[GRP-209] make actAs in WS more usable Created: 25/Jan/09  Updated: 29/Jan/09  Resolved: 25/Jan/09

Status: Resolved
Project: Grouper
Component/s: WS
Affects Version/s: 1.4.0
Fix Version/s: 1.4.1

Type: Improvement Priority: Major
Reporter: Chris Hyzer (upenn.edu) Assignee: Chris Hyzer (upenn.edu)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Dependency
has dependent GRP-202 allow same actAs as user signed in, o... Resolved

 Description   

Users have had confusion with actAs, make it a little more flexible:

1. Allow a connecting use to act as himself
2. Allow wheel group members or GrouperSystem to act as anyone

 Comments   
Comment by mchyzer [ 25/Jan/09 ]

This is fixed.

Here is my test case:

wheel group: etc:sysadmingroup
GrouperSysAdmin
etc:webServiceActAsGroup

0. Turn off the actAsCache

ws.act.as.cache.minutes = 0

  1. make sure the user is not automatically put into wheel group in grouper.properties

1. See that a normal user cannot act as:

gsh 0% getMembers("etc:sysadmingroup");

gsh 1% delMember("etc:sysadmingroup", "10021368");

gsh 2% getMembers("etc:webServiceActAsGroup");

gsh 3% delMember("etc:webServiceActAsGroup", "10021368");

C:\mchyzer\isc\dev\grouper_v1_4\grouperClient\dist\institution\grouperClient.institution-1.4.0>java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup

<works>

C:\mchyzer\isc\dev\grouper_v1_4\grouperClient\dist\institution\grouperClient.institution-1.4.0>java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup --actAsSubjectId=GrouperSystem

<expected exception>

2. See that a normal user can act as himself:

C:\mchyzer\isc\dev\grouper_v1_4\grouperClient\dist\institution\grouperClient.institution-1.4.0>java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup --actAsSubjectId=10021368

3. See that a wheel user can act as anyone

gsh 9% addMember("etc:sysadmingroup", "10021368");

C:\mchyzer\isc\dev\grouper_v1_4\grouperClient\dist\institution\grouperClient.institution-1.4.0>java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup --actAsSubjectId=GrouperSystem

<works>

4. Take out of wheel and see it fail again:

gsh 12% delMember("etc:sysadmingroup", "10021368");

C:\mchyzer\isc\dev\grouper_v1_4\grouperClient\dist\institution\grouperClient.institution-1.4.0>java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup --actAsSubjectId=GrouperSystem

<expected exception>

5. Add to actAsGroup, and see it succeed

gsh 13% addMember("etc:webServiceActAsGroup", "10021368");

C:\mchyzer\isc\dev\grouper_v1_4\grouperClient\dist\institution\grouperClient.institution-1.4.0>java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup --actAsSubjectId=GrouperSystem

<works>

Generated at Sat Apr 27 01:38:33 UTC 2024 using Jira 9.4.18#940018-sha1:32a59db0b032756f9bbd6a22c656d21edb3fb41f.