Details
-
Bug
-
Resolution: Unresolved
-
Minor
-
2.2.2
-
None
Description
From: Jeff McCullough
Sent: Saturday, October 17, 2015 2:09 PM
To: Chris Hyzer
Subject: Re: [grouper-users] Error when trying to add member + privs with only update priv for original user
We still on 2.2.1. I get upgrade it very soon.
Following your example, being logged in as that user... Correct, there is no priv tab but when the add member part of the screen is active, it would appear that the user can assign priv to someone they are adding. That is what I was trying to show in the second screen.
Jeff
Sent from my iPhone
On Oct 16, 2015, at 9:35 PM, Chris Hyzer wrote:
I don’t get it, can you give me more details please? What version are you on? I tried in 2.2.2.
I created a group, and allowed a user to READ/UPDATE (screenshot 1), then I logged in as that user, and I don’t see a privileges tab (screenshot 2). Where exactly do you see the privilege page if you are not an admin?
<image002.png>
From: grouper-users-request@internet2.edu On Behalf Of Jeff McCullough
Sent: Friday, October 16, 2015 10:34 PM
To: Grouper-Users
Subject: [grouper-users] Error when trying to add member + privs with only update priv for original user
When a user has update privs in a group and tries to add other members with privs (say update). The following error is displayed.
Error: null, group name: edu:berkeley:org:isp-folder:isp-admin, subject: Subject id: 322584, sourceId: ldap, privilege: update, Problem in HibernateSession: HibernateSession (12d94368): notNew, notReadonly, READ_WRITE_NEW, activeTransaction, session (130af474), Problem in HibernateSession: HibernateSession (54757c6): new, notReadonly, READ_WRITE_NEW, notActiveTransaction, session (130af474), Problem calling method addMemberSubmit on edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Group
Here is the group showing the privs:
<image003.png>
Here is the attempted addition (The acting user is Test, Emp-Faculty):
<image004.png>
While I realize that “update” priv really only allows membership updates, shouldn’t it be able to extend update privs to other members? If not, then maybe a more appropriate message is in order. Something like, “You need to have admin privs to extend privs to others.” Thoughts?
Jeff