Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-1215

unfriendly error when assigning privs and not have admin



    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 2.2.2
    • Fix Version/s: 2.2.2.patch, 2.2.3, 2.3.0
    • Component/s: UI
    • Labels:


      From: Jeff McCullough
      Sent: Saturday, October 17, 2015 2:09 PM
      To: Chris Hyzer
      Subject: Re: [grouper-users] Error when trying to add member + privs with only update priv for original user

      We still on 2.2.1. I get upgrade it very soon.

      Following your example, being logged in as that user... Correct, there is no priv tab but when the add member part of the screen is active, it would appear that the user can assign priv to someone they are adding. That is what I was trying to show in the second screen.


      Sent from my iPhone

      On Oct 16, 2015, at 9:35 PM, Chris Hyzer wrote:
      I don’t get it, can you give me more details please?  What version are you on? I tried in 2.2.2.

      I created a group, and allowed a user to READ/UPDATE (screenshot 1), then I logged in as that user, and I don’t see a privileges tab (screenshot 2). Where exactly do you see the privilege page if you are not an admin?


      From: grouper-users-request@internet2.edu On Behalf Of Jeff McCullough
      Sent: Friday, October 16, 2015 10:34 PM
      To: Grouper-Users
      Subject: [grouper-users] Error when trying to add member + privs with only update priv for original user

      When a user has update privs in a group and tries to add other members with privs (say update). The following error is displayed.

      Error: null, group name: edu:berkeley:org:isp-folder:isp-admin, subject: Subject id: 322584, sourceId: ldap, privilege: update, Problem in HibernateSession: HibernateSession (12d94368): notNew, notReadonly, READ_WRITE_NEW, activeTransaction, session (130af474), Problem in HibernateSession: HibernateSession (54757c6): new, notReadonly, READ_WRITE_NEW, notActiveTransaction, session (130af474), Problem calling method addMemberSubmit on edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Group

      Here is the group showing the privs:


      Here is the attempted addition (The acting user is Test, Emp-Faculty):


      While I realize that “update” priv really only allows membership updates, shouldn’t it be able to extend update privs to other members? If not, then maybe a more appropriate message is in order. Something like, “You need to have admin privs to extend privs to others.” Thoughts?


        Smart Checklist




              chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
              chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
              0 Vote for this issue
              1 Start watching this issue