Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-1676

WS get attributes on stems fails, uses query with two WHERE clauses

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • 2.4.0
    • 2.3.0
    • WS
    • None

    Description

      WS query for attribute assignments on a stem fails for a non-wheel user.

       

      {{{ }}
      {{   "WsRestGetAttributeAssignmentsLiteRequest":{ }}
            "attributeAssignType":"stem",
            "wsOwnerStemName":"unc:app:its:o365:course:sp18:its:101:its101_sp18_gp02"
         }
      }

       

      Result is an exception response. Stack trace shows two where clauses in the query:

       

      {{Caused by: org.hibernate.hql.internal.ast.QuerySyntaxException: unexpected token: where near line 1, column 453 [select count(distinct aa)  from edu.internet2.middleware.grouper.attr.assign.AttributeAssign aa, edu.internet2.middleware.grouper.attr.AttributeDefName adn , MembershipEntry __attrDefMembershipTNB3J5XM, MembershipEntry __namingMembership where __namingMembership.ownerStemId = aa.ownerStemId and __namingMembership.fieldId in (:TNB3J5XO0, :TNB3J5XO1) and __namingMembership.memberUuid in (:TNB3J5XP0, :TNB3J5XP1) and __namingMembership.enabledDb = 'T' where  aa.attributeDefNameId = adn.id  and aa.attributeAssignTypeDb = 'stem'  and __attrDefMembershipTNB3J5XM.ownerAttrDefId = adn.attributeDefId and __attrDefMembershipTNB3J5XM.fieldId in (:TNB3J5XL0, :TNB3J5XL1) and __attrDefMembershipTNB3J5XM.memberUuid in (:TNB3J5XN0, :TNB3J5XN1) and __attrDefMembershipTNB3J5XM.enabledDb = 'T' and aa.enabledDb = 'T'  and aa.ownerStemId in (:TNB3J5XQ0) ]
      }}

       

      The issue appears to be in Hib3AttributeAssignDAO, a logic error when adding the optional naming clause. Fixes for me:

       

      @@ -3437,7 +3437,7 @@ public class Hib3AttributeAssignDAO extends Hib3DAO implements AttributeAssignDA
           boolean changedQuery = false;

           if (attributeCheckReadOnAttributeDef) {
      -      grouperSession.getNamingResolver().hqlFilterStemsWhereClause(
      +      changedQuery = grouperSession.getNamingResolver().hqlFilterStemsWhereClause(
               grouperSessionSubject, byHqlStatic,
               sqlTables, "aa.ownerStemId", NamingPrivilege.ATTRIBUTE_READ_PRIVILEGES);
      {{     }}}

       

       

      Minimal GSH script to verify bug (note values specific to our institution):

       

      import edu.internet2.middleware.grouper.internal.dao.hib3.Hib3AttributeAssignDAO

      GrouperSession gs = GrouperSession.startRootSession(true)
      Subject s = SubjectFinder.findByIdentifierAndSource("ldapauth/app_its_idm_grouper-ws", "app", true)
      GrouperSession session = GrouperSession.start(s)

      Set<AttributeAssign> assigns = new Hib3AttributeAssignDAO().findStemAttributeAssignments(
        null,  // attributeAssignIds
        null,  // attributeDefIds
        null,  // attributeDefNameIds
        ["3d23fdfb3cf1468d94a48f23000d7880"],  // stemIds
        null,  // actions
        true,  // enabled
        false, // includeAssignmentsOnAssignments
        null,  // attributeDefType
        null,  // attributeDefValueType
        null)   // theValue

      print assigns

       

       

      I'm also going to look at the tests, so not ready for a commit yet.

       

      Attachments

        Activity

          People

            chad.redman@at.internet2.edu Chad Redman (unc.edu)
            chad.redman@at.internet2.edu Chad Redman (unc.edu)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: