[GRP-209] make actAs in WS more usable Created: 25/Jan/09 Updated: 29/Jan/09 Resolved: 25/Jan/09 |
|
Status: | Resolved |
Project: | Grouper |
Component/s: | WS |
Affects Version/s: | 1.4.0 |
Fix Version/s: | 1.4.1 |
Type: | Improvement | Priority: | Major |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Fixed | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Issue Links: |
|
Description |
Users have had confusion with actAs, make it a little more flexible: 1. Allow a connecting use to act as himself |
Comments |
Comment by mchyzer [ 25/Jan/09 ] |
This is fixed. Here is my test case: wheel group: etc:sysadmingroup 0. Turn off the actAsCache ws.act.as.cache.minutes = 0
1. See that a normal user cannot act as: gsh 0% getMembers("etc:sysadmingroup"); gsh 1% delMember("etc:sysadmingroup", "10021368"); gsh 2% getMembers("etc:webServiceActAsGroup"); gsh 3% delMember("etc:webServiceActAsGroup", "10021368"); C:\mchyzer\isc\dev\grouper_v1_4\grouperClient\dist\institution\grouperClient.institution-1.4.0>java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup <works> C:\mchyzer\isc\dev\grouper_v1_4\grouperClient\dist\institution\grouperClient.institution-1.4.0>java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup --actAsSubjectId=GrouperSystem <expected exception> 2. See that a normal user can act as himself: C:\mchyzer\isc\dev\grouper_v1_4\grouperClient\dist\institution\grouperClient.institution-1.4.0>java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup --actAsSubjectId=10021368 3. See that a wheel user can act as anyone gsh 9% addMember("etc:sysadmingroup", "10021368"); C:\mchyzer\isc\dev\grouper_v1_4\grouperClient\dist\institution\grouperClient.institution-1.4.0>java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup --actAsSubjectId=GrouperSystem <works> 4. Take out of wheel and see it fail again: gsh 12% delMember("etc:sysadmingroup", "10021368"); C:\mchyzer\isc\dev\grouper_v1_4\grouperClient\dist\institution\grouperClient.institution-1.4.0>java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup --actAsSubjectId=GrouperSystem <expected exception> 5. Add to actAsGroup, and see it succeed gsh 13% addMember("etc:webServiceActAsGroup", "10021368"); C:\mchyzer\isc\dev\grouper_v1_4\grouperClient\dist\institution\grouperClient.institution-1.4.0>java -jar grouperClient.jar --operation=findGroupsWs --queryFilterType=FIND_BY_GROUP_NAME_APPROXIMATE --groupName=aStem:aGroup --actAsSubjectId=GrouperSystem <works> |