Uploaded image for project: 'Kuali Rice Development'
  1. Kuali Rice Development
  2. KULRICE-4575

IM Person doc should only allow editing of direct group memberships


    • Type: Bug Fix
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.0.3
    • Fix Version/s: 1.0.3
    • Component/s: Development
    • Labels:
    • Rice Module:
    • Application Requirement:
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required


      Currently, the UIDocumentServiceImpl#loadEntityToPersonDoc method pulls group memberships from GroupService#getGroupsForPrincipal. While wildly useful in other contexts (such as finding out which responsiblities a principal has through a group), in this context it's deadly: getGroupsForPrincipal returns all memberships in groups and all memberships implied by groups being members in other groups.

      Basically, if principal kmoutlaw is a member of group A, and group A is a member of group B, then when you do an IM Person doc on kmoutlaw, the memberships for both group A and group B are shown as editable. Editors might miss this and simply save the doc, thereby making kmoutlaw a direct member of group A and group B. The second time we open an IM person doc on kmoutlaw, both the direct membership to group B and the indirect membership (through group A) to group B are editable...which leads to optimistic lock exceptions.

      On the IM Person doc, only direct group memberships should be editable.

      Note from James on how to fix this issue (listed on KFSMI-5987):
      James Smith added a comment - 13/Sep/10 05:20 PM
      To fix said issue, I changed this line in UIDocumentServiceImpl#loadEntityToPersonDoc:

      List<? extends Group> groups = getGroupService().getGroupsForPrincipal(identityManagementPersonDocument.getPrincipalId());

      to this:

      List<? extends Group> groups = getGroupsByIds(getGroupService().getDirectGroupIdsForPrincipal(identityManagementPersonDocument.getPrincipalId()));

      and added this method (all of this is in UA's override of that service):


      • Looks up GroupInfo objects for each group id passed in
      • @param groupIds the List of group ids to look up GroupInfo records on
      • @return a List of GroupInfo records
        protected List<? extends Group> getGroupsByIds(List<String> groupIds) {
        List<GroupInfo> groups = new ArrayList<GroupInfo>();
        for (String groupId : groupIds) { final GroupInfo groupInfo = getGroupService().getGroupInfo(groupId); groups.add(groupInfo); }

        return groups;


          Issue Links


            dlemus Dan Lemus (Inactive) created issue -
            dlemus Dan Lemus (Inactive) made changes -
            Field Original Value New Value
            Link This issue fixes KFSMI-5987 [ KFSMI-5987 ]
            ewestfal Eric Westfall made changes -
            Assignee Jeremy Hanson [ jjhanso ]
            ewestfal Eric Westfall made changes -
            Fix Version/s 1.0.3 [ 15646 ]
            jjhanso Jeremy Hanson made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            jcoltrin Jessica Coltrin (Inactive) made changes -
            Status Resolved [ 5 ] Closed [ 6 ]
            spatterson Shem Patterson (Inactive) made changes -
            Workflow custom [ 86604 ] Copy of custom for rice [ 212224 ]
            spatterson Shem Patterson (Inactive) made changes -
            Workflow Copy of custom for rice [ 212224 ] custom [ 221972 ]
            spatterson Shem Patterson (Inactive) made changes -
            Workflow custom [ 221972 ] Rice Workflow [ 231720 ]


              • Assignee:
                jjhanso Jeremy Hanson
                dlemus Dan Lemus (Inactive)
              • Votes:
                0 Vote for this issue
                0 Start watching this issue


                • Created: