Master/Slave assets / ACLs with groups are not functioning

[Michiel.Schok]

Case:
asset '10063' from nibg-admin / app-id 3
mediafile '8447' is the original.

Get ACL:

<response>
  <header>
    <item_count>5</item_count>
    <item_count_total>5</item_count_total>
    <item_offset>0</item_offset>
    <request_class>mediamosa_rest_call_aut_mediafile_get_rights</request_class>
    <request_matched_method>GET</request_matched_method>
    <request_matched_uri>/mediafile/$mediafile_id/acl</request_matched_uri>
    <request_process_time>0.1822</request_process_time>
    <request_result>success</request_result>
    <request_result_description></request_result_description>
    <request_result_id>601</request_result_id>
    <request_uri>[GET] mediafile/8447/acl?user_id=nibg-admin</request_uri>
    <version>2.1.0.471:4baaff770915</version>
    <request_query_count>8</request_query_count>
  </header>
  <items>
    <item id="1">
      <aut_realm>@teleblik.nl</aut_realm>
    </item>
    <item id="2">
      <aut_domain>ACADEMIA.group</aut_domain>
    </item>
    <item id="3">
      <aut_realm>@ACADEMIA.group</aut_realm>
    </item>
    <item id="4">
      <aut_app>5</aut_app>
    </item>
    <item id="5">
      <aut_app>104</aut_app>
    </item>
  </items>
</response>

So it *is* slaved to SURFmedia (id 5), and it *is* protected via ACADEMIA.group and @ACADEMIA.group.

Who are on those groups?

<?xml version="1.0" encoding="UTF-8"?>
<response>
  <header>
    <item_count>2</item_count>
    <item_count_total>2</item_count_total>
    <item_offset>0</item_offset>
    <request_class>mediamosa_rest_call_aut_group_get_hostnames</request_class>
    <request_matched_method>GET</request_matched_method>
    <request_matched_uri>/autorisation_group/$groupname/hostname</request_matched_uri>
    <request_process_time>0.0649</request_process_time>
    <request_result>success</request_result>
    <request_result_description></request_result_description>
    <request_result_id>601</request_result_id>
    <request_uri>[GET] autorisation_group/@ACADEMIA.group/hostname</request_uri>
    <version>2.1.0.471:4baaff770915</version>
    <request_query_count>3</request_query_count>
  </header>
  <items>
    <item id="1">
      <hostname>@ibuildings.nl</hostname>
    </item>
    <item id="2">
      <hostname>@surfnet.nl</hostname>
    </item>
  </items>
</response>

and

<?xml version="1.0" encoding="UTF-8"?>
<response>
  <header>
    <item_count>1</item_count>
    <item_count_total>1</item_count_total>
    <item_offset>0</item_offset>
    <request_class>mediamosa_rest_call_aut_group_get_hostnames</request_class>
    <request_matched_method>GET</request_matched_method>
    <request_matched_uri>/autorisation_group/$groupname/hostname</request_matched_uri>
    <request_process_time>0.1322</request_process_time>
    <request_result>success</request_result>
    <request_result_description></request_result_description>
    <request_result_id>601</request_result_id>
    <request_uri>[GET] autorisation_group/ACADEMIA.group/hostname</request_uri>
    <version>2.1.0.471:4baaff770915</version>
    <request_query_count>3</request_query_count>
  </header>
  <items>
    <item id="1">
      <hostname>surfnet.nl</hostname>
    </item>
  </items>
</response>

And now we are going to look for the 'granted' field in /asset responses.

[GET] asset/10063?aut_realm=@teleblik.nl	TRUE	OK
[GET] asset/10063?aut_realm=@surfnet.nl	FALSE	NOT OK
[GET] asset/10063?aut_realm=surfnet.nl	FALSE	NOT OK

[Michiel.Schok]

I see that *exactly the same bug* creeped up in testing of 1.7. It was fixed in 1.7.3 (see ticket #218 in trac). Just retested that issue with that same asset-id / mediafile-id. Broken again.

Please make a thorough test for it, it is a crucial feature of MediaMosa / VP-Core and it breaks with every release...

[robert]

My bad, code fix slipped migration to 2.x. Migrated fix to 2.1.1, will be in release today (2.1.1).

[Michiel.Schok]

Looks allright now.