_only",
>> "typeOfGroup": "group",
>> "uuid": "e4aeb1d4d86b4f82815eabdb0b00e0b0"
>> }
>> }
>> }
>>
>> I've tried using the DeleteMemberLite service too, with the same
>> results. Is this a bug?
>>
>> Thanks,
>>
>> --
>> Brad Westness
>> Web Applications Developer
>> University of Wisconsin | DoIT | Web and Mobile Solutions (WaMS)
>> 608.890.3934
>>
>
--
Brad Westness
Web Applications Developer
University of Wisconsin | DoIT | Web and Mobile Solutions (WaMS)
608.890.3934
- [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege, Brad Westness, 06/12/2014
- RE: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege, Chris Hyzer, 06/12/2014
- Re: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege, Brad Westness, 06/12/2014
- RE: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege, Chris Hyzer, 06/12/2014
- Re: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege, Brad Westness, 06/12/2014
- RE: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege, Chris Hyzer, 06/23/2014
- Re: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege, Brad Westness, 06/12/2014
- RE: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege, Chris Hyzer, 06/12/2014
- Re: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege, Brad Westness, 06/12/2014
- RE: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege, Chris Hyzer, 06/12/2014
Archive powered by MHonArc 2.6.16.