Bug 55384 - Kelvin PUT retrieves all school groups
Summary: Kelvin PUT retrieves all school groups
Status: RESOLVED MOVED
Alias: None
Product: UCS@school
Classification: Unclassified
Component: HTTP-API (Kelvin)
Version: UCS@school 5.0
Hardware: Other Linux
: P5 normal
Target Milestone: ---
Assignee: Daniel Tröder
QA Contact:
URL: https://git.knut.univention.de/univen...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-11-04 09:58 CET by Tobias Wenzel
Modified: 2022-12-20 13:49 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Wenzel univentionstaff 2022-11-04 09:58:42 CET 
The User PUT get's all school groups, even if the user is not part of the respective school, like cn=OUschool2-DC-Edukativnetz,cn=ucsschool,cn=groups,dc=school,dc=local (so not the classes + workgroups, but this adds up in large environments like the id broker)

The problem seems to be located somewhere near get_udm_object (ucs-school-lib)

{
    "dn": "uid=demo_student,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=school,dc=local",
    "url": "https://10.207.200.56/ucsschool/kelvin/v1/users/demo_student",
    "ucsschool_roles": [
      "student:school:DEMOSCHOOL"
    ],
    "udm_properties": {
      "accountActivationDate": {
        "activation-date": null,
        "activation-time": null,
        "activation-timezone": "Europe/Berlin"
      },
      "displayName": "Demo Student",
      "divisNameAffix": null,
      "divisNickname": null,
      "e-mail": [
        "demo_student@demoschool.example.com"
      ],
      "networkAccess": false,
      "PasswordRecoveryEmail": null,
      "PasswordRecoveryEmailVerified": null,
      "pwdChangeNextLogin": false,
      "serviceprovider": [],
      "ucsschoolPurgeTimestamp": null,
      "uidNumber": 2007
    },
    "name": "demo_student",
    "school": "https://10.207.200.56/ucsschool/kelvin/v1/schools/DEMOSCHOOL",
    "firstname": "Demo",
    "lastname": "Student",
    "birthday": null,
    "disabled": false,
    "email": "demo_student@demoschool.example.com",
    "expiration_date": null,
    "record_uid": "demo_student",
    "roles": [
      "https://10.207.200.56/ucsschool/kelvin/v1/roles/student"
    ],
    "schools": [
      "https://10.207.200.56/ucsschool/kelvin/v1/schools/DEMOSCHOOL"
    ],
    "school_classes": {
      "DEMOSCHOOL": [
        "Democlass"
      ]
    },
    "workgroups": {},
    "source_uid": "DEMOID"
  }



2022-11-04 05:12:30 DEBUG [238][e5be5a5d1d] base_http.call_openapi:417  'search' 'users/user' -> udm_users_user_object_search_with_http_info(**{'hidden': 'true', 'filter': 'uid=demo_student', 'scope': 'sub'}) -> UsersUserList(1 * UsersUser) [200]
2022-11-04 05:12:30 DEBUG [238][e5be5a5d1d] base_http.get_json:309  GET 'https://backup1.school.local/univention/udm/ldap/base/' (**{'headers': {'Accept': 'application/json', 'X-Request-ID': 'e5be5a5d1da1421997176923534f902d'}, 'auth': ('cn=admin', '********')}) -> 200 ('OK')
2022-11-04 05:12:30 DEBUG [238][e5be5a5d1d] base.from_dn:1138  Looking up ImportUser with dn 'uid=demo_student,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=school,dc=local'
2022-11-04 05:12:30 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'users/user' -> udm_users_user_object_with_http_info(**{'dn': 'uid=demo_student,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=school,dc=local'}) -> UsersUser('uid=demo_student,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=school,dc=local') [200]
2022-11-04 05:12:30 DEBUG [238][e5be5a5d1d] base.from_udm_obj:1054  UDM object uid=demo_student,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=school,dc=local is not ImportUser, but actually ImportStudent
2022-11-04 05:12:30 INFO  [238][e5be5a5d1d] pyhooks_loader.get_hook_classes:118  Searching for hooks of type 'UserPyHook' in: /var/lib/ucs-school-import/kelvin-hooks...
2022-11-04 05:12:30 INFO  [238][e5be5a5d1d] pyhooks_loader.get_hook_classes:144  Found hook classes: 
2022-11-04 05:12:30 INFO  [238][e5be5a5d1d] pyhooks_loader.get_hook_objects:201  Loaded hooks: {}.
2022-11-04 05:12:30 INFO  [238][e5be5a5d1d] base.modify_without_hooks:694  Modifying ImportStudent(name='demo_student', school='DEMOSCHOOL', dn='uid=demo_student,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=school,dc=local')
2022-11-04 05:12:30 DEBUG [238][e5be5a5d1d] base.get_udm_object:913  Getting School UDM object by dn: ou=DEMOSCHOOL,dc=school,dc=local
2022-11-04 05:12:30 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'container/ou' -> udm_container_ou_object_with_http_info(**{'dn': 'ou=DEMOSCHOOL,dc=school,dc=local'}) -> ContainerOu('ou=DEMOSCHOOL,dc=school,dc=local') [200]
2022-11-04 05:12:30 DEBUG [238][e5be5a5d1d] base.get_only_udm_obj:1160  Getting ImportStudent UDM object by filter: (&(!(uid=demo_student))(mailPrimaryAddress=demo_student@demoschool.example.com))
2022-11-04 05:12:30 DEBUG [238][e5be5a5d1d] base_http.call_openapi:417  'search' 'container/ou' -> udm_container_ou_object_search_with_http_info(**{'hidden': 'true', 'filter': '(objectClass=ucsschoolOrganizationalUnit)', 'scope': 'sub'}) -> ContainerOuList(4 * ContainerOu) [200]
2022-11-04 05:12:30 DEBUG [238][e5be5a5d1d] base.from_dn:1138  Looking up School with dn 'ou=DEMOSCHOOL,dc=school,dc=local'
2022-11-04 05:12:30 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'container/ou' -> udm_container_ou_object_with_http_info(**{'dn': 'ou=DEMOSCHOOL,dc=school,dc=local'}) -> ContainerOu('ou=DEMOSCHOOL,dc=school,dc=local') [200]
2022-11-04 05:12:30 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'groups/group' -> udm_groups_group_object_with_http_info(**{'dn': 'cn=OUdemoschool-DC-Edukativnetz,cn=ucsschool,cn=groups,dc=school,dc=local'}) -> GroupsGroup('cn=OUdemoschool-DC-Edukativnetz,cn=ucsschool,cn=groups,dc=school,dc=local') [200]
2022-11-04 05:12:30 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'groups/group' -> udm_groups_group_object_with_http_info(**{'dn': 'cn=OUdemoschool-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,dc=school,dc=local'}) -> GroupsGroup('cn=OUdemoschool-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,dc=school,dc=local') [200]
2022-11-04 05:12:30 DEBUG [238][e5be5a5d1d] base.from_dn:1138  Looking up School with dn 'ou=school1,dc=school,dc=local'
2022-11-04 05:12:30 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'container/ou' -> udm_container_ou_object_with_http_info(**{'dn': 'ou=school1,dc=school,dc=local'}) -> ContainerOu('ou=school1,dc=school,dc=local') [200]
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'groups/group' -> udm_groups_group_object_with_http_info(**{'dn': 'cn=OUschool1-DC-Edukativnetz,cn=ucsschool,cn=groups,dc=school,dc=local'}) -> GroupsGroup('cn=OUschool1-DC-Edukativnetz,cn=ucsschool,cn=groups,dc=school,dc=local') [200]
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'groups/group' -> udm_groups_group_object_with_http_info(**{'dn': 'cn=OUschool1-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,dc=school,dc=local'}) -> GroupsGroup('cn=OUschool1-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,dc=school,dc=local') [200]
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base.from_dn:1138  Looking up School with dn 'ou=school2,dc=school,dc=local'
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'container/ou' -> udm_container_ou_object_with_http_info(**{'dn': 'ou=school2,dc=school,dc=local'}) -> ContainerOu('ou=school2,dc=school,dc=local') [200]
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'groups/group' -> udm_groups_group_object_with_http_info(**{'dn': 'cn=OUschool2-DC-Edukativnetz,cn=ucsschool,cn=groups,dc=school,dc=local'}) -> GroupsGroup('cn=OUschool2-DC-Edukativnetz,cn=ucsschool,cn=groups,dc=school,dc=local') [200]
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'groups/group' -> udm_groups_group_object_with_http_info(**{'dn': 'cn=OUschool2-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,dc=school,dc=local'}) -> GroupsGroup('cn=OUschool2-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,dc=school,dc=local') [200]
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base.from_dn:1138  Looking up School with dn 'ou=TESTSCHOOL,dc=school,dc=local'
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'container/ou' -> udm_container_ou_object_with_http_info(**{'dn': 'ou=TESTSCHOOL,dc=school,dc=local'}) -> ContainerOu('ou=TESTSCHOOL,dc=school,dc=local') [200]
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'groups/group' -> udm_groups_group_object_with_http_info(**{'dn': 'cn=OUtestschool-DC-Edukativnetz,cn=ucsschool,cn=groups,dc=school,dc=local'}) -> GroupsGroup('cn=OUtestschool-DC-Edukativnetz,cn=ucsschool,cn=groups,dc=school,dc=local') [200]
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'groups/group' -> udm_groups_group_object_with_http_info(**{'dn': 'cn=OUtestschool-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,dc=school,dc=local'}) -> GroupsGroup('cn=OUtestschool-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,dc=school,dc=local') [200]
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base.get_udm_object:913  Getting MailDomain UDM object by dn: cn=demoschool.example.com,cn=domain,cn=mail,dc=school,dc=local
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'mail/domain' -> udm_mail_domain_object_with_http_info(**{'dn': 'cn=demoschool.example.com,cn=domain,cn=mail,dc=school,dc=local'}) -> MailDomain('cn=demoschool.example.com,cn=domain,cn=mail,dc=school,dc=local') [200]
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base.get_only_udm_obj:1160  Getting SchoolClass UDM object by filter: name=Democlass
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base.call_hooks:497  Starting Group.call_hooks('pre', 'create') for Group(name='Domain Users DEMOSCHOOL', school='DEMOSCHOOL', dn='cn=Domain Users DEMOSCHOOL,cn=groups,ou=DEMOSCHOOL,dc=school,dc=local').
2022-11-04 05:12:31 INFO  [238][e5be5a5d1d] uldap_docker.__open:321  establishing new connection with retry_max=11
2022-11-04 05:12:31 INFO  [238][e5be5a5d1d] uldap_docker.bind:291  bind binddn=cn=admin,dc=school,dc=local
2022-11-04 05:12:31 INFO  [238][e5be5a5d1d] pyhooks_loader.get_hook_classes:118  Searching for hooks of type 'Hook' in: /var/lib/ucs-school-lib/kelvin-hooks...
2022-11-04 05:12:31 INFO  [238][e5be5a5d1d] pyhooks_loader.get_hook_classes:144  Found hook classes: 
2022-11-04 05:12:31 INFO  [238][e5be5a5d1d] pyhooks_loader.get_hook_objects:201  Loaded hooks: {}.
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base.get_only_udm_obj:1160  Getting Group UDM object by filter: name=Domain Users DEMOSCHOOL
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:417  'search' 'groups/group' -> udm_groups_group_object_search_with_http_info(**{'hidden': 'true', 'filter': 'name=Domain Users DEMOSCHOOL', 'position': 'dc=school,dc=local', 'scope': 'sub'}) -> GroupsGroupList(1 * GroupsGroup) [200]
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base.call_hooks:497  Starting SchoolClass.call_hooks('pre', 'create') for SchoolClass(name='DEMOSCHOOL-Democlass', school='DEMOSCHOOL', dn='cn=DEMOSCHOOL-Democlass,cn=klassen,cn=schueler,cn=groups,ou=DEMOSCHOOL,dc=school,dc=local').
2022-11-04 05:12:31 INFO  [238][e5be5a5d1d] uldap_docker.__open:321  establishing new connection with retry_max=11
2022-11-04 05:12:31 INFO  [238][e5be5a5d1d] uldap_docker.bind:291  bind binddn=cn=admin,dc=school,dc=local
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base.get_only_udm_obj:1160  Getting SchoolClass UDM object by filter: name=DEMOSCHOOL-Democlass
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:417  'search' 'groups/group' -> udm_groups_group_object_search_with_http_info(**{'hidden': 'true', 'filter': 'name=DEMOSCHOOL-Democlass', 'position': 'dc=school,dc=local', 'scope': 'sub'}) -> GroupsGroupList(1 * GroupsGroup) [200]
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base.call_hooks:497  Starting Group.call_hooks('pre', 'create') for Group(name='schueler-DEMOSCHOOL', school='DEMOSCHOOL', dn='cn=schueler-DEMOSCHOOL,cn=groups,ou=DEMOSCHOOL,dc=school,dc=local').
2022-11-04 05:12:31 INFO  [238][e5be5a5d1d] uldap_docker.__open:321  establishing new connection with retry_max=11
2022-11-04 05:12:31 INFO  [238][e5be5a5d1d] uldap_docker.bind:291  bind binddn=cn=admin,dc=school,dc=local
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base.get_only_udm_obj:1160  Getting Group UDM object by filter: name=schueler-DEMOSCHOOL
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:417  'search' 'groups/group' -> udm_groups_group_object_search_with_http_info(**{'hidden': 'true', 'filter': 'name=schueler-DEMOSCHOOL', 'position': 'dc=school,dc=local', 'scope': 'sub'}) -> GroupsGroupList(1 * GroupsGroup) [200]
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base.from_dn:1138  Looking up SchoolClass with dn 'cn=schueler-demoschool,cn=groups,ou=DEMOSCHOOL,dc=school,dc=local'
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'groups/group' -> udm_groups_group_object_with_http_info(**{'dn': 'cn=schueler-demoschool,cn=groups,ou=DEMOSCHOOL,dc=school,dc=local'}) -> GroupsGroup('cn=schueler-demoschool,cn=groups,ou=DEMOSCHOOL,dc=school,dc=local') [200]
2022-11-04 05:12:31 WARNING [238][e5be5a5d1d] base.from_udm_obj:1049  UDM object 'cn=schueler-demoschool,cn=groups,ou=DEMOSCHOOL,dc=school,dc=local' does not correspond to a Python class in the UCS school lib.
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base.from_dn:1138  Looking up WorkGroup with dn 'cn=schueler-demoschool,cn=groups,ou=DEMOSCHOOL,dc=school,dc=local'
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'groups/group' -> udm_groups_group_object_with_http_info(**{'dn': 'cn=schueler-demoschool,cn=groups,ou=DEMOSCHOOL,dc=school,dc=local'}) -> GroupsGroup('cn=schueler-demoschool,cn=groups,ou=DEMOSCHOOL,dc=school,dc=local') [200]
2022-11-04 05:12:31 WARNING [238][e5be5a5d1d] base.from_udm_obj:1049  UDM object 'cn=schueler-demoschool,cn=groups,ou=DEMOSCHOOL,dc=school,dc=local' does not correspond to a Python class in the UCS school lib.
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.save:677  Modifications to UdmObject('users/user', 'uid=demo_student,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=school,dc=local') found (ignore 'position'): {'options': {'pki': False, 'ucsschoolExam': False, 'ucsschoolStaff': False, 'ucsschoolStudent': True, 'ucsschoolTeacher': False, 'ucsschoolAdministrator': False}, 'position': 'cn=schueler,cn=users,ou=DEMOSCHOOL,dc=school,dc=local'}
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'update' 'users/user' -> udm_users_user_object_update_with_http_info(**{'users_user': {'options': {'pki': False, 'ucsschoolExam': False, 'ucsschoolStaff': False, 'ucsschoolStudent': True, 'ucsschoolTeacher': False, 'ucsschoolAdministrator': False}, 'position': 'cn=schueler,cn=users,ou=DEMOSCHOOL,dc=school,dc=local'}, 'dn': 'uid=demo_student,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=school,dc=local'}) -> NoneType(None) [204]
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:432  'get' 'users/user' -> udm_users_user_object_with_http_info(**{'dn': 'uid=demo_student,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=school,dc=local'}) -> UsersUser('uid=demo_student,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=school,dc=local') [200]
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base.get_only_udm_obj:1160  Getting ImportStudent UDM object by filter: username=demo_student
2022-11-04 05:12:31 DEBUG [238][e5be5a5d1d] base_http.call_openapi:417  'search' 'users/user' -> udm_users_user_object_search_with_http_info(**{'hidden': 'true', 'filter': 'username=demo_student', 'position': 'dc=school,dc=local', 'scope': 'sub'}) -> UsersUserList(1 * UsersUser) [200]
2022-11-04 05:12:31 INFO  [238][e5be5a5d1d] base.modify_without_hooks:724  ImportStudent(name='demo_student', school='DEMOSCHOOL', dn='uid=demo_student,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=school,dc=local') not modified. Nothing changed
2022-11-04 05:12:31 INFO  [238][None] timing.emit:132  TIMING: Wall:  832.0ms | CPU:  221.1ms | ucsschool.kelvin.routers.user.complete_update
2022-11-04 05:12:31 INFO  [238][None] h11_impl.send:480  172.17.42.1:59620 - "PUT /ucsschool/kelvin/v1/users/demo_student HTTP/1.1" 200