Closed ahelsing closed 9 years ago
member_authoritypolicy.json lists assertions: "ME.IS$PROJECT_LEADAND$SEARCHING_BYEMAIL<-CALLER", "ME.IS$PROJECT_ADMINAND$SEARCHING_BY_EMAIL<-CALLER",
and policies: "ME.MAY_$METHOD<-ME.IS_PROJECT_LEAD_AND_SEARCHINGEMAIL", "ME.MAY$METHOD<-ME.IS_PROJECT_ADMIN_AND_SEARCHING_EMAIL",
I don't know how this stuff works anymore, but I believe that the missing assertion is supposed to be added by guard_utils.assert_shares_project(), where it is called ME.IS_LEAD_AND_SEARCHING_EMAIL<-CALLER
So 2 things: 1) How is assert_shares_project called for this API method invocation? 2) There appears to be a mismatch in the name of the assertion/policy
Trac comment by ahelsing on 04-15-2014 at 14:55
2 issues:
Trac comment by ahelsing on 04-17-2014 at 14:52
Niky is trying to do a bulk upload of email addresses from the portal, and getting a bunch of authorization errors doing lookup_identifying_member_info.
She says it only happens when she includes a 'new' portal user. But this may mean only when she includes someone like RRB@clemson.edu, who has a mixed case email address.
The portal sends that email address all lowercase. Does chapi correctly handle that address coming in the query as lowercase, but mixed case in the DB?
We only see these errors in the last few days.
Sample errors:
Imported from trac ticket #269, created by ahelsing on 04-15-2014 at 14:54, last modified: 04-17-2014 at 15:01