Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: [JIRA] (GRP-1480) users with admin priv can't remove group via subject page

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: [JIRA] (GRP-1480) users with admin priv can't remove group via subject page


Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: " Mailing List" <>
  • Subject: [grouper-users] RE: [JIRA] (GRP-1480) users with admin priv can't remove group via subject page
  • Date: Thu, 23 Mar 2017 13:47:49 +0000
  • Accept-language: en-US
  • Authentication-results: internet2.edu; dkim=none (message not signed) header.d=none;internet2.edu; dmarc=none action=none header.from=isc.upenn.edu;
  • Ironport-phdr: 9a23:qGTWHxbi0zMarhSsiopqk33/LSx+4OfEezUN459isYplN5qZrsS+bnLW6fgltlLVR4KTs6sC0LuL9f+7EjFeqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjSwbLdyIRmsrwjcuMYajItjJ60s1hbHv3xEdvhMy2h1P1yThRH85smx/J5n7Stdvu8q+tBDX6vnYak2VKRUAzs6PW874s3rrgTDQhCU5nQASGUWkwFHDBbD4RrnQ5r+qCr6tu562CmHIc37SK0/VDq+46t3ThLjlSEKPCM7/m7KkMx9lKJVrgy8qRxjzYDaY4+VO/h/fqzBct0VSnFMXtpKWCBdHo+wc5cDAugHMO1Fr4f9vVwOrR6mCAWiBu3uyj5JiWHs3aEizu8sDwHG3BYhH9IVvnjfsdL4NKIOXuC1zKjJzCvMb+lN1Df884jHbgotoeyUXb1ud8rRz1MjGB3YgVWNsIHoOS6e2OoKs2ie9eVgVOSvhnYmqwF3vjig2N0sio/XiYIJ1FzI7zt2z5soJdGgVUJ2ZcCoHIFNuyybNIZ6WMcvTmVytCon1rEKpZi2dzUJxpQ/3xPTdeaIf5SV7h/mSeqdPCp0iXdreL+wmxq+7U2tx+/iWcS7zFpHqy9InsfQunwQzxDf98aKRudn8kqlxDqDzR7f5vxALEwuiKbWKZ8sz7gtnZQJq0vDBDX5mEDuga+WaEok/u+o5vz/bLj6oZGQK5J4hhjjPKo2h8CzGOM4PRMQUGSB/uS8yaHj8lb+QLVXiP05j7PVsIjAJcQcuq62HRNa0poi6xa4CTeqytMYnWQbLFJBfxKHiIvpN0vSL/D/CPezm1WskDF1yPDaJrDtHI/CImTenLrkYLpx9lNQxQ89zd1Q+55YFrQMLfDtVUL+qNDVCxo0PxKoz+r6ENl905kRWWOLAq+XKqPStlqI6/oqI+aQZI8UuDf8JOY/5/P1jH85gkMScbO03ZsPdn+4GPJmL1+HbnXxn9cNCX0KsRYmTOz2lF2CViZeZ3moX6I7+zE7EJypDZ3aSoCwm7yOwj27HoZNa2BCC1CMCmvod56aV/sWaSKSJNNhnSIeVbinVYAhyQ+iuBXkxLV6M+qHshEf4Njszt9o/+DJ0Awp+CZvJ8Wbz2yXSWxoxCUFSyJ++al+pU17xR+n0LNkybQMGsZU+utESEInLpPG1MR7Dcz/QATMYo3PRVq7FIaIGzY0G5gR0s0DeQI1MNW4jwuJl36vCL8EhbGRLJ0v+eTBx3X3IYBwx2uQh/pptEUvXsYabT7uvaV47QWGX4M=
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

fixed in 2.3.0 ui patch #19

-----Original Message-----
From: Chad Redman (JIRA)
[mailto:]

Sent: Wednesday, February 01, 2017 10:10 AM
To: Hyzer, Chris
<>
Subject: [JIRA] (GRP-1480) users with admin priv can't remove group via
subject page

Chad Redman created GRP-1480:
--------------------------------

Summary: users with admin priv can't remove group via subject
page
Key: GRP-1480
URL: https://bugs.internet2.edu/jira/browse/GRP-1480
Project: Grouper
Issue Type: Bug
Components: UI
Affects Versions: 2.4.0, 2.3.0.patch
Reporter: Chad Redman
Assignee: Chris Hyzer


When a non-wheel user, with admin privileges but no explicit update privilege
on a group, tries to remove that group via a subject page, using the
checkboxes and the "Remove selected groups" button, the error is flashed:

{color:green}Error: group has errors removing 1 members, and successfully
removed 1 members{color}

This looks like it just needs a change in UiV2Subject.removeGroups, with a
group.hasUpdate(loggedInSubject) changed to a
group.canHavePrivilege(loggedInSubject, AccessPrivilege.UPDATE.getName(),
false). That fixed it for me when testing locally. There is another usage of
hasUpdate in removeGroup, but I didn't test that one.

The "successfully removed 1 members" on an error is also a bug, since it
wasn't an actual success. I think the successes++ line should be moved to the
inner block, right after group.deleteMember() is called.

h3. Steps to reproduce (unicon grouper-demo Docker image -- I used tag
2.3.0-2017-01-30):

1) As user banderson/password, log into http://192.168.99.100:8080/grouper
2) Add adoe as an admin of group courses:ACCT101
3) In a separate browser, log in as adoe/password
3) search user "asmith" and open the subject page
4) check checkbox for group ACCT101
5) Click Remove selected groups

Result: Error: group has errors removing 1 members, and successfully removed
1 members

h3. Potential patch:

{code:java}
---
a/grouper-ui/java/src/edu/internet2/middleware/grouper/grouperUi/serviceLogic/UiV2Subject.java
+++
b/grouper-ui/java/src/edu/internet2/middleware/grouper/grouperUi/serviceLogic/UiV2Subject.java
@@ -805,7 +805,7 @@ public class UiV2Subject {

@Override
public Object callback(GrouperSession grouperSession) throws
GrouperSessionException {
- if (group.hasUpdate(loggedInSubject)) {
+ if (group.canHavePrivilege(loggedInSubject,
AccessPrivilege.UPDATE.getName(), false)) {
return true;
}
return false;
@@ -816,9 +816,9 @@ public class UiV2Subject {
failures++;
} else {
group.deleteMember(membership.getMember(), false);
+ successes++;
}

- successes++;
} catch (Exception e) {
LOG.warn("Error with membership: " + membershipId + ", user: " +
loggedInSubject, e);
failures++;
{code}




--
This message was sent by Atlassian JIRA
(v7.2.6#72008)


  • [grouper-users] RE: [JIRA] (GRP-1480) users with admin priv can't remove group via subject page, Hyzer, Chris, 03/23/2017

Archive powered by MHonArc 2.6.19.

Top of Page