New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API: Regular user with group admin perms cannot alter group memberships #25496

Closed
dercorn opened this Issue Jul 15, 2016 · 6 comments

Comments

Projects
None yet
3 participants
@dercorn
Contributor

dercorn commented Jul 15, 2016

Steps to reproduce

  1. try something like this with a non-admin user with group admin permissions:
curl -X POST --user <user>:<password> https://owncloud.server/files82/ocs/v1.php/cloud/users/uiserid/groups/  -d groupid=“testgroup"
  1. Receive a status code of either 999 or 997

Expected behaviour

The API call should modify users group memberships.

Actual behaviour

You receive an error

This was tested on oc 8.2.5 and 9.0.3. This behaviour was consistent on both versions.

00005763

@cdamken

This comment has been minimized.

Show comment
Hide comment
@cdamken

cdamken Jul 27, 2016

Contributor

@DeepDiver1975 @PVince81 Any clue why can be modify the memberships?

Contributor

cdamken commented Jul 27, 2016

@DeepDiver1975 @PVince81 Any clue why can be modify the memberships?

@cdamken

This comment has been minimized.

Show comment
Hide comment
@cdamken

cdamken Jul 27, 2016

Contributor

@tomneedham I remember you created the API, could you tell us what should be expected?

how should be the behaviour with the group admins?

Contributor

cdamken commented Jul 27, 2016

@tomneedham I remember you created the API, could you tell us what should be expected?

how should be the behaviour with the group admins?

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Aug 8, 2016

Member

Does changing memberships work in the UI ?

Maybe there's a bug in this API. (note that the UI doesn't use this API)

Member

PVince81 commented Aug 8, 2016

Does changing memberships work in the UI ?

Maybe there's a bug in this API. (note that the UI doesn't use this API)

@PVince81 PVince81 added this to the 9.0.5 milestone Aug 8, 2016

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Aug 12, 2016

Member

You need to remove the trailing slash after "groups" to have the correct API call.

Still, it doesn't work on 9.0.4, confirmed.
From what I see in the code it only checks whether the user is an admin, not subadmin.

Member

PVince81 commented Aug 12, 2016

You need to remove the trailing slash after "groups" to have the correct API call.

Still, it doesn't work on 9.0.4, confirmed.
From what I see in the code it only checks whether the user is an admin, not subadmin.

@PVince81

This comment has been minimized.

Show comment
Hide comment
@PVince81

PVince81 Aug 12, 2016

Member

Fix is here #25788

Member

PVince81 commented Aug 12, 2016

Fix is here #25788

@PVince81 PVince81 closed this in #25788 Aug 15, 2016

@cdamken

This comment has been minimized.

Show comment
Hide comment
@cdamken

cdamken Aug 15, 2016

Contributor

Thanks @PVince81 !

Contributor

cdamken commented Aug 15, 2016

Thanks @PVince81 !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment