Comment 1 Daniel Tröder 2017-04-18 16:08:24 CEST

r78817: refactor for better readability
r78818: fix UMC not removing users from workgroup

Package: ucs-school-umc-groups
Version: 6.0.4-2.83.201704181608
Branch: ucs_4.1-0
Scope: ucs-school-4.1r2

Comment 2 Daniel Tröder 2017-05-05 11:48:30 CEST

Before r78818 the UMC wizard did load the current group from LDAP (group_from_ldap) and checked its members for validity and modify-permissions. For example non-school users were removed. It did however not compare the resulting list ("users") with the one submitted by the user. So it was possible to add (valid) users, but users were never removed.

With r78818 only those users remain in the group, that are part of both the resulting list ("users") and the one submitted by the user (group_from_umc['members']).

Comment 3 Florian Best 2017-05-10 14:15:14 CEST

Created attachment 8835 [details]
patch

This was introduced by Bug #40539.

The fix is incorrect, as it removes way more group members than only those de-selected (e.g. depending on the LDAP ACL's of the user, school overlapping things, non-school-groups).
Attached is a untested patch which compares the old values with the new values directly.

Comment 4 Florian Best 2017-05-10 14:20:16 CEST

(In reply to Florian Best from comment #3)
> The fix is incorrect, as it removes way more group members than only those
> de-selected (e.g. depending on the LDAP ACL's of the user, school
> overlapping things, non-school-groups).
> Attached is a untested patch which compares the old values with the new
> values directly.
Also depending on the used flavor. "workgroup-admin" shows all objects while "workgroup" shows only students. Therefore this flavor would remove every teacher from the group.

Comment 5 Christina Scheinig 2017-05-18 12:45:12 CEST

I think a customer reported this issue in Ticket #2017051821000315

Comment 6 Daniel Tröder 2017-05-21 13:30:52 CEST

79461: fix removing to many users (patch by fbest)
79462: update advisory

ucs-school-umc-groups 7.0.0-5A~4.2.0.201705211327

Comment 7 Daniel Tröder 2017-05-21 13:33:18 CEST

Commits 78815 and 78816 belong really to UCS@school 4.2 Bug #44351.

Comment 8 Daniel Tröder 2017-05-21 13:39:05 CEST

79463: fix removing to many users (patch by fbest)
79464: update advisory

ucs-school-umc-groups 6.0.4-3.84.201705211336

Comment 9 Florian Best 2017-05-22 15:38:07 CEST

Created attachment 8867 [details]
squashed patch

@Christina: You can apply the patch with:
patch -p5 -d /usr/share/pyshared/univention/management/console/modules/schoolgroups/ < 44351.patch

Comment 10 Florian Best 2017-05-22 15:46:17 CEST

OK: fix
OK: YAML

Comment 11 Daniel Tröder 2017-05-30 14:55:32 CEST

*** Bug 44712 has been marked as a duplicate of this bug. ***

Comment 12 Sönke Schwardt-Krummrich 2017-06-23 13:33:13 CEST

UCS@school 4.1 R2 v12 has been released.

http://docs.software-univention.de/changelog-ucsschool-4.1R2v12-de.html

If this error occurs again, please clone this bug.