Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Nathan Weyenberg <>
  • Cc: Brad Westness <>, "" <>
  • Subject: RE: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege
  • Date: Tue, 1 Jul 2014 12:08:19 +0000
  • Accept-language: en-US

That’s weird that there is a typo there… sorry.  Needs to be capital N in fieldName.

 

TO:

                     if (fieldName == null) {
                       // dont fail if already a direct member
                       hasEffective = member.isEffectiveMember(group);
                       hasImmediate = member.isImmediateMember(group);
                       group.deleteMember(member, false);
                     } else {
                       // dont fail if already a direct member
                       hasEffective = member.isEffectiveMember(group, fieldName);
                       hasImmediate = member.isImmediateMember(group, fieldName);
                       group.deleteMember(member, fieldName, false);
                     }

 

Thanks,

Chris

 

From: Nathan Weyenberg [mailto:]
Sent: Tuesday, July 01, 2014 7:59 AM
To: Chris Hyzer
Cc: Brad Westness;
Subject: Re: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege

 

After applying the patch, upon compiling we get the following errors:

 

compile:

    [javac] /gams/test/grouper.ws-2.1.5/grouper-ws/build.xml:359: warning: 'includeantruntime' was not set, defaulting to build.sysclasspath=last; set to false for repeatable builds

    [javac] Compiling 1 source file to /gams/test/grouper.ws-2.1.5/grouper-ws/build/grouper-ws

    [javac] /gams/test/grouper.ws-2.1.5/grouper-ws/src/grouper-ws/edu/internet2/middleware/grouper/ws/GrouperServiceLogic.java:569: cannot find symbol

    [javac] symbol: variable fieldname

    [javac]                        group.deleteMember(member, fieldname, false);

    [javac]                                                   ^

    [javac] 1 error

 

BUILD FAILED

/gams/test/grouper.ws-2.1.5/grouper-ws/build.xml:380: The following error occurred while executing this line:

/gams/test/grouper.ws-2.1.5/grouper-ws/build.xml:481: The following error occurred while executing this line:

/gams/test/grouper.ws-2.1.5/grouper-ws/build.xml:359: Compile failed; see the compiler error output for details.

 

--Nathan

On Jun 23, 2014, at 5:27 AM, Chris Hyzer <> wrote:



I made this change in v2.2, but you can make a change in 2.1 to fix the issue.  If you don't care about the response code, you should just need to change this in grouper-ws GrouperServiceLogic.java and rebuild the WS.

Around line 565:

FROM:

                     if (fieldName == null) {
                       // dont fail if already a direct member
                       hasEffective = member.isEffectiveMember(group);
                       hasImmediate = member.isImmediateMember(group);
                       if (hasImmediate) {
                         group.deleteMember(member);
                       }
                     } else {
                       // dont fail if already a direct member
                       hasEffective = member.isEffectiveMember(group, fieldName);
                       hasImmediate = member.isImmediateMember(group, fieldName);
                       if (hasImmediate) {
                         group.deleteMember(member, fieldName);
                       }
                     }

TO:

                     if (fieldName == null) {
                       // dont fail if already a direct member
                       hasEffective = member.isEffectiveMember(group);
                       hasImmediate = member.isImmediateMember(group);
                       group.deleteMember(member, false);
                     } else {
                       // dont fail if already a direct member
                       hasEffective = member.isEffectiveMember(group, fieldName);
                       hasImmediate = member.isImmediateMember(group, fieldName);
                       group.deleteMember(member, fieldname, false);
                     }


If you care about the response codes, you can see the diff of this commit (note, diffs might not work on the svn viewer, but you could diff the files in eclipse... (and don't worry about the unit test)

http://anonsvn.internet2.edu/viewvc/viewvc.py/i2mi?view=revision&revision=9059

Thanks
Chris


-----Original Message-----
From: Brad Westness []
Sent: Thursday, June 12, 2014 1:19 PM
To: Chris Hyzer
Cc:
Subject: Re: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege

That'd be great!

Thanks,

-Brad

On Thursday, June 12, 2014 12:15:22 PM, Chris Hyzer wrote:

It is a bug, I can give you a patch if you like...

-----Original Message-----
From: Brad Westness []
Sent: Thursday, June 12, 2014 1:14 PM
To: Chris Hyzer
Cc:
Subject: Re: [grouper-users] Issue with DeleteMembers web service when acting as user with Update privilege

Ah yep, looks like if they're both an Updater and a Reader it does the
removal correctly. I'll have to follow up with my team to determine
if/how we want to implement this workaround.

Thanks,


--
Brad Westness
Web Applications Developer
University of Wisconsin | DoIT | Web and Mobile Solutions (WaMS)
608.890.3934


On Thursday, June 12, 2014 12:00:36 PM, Chris Hyzer wrote:

Yeah, probably, what happens if the Updater is also a Reader? JOr will
that not work for you?

Thanks,

Chris

*From:*
[] *On Behalf Of *Brad Westness
*Sent:* Thursday, June 12, 2014 12:57 PM
*To:*
*Subject:* [grouper-users] Issue with DeleteMembers web service when
acting as user with Update privilege

Hello,

I'm receiving a result code of "SUCCESS_WASNT_IMMEDIATE" when
attempting to remove members from a group while acting as a user that
is in the Updater privilege for the group (with no other privileges).
The member I'm attempting to remove /is/ a direct member, verified
through the Grouper UI.

Here's the request I'm sending:

POST:
/grouper-ws/servicesRest/v2_1_5/groups/u%3anetid%3adaconner%3aa_update_only/members

{
  "WsRestDeleteMemberRequest": {
    "actAsSubjectLookup": {
      "subjectId": "000000001518"
    },
    "subjectLookups": [
      {
        "subjectId": "000000001084"
      }
    ]
  }
}


And here's the response:

{
  "WsDeleteMemberResults": {
    "responseMetadata": {
      "millis": "43",
      "serverVersion": "2.1.5"
    },
    "resultMetadata": {
      "resultCode": "SUCCESS",
      "resultMessage": "Success for: clientVersion: 2.1.5,
wsGroupLookup:
WsGroupLookup[pitGroups=[],groupName=u:netid:daconner:a_update_only],
subjectLookups: Array size: 1: [0]:
WsSubjectLookup[subjectId=000000001084]\n\n, actAsSubject:
WsSubjectLookup[subjectId=000000001518], fieldName: null, txType:
NONE\n, params: null",
      "success": "T"
    },
    "results": [
      {
        "resultMetadata": {
          "resultCode": "SUCCESS_WASNT_IMMEDIATE",
          "success": "T"
        },
        "wsSubject": {
          "id": "000000001084",
          "name": "MICHAEL TESSMER",
          "resultCode": "SUCCESS",
          "sourceId": "jdbc",
          "success": "T"
        }
      }
    ],
    "wsGroup": {
      "description": "a_update_only",
      "displayExtension": "a_update_only",
      "displayName": "u:netid:daconner:a_update_only",
      "extension": "a_update_only",
      "name": "u:netid:daconner:a_update_only",
      "typeOfGroup": "group",
      "uuid": "749909f32e364c6eb08ce6a679e622a2"
    }
  }
}

Meanwhile, if I add the same member to a group of which the
"actAsSubject" user has the Admin privilege, it works:

Request:

POST:
/grouper-ws/servicesRest/v2_1_5/groups/u%3anetid%3adaconner%3aa_admin_only/members

{
  "WsRestDeleteMemberRequest": {
    "actAsSubjectLookup": {
      "subjectId": "000000001518"
    },
    "subjectLookups": [
      {
        "subjectId": "000000001084"
      }
    ]
  }
}

Response:
{
  "WsDeleteMemberResults": {
    "responseMetadata": {
      "millis": "127",
      "serverVersion": "2.1.5"
    },
    "resultMetadata": {
      "resultCode": "SUCCESS",
      "resultMessage": "Success for: clientVersion: 2.1.5,
wsGroupLookup:
WsGroupLookup[pitGroups=[],groupName=u:netid:daconner:a_admin_only],
subjectLookups: Array size: 1: [0]:
WsSubjectLookup[subjectId=000000001084]\n\n, actAsSubject:
WsSubjectLookup[subjectId=000000001518], fieldName: null, txType:
NONE\n, params: null",
      "success": "T"
    },
    "results": [
      {
        "resultMetadata": {
          "resultCode": "SUCCESS",
          "success": "T"
        },
        "wsSubject": {
          "id": "000000001084",
          "name": "MICHAEL TESSMER",
          "resultCode": "SUCCESS",
          "sourceId": "jdbc",
          "success": "T"
        }
      }
    ],
    "wsGroup": {
      "description": "a_admin_only",
      "displayExtension": "a_admin_only",
      "displayName": "u:netid:daconner:a_admin_only",
      "extension": "a_admin_only",
      "name": "u:netid:daconner:a_admin_only",
      "typeOfGroup": "group",
      "uuid": "e4aeb1d4d86b4f82815eabdb0b00e0b0"
    }
  }
}

I've tried using the DeleteMemberLite service too, with the same
results. Is this a bug?

Thanks,

--
Brad Westness
Web Applications Developer
University of Wisconsin | DoIT | Web and Mobile Solutions (WaMS)
608.890.3934

 


--
Brad Westness
Web Applications Developer
University of Wisconsin | DoIT | Web and Mobile Solutions (WaMS)
608.890.3934

 

Nathan Weyenberg

UW-Madison DoIT - Middleware

 


Archive powered by MHonArc 2.6.16.

Top of Page