From 8f25eded5729fd52ae3ff1fe3ed6fa6b7bdbc332 Mon Sep 17 00:00:00 2001 From: Axel Stohn Date: Sun, 9 Jan 2022 09:30:57 -0700 Subject: [PATCH] fix member list access and no show main WG for admin --- Controller/GrouperGroupsController.php | 6 +--- Lib/GrouperApiAccess.php | 50 ++------------------------ 2 files changed, 4 insertions(+), 52 deletions(-) diff --git a/Controller/GrouperGroupsController.php b/Controller/GrouperGroupsController.php index 9adf400..4f353d2 100644 --- a/Controller/GrouperGroupsController.php +++ b/Controller/GrouperGroupsController.php @@ -726,11 +726,7 @@ private function breakoutGroups(array $recordSet, $type = 'basic') { $wgRec['workingDesc'] = $this->hackDescription($rec['description']); //Capturing record for incommon-collab since deleting a few lines below. if ($rec['WGApp'] == 'incommon-collab') { - if ($type == 'basic') { - //Removing record with stem of 'incommon-collab' since displaying on groups Member page, - // will show on Admin page - unset($wgRec['Groups'][$subCount]); - } + unset($wgRec['Groups'][$subCount]); } $subCount += 1; } diff --git a/Lib/GrouperApiAccess.php b/Lib/GrouperApiAccess.php index fefbac4..f336b95 100644 --- a/Lib/GrouperApiAccess.php +++ b/Lib/GrouperApiAccess.php @@ -264,20 +264,12 @@ public function removeDuplicates(array $arrOne, array $arrTwo) { public function getMembersInGroup(array $queryData) { try { - // First verify that user has read access to group - $privs = array('read', 'admin', 'update'); - if ($this->verifyPrivileges($queryData, $privs) === false) { - return array( - array( - "sourceId" => "ldap", - "name" => "You do not have access to memberships" - ) - ); - } - //Build request logic $usersToShow = array( "WsRestGetMembersRequest" => array( + "actAsSubjectLookup" => array( + "subjectId" => $queryData['userId'] + ), "wsGroupLookups" => array( array("groupName" => $queryData['groupName']) ), @@ -304,42 +296,6 @@ public function getMembersInGroup(array $queryData) { return array(); } - /** - * @param array $queryData Array of conditions for querying - * @param array $privilege attributes that need verifying for a user - * @return bool If user has said attribute correctly set - * @throws GrouperLiteException - */ - public function verifyPrivileges(array $queryData, array $privileges) { - //Build request logic - $verifyPrivs = array( - "WsRestGetGrouperPrivilegesLiteRequest" => array( - "privilegeName" => $privilege, - "groupName" => $queryData['groupName'], - "subjectId" => $queryData['userId'] - ) - ); - - $this->http->setHeader(array('Content-Type' => 'application/json', 'Accept' => 'application/json')); - $connectionUrl = "{$this->config['fullUrl']}/grouperPrivileges"; - - try { - $results = $this->http->sendRequest('POST', $connectionUrl, json_encode($verifyPrivs)); - - // Parse out relevant records to send front end - if (isset($results['WsGetGrouperPrivilegesLiteResult']['resultMetadata']['resultCode']) && $results['WsGetGrouperPrivilegesLiteResult']['resultMetadata']['resultCode'] != NULL) { - if ($results['WsGetGrouperPrivilegesLiteResult']['resultMetadata']['resultCode'] == 'SUCCESS_ALLOWED') { - return true; - } - } - } catch (Exception $e) { - CakeLog::write('error', __METHOD__ . ': An error occurred'); - throw $e; - } - - return false; - } - /** * Gets all Stems/Folders where User is admin/owner *