grouper-users - [grouper-users] RE: [JIRA] (GRP-1420) Member removal from group shows recent activity as GrouperSystem
Subject: Grouper Users - Open Discussion List
List archive
[grouper-users] RE: [JIRA] (GRP-1420) Member removal from group shows recent activity as GrouperSystem
Chronological Thread
- From: "Hyzer, Chris" <>
- To: " Mailing List" <>
- Subject: [grouper-users] RE: [JIRA] (GRP-1420) Member removal from group shows recent activity as GrouperSystem
- Date: Tue, 17 Jan 2017 07:59:40 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:G9lyhR8m+KBT7v9uRHKM819IXTAuvvDOBiVQ1KB20u0cTK2v8tzYMVDF4r011RmSDNmdsKwP0rOK+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZPebgFHiTanb75/LRq6oRjMusQZnIBvNrs/xhzVr3VSZu9Y33loJVWdnxb94se/4ptu+DlOtvwi6sBNT7z0c7w3QrJEAjsmNXs15NDwuhnYUQSP/HocXX4InRdOHgPI8Qv1Xpb1siv9q+p9xCyXNtD4QLwoRTiv6bpgRRn1gykFKjE56nnahMxugqxGvBKvqR9xw4DWb4GUKPVwcazScMgGRWVaQspdSzBNDp++YoYJEuEPPfxYr474p1YWoxewBwmtBeLxxT9SnnP9wLM30+Q7EQHHxwwsEc8FvXPRrNrpNKcTUeG0w7fSzTjYbvNWwivy5JLVchA5v/6MW7RwfdDPxkYyCgPIl1OdopHrMTOS0+QCqWmb7+x4WOKujW4ntx9+oiKpxsgylonFmJgZxU7Z+iVkxos+ON62SFZjbNK6DJddtTuWOoR3T884Xm1luSg3xqcGtJKlZCQG1ZoqywLFZ/GDboSE+AzvWPuVLDtimX5oerOyihCv+ka60OL8TNO70FNSoypFjNbMsncN2gTL5MWbTfVx4lmt1S+R2g/R9+1IOEc0mrHFJJI7xb4wi4YTvl/EHi/rnkX5kbWadl0++uiv9+TofKnppoOdN49zjAHyKKMumtGjAeQ8NQgOWGub9f6g273k+E31WLRKjvsonanFqJ3WO9gXq6yjDwJa04sv8QuzAjao3dgCnXQLMkpJeBedgIjoP1HOLur4DfC6g1m0lTdk2/DGP73gA5rTNHjOi7bhfa1h5EJG1Qoz1c5Q55RSCr0bPv38R1LxuMTCDhAlKwy03/rnCNJl24MRQ2KPBbKZMLvMvl+S/+4vPvKMa5EPuDbmMPUl4//ujWQlmV8GY6Wlx5oXaHakHvt4OUWZZ2TjgssfHWsQoAUxUfHq2xW+VmsZaGy1Qrox/HQmE4+8Fq/CQJygmrqMwH39E5FLLkVPC1SNF3igU4SfR71EPC2IJdJ5nyZBSKOsUZQJ1BeyuRX8xqY9aOfY53tLm4jk0Y0/x/zBmAt2vRd0FcWGmSnZSmp0j3EFXRc3x6s5vFRwzFHF3KRl1a8LXedP7u9EB19pfaXXyPZ3Xoj/
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
https://bugs.internet2.edu/jira/browse/GRP-1420
Fixed in API 2.3.0 patch #43
Note, the fix should work in other places that are affected. If the session
acting as is GrouperSystem (and from a session, not from the actual ActAs
like in WS), then ignore it...
Try it out and let me know how it goes.
Thanks
Chris
-----Original Message-----
From: Chad Redman (JIRA)
[mailto:]
Sent: Thursday, November 17, 2016 11:50 AM
To: Hyzer, Chris
<>
Subject: [JIRA] (GRP-1420) Member removal from group shows recent activity as
GrouperSystem
Chad Redman created GRP-1420:
--------------------------------
Summary: Member removal from group shows recent activity as
GrouperSystem
Key: GRP-1420
URL: https://bugs.internet2.edu/jira/browse/GRP-1420
Project: Grouper
Issue Type: Improvement
Security Level: Standard (Standard bug, may impact functionality but
does not represent a security vulnerability)
Components: UI
Affects Versions: 2.3.0, 2.4.0
Reporter: Chad Redman
Assignee: Chris Hyzer
When adding a member to a group, Grouper stores the action in the audit log
with ACT_AS_MEMBER_ID field as the logged in user. However, removing a user
will store the entry with ACT_AS_MEMBER_ID as the GrouperSystem subject. In
both cases, the LOGGED_IN_MEMBER_ID field is the logged in user.
The recent activity page in the UI queries the act_as_member_id to populate
its list of recent actions. Thus, membership adds show up under the user's
recent activity, but deletes show up under GrouperSystem's.
UiV2Group::removeMembers performs member removals as GrouperSystem, with the
source code comment "subject has update, so this operation as root in case
removing affects the membership". So the audit logging is working as
designed. However, it is unexpected for the users, who can see member adds
but not deletes.
h3. Steps to reproduce
# Load the sample quick start data
# Log in as GrouperSystem
# Create test group qsuob:test:AdminAccess
# Grant admin to "babe" (Barry Benson)
# In tomcat, add "babe" to the tomcat-users.xml if needed
# In a different browser, login as "babe"
# Go to qsuob:test:AdminAccess
# Add bawi (Barry Windsor) as member
# Remove Barry Windsor as member
# Go to Recent Activity
h3. Result
- Recent activity for Barry Benson shows: Added Barry Windsor as a member of
the AdminAccess group.
- Recent activity for GrouperSystem shows: Deleted Barry Windsor as a member
of the AdminAccess group.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
- [grouper-users] RE: [JIRA] (GRP-1420) Member removal from group shows recent activity as GrouperSystem, Hyzer, Chris, 01/17/2017
Archive powered by MHonArc 2.6.19.