Description
0. There exists a subject SubjectA and an empty group GroupA in Grouper.
1. The Grouper System User (or Grouper Root) grants SubjectA the update privilege to GroupA.
2. SubjectA logs into Grouper via the UI.
3. SubjectA views GroupA via the "Manage Groups" functionality in the UI.
4. SubjectA grants itself the member privilege to GroupA
5. SubjectA lists the direct members of GroupA. This lists the only direct member SubjectA.
6. SubjectA clicks on the "is direct member" link to view/modify it's privileges. This lists only the member privilege. The update privilege granted by the Grouper System User is not listed here.
7. SubjectA now tries to revoke the member privilege to GroupA via the "saveGroupMember.do" action in the UI.
8. The "SaveGroupMemberAction" tries to update SubjectA's privileges.
9. The SaveGroupMemberAction throws a "InsufficientPrivilegeException" when it tries to revoke the update privilege. Then a NullPointerException is throw when the error handling in SaveGroupMemberAction tries to act on the message returned by InsufficientPrivilegeException.