Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-2604

WS query can return data that is out of scope of the query.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • 2.4.0, 2.5.0
    • WS
    • None

    Description

      Setup to test:Setup to test:

      • Add a folder#1 Example: users:folders:USER_FOLDER:test-ws
      • And a group in the folder: users:folders:USER_FOLDER:test-ws:groupForWSRead
      • Add a subject to the group + SUBJECT_ID_VALUE to the group
      • Enable the WS user to read the users:folders:USER_FOLDER:test-wsOther:groupForWSRead group

       

      • Add a folder#2 Example: users:folders:USER_FOLDER:test-wsOther
      • And a group in the folder: users:folders:USER_FOLDER:test-wsOther:OthergroupForWSRead
      • Add a subject to the group + SUBJECT_ID_VALUE to the group
      • Enable the WS user to read the users:folders:USER_FOLDER:test-wsOther:OthergroupForWSRead group

       

      Test it:

      Do a WS call like the following: ( Non-existent stem in query)
      /v2.3.000/subjects/SUBJECT_ID_VALUE/groups?wsLiteObjectType=WsRestGetGroupsLiteRequest&stemName=users%3Afolders%3AUSER_FOLDER%3Atest-wsBAD&stemScope=ALL_IN_SUBTREE

      Results: return both groups. However the STEM asked for does not exist in Grouper, nor do the groups returned match the stem that was asked for.

       

      NOTE: An empty set would be ideal, But an "Error" (something like stem not found) would be reasonable too.

       

      NOTE: The query returns correct results ONLY when the stem that is asked for exists
      If you make a WS call with an existing stem you will get only the groups from that stem.

       

      /v2.3.000/subjects/SUBJECT_ID_VALUE/groups?wsLiteObjectType=WsRestGetGroupsLiteRequest&stemName=users%3Afolders%3AUSER_FOLDER%3Atest-ws&stemScope=ALL_IN_SUBTREE
           Only returns membership for users:folders:USER_FOLDER:test-ws:groupForWSRead

       

      /v2.3.000/subjects/SUBJECT_ID_VALUE/groups?wsLiteObjectType=WsRestGetGroupsLiteRequest&stemName=users%3Afolders%3AUSER_FOLDER%3Atest-wsOther&stemScope=ALL_IN_SUBTREE
            Only returns membership for users:folders:USER_FOLDER:test-wsOther:OthergroupForWSRead

       

      And if the WS users access is removed from the OthergroupForWSRead group

       

      Then the query for the existing stem that the user can not access correctly

      /v2.3.000/subjects/IDM800047602/groups?wsLiteObjectType=WsRestGetGroupsLiteRequest&stemName=users%3Afolders%3Ablack.123%3Atest-wsOther&stemScope=ALL_IN_SUBTREE
      returns NO groups

      Attachments

        Activity

          People

            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            carey.black@at.internet2.edu Carey Black (osu.edu)
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: