if you leave a group via UI and leaving revokes view privs (or others), dont throw error

From: Jeff McCullough
Sent: Thursday, February 05, 2015 8:04 PM
To: Chris Hyzer
Cc: grouper-users
Subject: Re: [grouper-users] default membership privileges for new members, setting default browser view and removing quick links

Hi Chris,

This works beautifully. Thank you. There are two remaining questions.

What to do for groups that already exist in that folder? Get a list via sql and cycle through them?

In addition to adding read, I tried adding “update” such that whoever is in the group can change the membership of the group. This works for adding people to the group. For deletion there is one issue. If the logged in user tries to remove themselves from the group by either the “revoke membership” or “leave group”, there is an error. Their account is removed from the group though.

Error: Subject: Subject id: 212372, sourceId: ldap does not have view on group edu:berkeley:org:Calnet:test-for-update-folder:test-group-update, Problem calling method leaveGroup on edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Group

They can remove others with no issue, so it is just their own membership that is at issue. Is this expected behavior or a possible bug?. Here is the full error listing: (also attaching a screen shot of the privileges the account does have.)

2015-02-05 16:25:10,239: [http-8443-4] INFO EventLog.info(156) - - [6e748cf6c3684da389dac5fbdb5c10c8,'212372','person'] delete member: group='edu:berkeley:org:Calnet:test-for-update-folder:test-group-update' list='members' subject='212372'/'person'/'ldap' (19ms)
2015-02-05 16:25:10,316: [http-8443-4] INFO EventLog.info(156) - - [b9b4b9a868d54201a877069443a73f1c,'GrouperSystem','application'] session: start (0ms)
2015-02-05 16:25:10,335: [http-8443-4] ERROR GrouperUiRestServlet.doGet(321) - - Problem calling reflection from URL: edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Group.removeMember

edu.internet2.middleware.grouper.exception.InsufficientPrivilegeException: Subject: Subject id: 212372, sourceId: ldap does not have view on group edu:berkeley:org:Calnet:test-for-update-folder:test-group-update,
Problem calling method removeMember on edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Group
at edu.internet2.middleware.grouper.userData.GrouperUserDataApi$5.callback(GrouperUserDataApi.java:864)
at edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:974)
at edu.internet2.middleware.grouper.userData.GrouperUserDataApi.recentlyUsedGroupAdd(GrouperUserDataApi.java:852)
at edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Group.removeMember(UiV2Group.java:407)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at edu.internet2.middleware.grouper.util.GrouperUtil.invokeMethod(GrouperUtil.java:4002)
at edu.internet2.middleware.grouper.util.GrouperUtil.callMethod(GrouperUtil.java:3953)
at edu.internet2.middleware.grouper.j2ee.GrouperUiRestServlet.doGet(GrouperUiRestServlet.java:288)
at edu.internet2.middleware.grouper.j2ee.GrouperUiRestServlet.doPost(GrouperUiRestServlet.java:160)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:110)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at edu.internet2.middleware.grouper.ui.GrouperUiFilter.doFilter(GrouperUiFilter.java:1015)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jasig.cas.client.util.HttpServletRequestWrapperFilter.doFilter(HttpServletRequestWrapperFilter.java:75)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:201)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:558)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:745)