44350 – workgroup wizard cannot remove users from a workgroup

Bug 44350 - workgroup wizard cannot remove users from a workgroup

Summary: workgroup wizard cannot remove users from a workgroup

Status:	CLOSED FIXED

Alias:	None

Product:	UCS@school
Classification:	Unclassified
Component:	UMC - Wizards
Version:	UCS@school 4.1 R2
Hardware:	Other Linux

Importance:	P5 normal
Target Milestone:	UCS@school 4.1 R2 v12
Assignee:	Daniel Tröder
QA Contact:	Florian Best

URL:
Keywords:

Duplicates (1):	44712 (view as bug list)
Depends on:
Blocks:	44351
	Show dependency tree / graph

Reported:	2017-04-11 16:30 CEST by Daniel Tröder
Modified:	2017-06-23 13:33 CEST (History)
CC List:	7 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2017051821000315
Bug group (optional):
Customer ID:	00009, 09711
Max CVSS v3 score:

Attachments
patch (2.68 KB, patch) 2017-05-10 14:15 CEST, Florian Best	Details \| Diff
squashed patch (6.91 KB, patch) 2017-05-22 15:38 CEST, Florian Best	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Tröder

2017-04-11 16:30:13 CEST

The UMC wizard to manage workgroups can add but not remove users from a workgroup.

Comment 1 Daniel Tröder

2017-04-18 16:08:24 CEST

r78817: refactor for better readability
r78818: fix UMC not removing users from workgroup

Package: ucs-school-umc-groups
Version: 6.0.4-2.83.201704181608
Branch: ucs_4.1-0
Scope: ucs-school-4.1r2

Comment 2 Daniel Tröder

2017-05-05 11:48:30 CEST

Before r78818 the UMC wizard did load the current group from LDAP (group_from_ldap) and checked its members for validity and modify-permissions. For example non-school users were removed. It did however not compare the resulting list ("users") with the one submitted by the user. So it was possible to add (valid) users, but users were never removed.

With r78818 only those users remain in the group, that are part of both the resulting list ("users") and the one submitted by the user (group_from_umc['members']).

Comment 3 Florian Best

2017-05-10 14:15:14 CEST

Created attachment 8835 [details]
patch

This was introduced by Bug #40539.

The fix is incorrect, as it removes way more group members than only those de-selected (e.g. depending on the LDAP ACL's of the user, school overlapping things, non-school-groups).
Attached is a untested patch which compares the old values with the new values directly.

Comment 4 Florian Best

2017-05-10 14:20:16 CEST

(In reply to Florian Best from comment #3)
> The fix is incorrect, as it removes way more group members than only those
> de-selected (e.g. depending on the LDAP ACL's of the user, school
> overlapping things, non-school-groups).
> Attached is a untested patch which compares the old values with the new
> values directly.
Also depending on the used flavor. "workgroup-admin" shows all objects while "workgroup" shows only students. Therefore this flavor would remove every teacher from the group.

Comment 5 Christina Scheinig

2017-05-18 12:45:12 CEST

I think a customer reported this issue in Ticket #2017051821000315

Comment 6 Daniel Tröder

2017-05-21 13:30:52 CEST

79461: fix removing to many users (patch by fbest)
79462: update advisory

ucs-school-umc-groups 7.0.0-5A~4.2.0.201705211327

Comment 7 Daniel Tröder

2017-05-21 13:33:18 CEST

Commits 78815 and 78816 belong really to UCS@school 4.2 Bug #44351.

Comment 8 Daniel Tröder

2017-05-21 13:39:05 CEST

79463: fix removing to many users (patch by fbest)
79464: update advisory

ucs-school-umc-groups 6.0.4-3.84.201705211336

Comment 9 Florian Best

2017-05-22 15:38:07 CEST

Created attachment 8867 [details]
squashed patch

@Christina: You can apply the patch with:
patch -p5 -d /usr/share/pyshared/univention/management/console/modules/schoolgroups/ < 44351.patch

Comment 10 Florian Best

2017-05-22 15:46:17 CEST

OK: fix
OK: YAML

Comment 11 Daniel Tröder

2017-05-30 14:55:32 CEST

*** Bug 44712 has been marked as a duplicate of this bug. ***

Comment 12 Sönke Schwardt-Krummrich

2017-06-23 13:33:13 CEST

UCS@school 4.1 R2 v12 has been released.

http://docs.software-univention.de/changelog-ucsschool-4.1R2v12-de.html

If this error occurs again, please clone this bug.