[GRP-1111] if you leave a group via UI and leaving revokes view privs (or
others), dont throw error Created: 06/Feb/15 Updated: 24/Feb/15 Resolved: 24/Feb/15
Status:
Project:
Component/s:
Affects
Version/s:
Fix Version/s:
Resolved
Grouper
UI
2.2.1
Type:
Reporter:
Resolution:
Labels:
Remaining
Estimate:
Time Spent:
Original
Estimate:
Bug
Chris Hyzer
Fixed
None
Not Specified
2.2.1.patch, 2.2.2, 2.3.0
Priority:
Assignee:
Votes:
Minor
Chris Hyzer
0
Not Specified
Not Specified
Description
From: Jeff McCullough
Sent: Thursday, February 05, 2015 8:04 PM
To: Chris Hyzer
Cc: grouper-users
Subject: Re: [grouper-users] default membership privileges for new members, setting default browser view and r
quick links
Hi Chris,
This works beautifully. Thank you. There are two remaining questions.
What to do for groups that already exist in that folder? Get a list via sql and cycle through them?
In addition to adding read, I tried adding “update” such that whoever is in the group can change the membership
group. This works for adding people to the group. For deletion there is one issue. If the logged in user tries to rem
themselves from the group by either the “revoke membership” or “leave group”, there is an error. Their account
removed from the group though.
Error: Subject: Subject id: 212372, sourceId: ldap does not have view on group edu:berkeley:org:Calnet:test-forfolder:test-group-update, Problem calling method leaveGroup on
edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Group
They can remove others with no issue, so it is just their own membership that is at issue. Is this expected behavio
possible bug?. Here is the full error listing: (also attaching a screen shot of the privileges the account does have.)
2015-02-05 16:25:10,239: [http-8443-4] INFO EventLog.info(156) - [6e748cf6c3684da389dac5fbdb5c10c8,'212372','person'] delete member: group='edu:berkeley:org:Calnet:test-fo
folder:test-group-update' list='members' subject='212372'/'person'/'ldap' (19ms)
2015-02-05 16:25:10,316: [http-8443-4] INFO EventLog.info(156) - [b9b4b9a868d54201a877069443a73f1c,'GrouperSystem','application'] session: start (0ms)
2015-02-05 16:25:10,335: [http-8443-4] ERROR GrouperUiRestServlet.doGet(321) - - Problem calling reflectio
URL: edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Group.removeMember
edu.internet2.middleware.grouper.exception.InsufficientPrivilegeException: Subject: Subject id: 212372, source
does not have view on group edu:berkeley:org:Calnet:test-for-update-folder:test-group-update,
Problem calling method removeMember on edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Gro
at edu.internet2.middleware.grouper.userData.GrouperUserDataApi$5.callback(GrouperUserDataApi.java:864)
at edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:974)
at
edu.internet2.middleware.grouper.userData.GrouperUserDataApi.recentlyUsedGroupAdd(GrouperUserDataApi
at edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Group.removeMember(UiV2Group.java:407)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at edu.internet2.middleware.grouper.util.GrouperUtil.invokeMethod(GrouperUtil.java:4002)
at edu.internet2.middleware.grouper.util.GrouperUtil.callMethod(GrouperUtil.java:3953)
at edu.internet2.middleware.grouper.j2ee.GrouperUiRestServlet.doGet(GrouperUiRestServlet.java:288)
at edu.internet2.middleware.grouper.j2ee.GrouperUiRestServlet.doPost(GrouperUiRestServlet.java:160)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:110)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at edu.internet2.middleware.grouper.ui.GrouperUiFilter.doFilter(GrouperUiFilter.java:1015)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jasig.cas.client.util.HttpServletRequestWrapperFilter.doFilter(HttpServletRequestWrapperFilter.java:75)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:201
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:558)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:745)
Comments
Comment by Chris Hyzer [ 24/Feb/15 ]
this is fixed in patch:
grouper_v2_2_1_ui_patch_11
commit:
https://github.com/Internet2/grouper/commit/bdebcec267c867666e4a42ce5decd173626201ae
Comment by Chris Hyzer [ 24/Feb/15 ]
[appadmin@i2midev1 patches]$ java -jar grouperInstaller.jar
Do you want to 'install' a new installation of grouper, 'upgrade' an existing installation
or 'patch' an existing installation
(enter: 'install', 'upgrade', 'patch' or blank for the default) [install]: patch
Enter in a Grouper temp directory to download tarballs (note: better if no spaces or special chars) [/opt/grouper/2
What do you want to patch? api, ui, ws, or psp? [api]: ui
Where is the grouper UI installed? /opt/tomcats/tomcat_d/webapps/grouper_v2_2
What do you want to do with patches (install, revert, status)? [install]:
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
There are no new API patches to install
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.

added to end of property file: grouper_v2_2_1_ui_patch_11.date = 2015/02/24 02:38:16
This patch requires all processes that user Grouper to be stopped.
Please stop these processes if they are running and press <enter> to continue...
Applying file: /opt/tomcats/tomcat_d/webapps/grouper_v2_2/WEB-INF/classes/edu/internet2/middleware/group
Applying file: /opt/tomcats/tomcat_d/webapps/grouper_v2_2/WEB-INF/classes/edu/internet2/middleware/group
Applying file: /opt/tomcats/tomcat_d/webapps/grouper_v2_2/WEB-INF/classes/edu/internet2/middleware/group
Applying file: /opt/tomcats/tomcat_d/webapps/grouper_v2_2/WEB-INF/classes/edu/internet2/middleware/group
Applying file: /opt/tomcats/tomcat_d/webapps/grouper_v2_2/WEB-INF/classes/edu/internet2/middleware/group
Applying file: /opt/tomcats/tomcat_d/webapps/grouper_v2_2/WEB-INF/classes/edu/internet2/middleware/group
Applying file: /opt/tomcats/tomcat_d/webapps/grouper_v2_2/WEB-INF/classes/edu/internet2/middleware/group
Applying file: /opt/tomcats/tomcat_d/webapps/grouper_v2_2/WEB-INF/classes/edu/internet2/middleware/group
Patch successfully applied: grouper_v2_2_1_ui_patch_11

added to end of property file: grouper_v2_2_1_ui_patch_11.state = applied
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
1.
Since patches were applied, you should delete files in your app server work directory,
in tomcat it is named 'work'. Hit <enter> to continue:
[appadmin@i2midev1 patches]$
Comment by Chris Hyzer [ 24/Feb/15 ]
Note, if you remove a membership, and then don’t have read or update, then you will be sent to the main groupe
Generated at Tue Feb 09 23:58:18 UTC 2016 using JIRA 6.4.11#64026sha1:78f6ec473a3f058bd5d6c30e9319c7ab376bdb9c.