Calling this URL: /api/group/members/assign/{usergroupId} with a POST method an ‘userID’ = ## set in the form-urlencoded data.
We get a response back with a 200 code, it shows the name of the user group we were trying to add the user to but it doesn’t have membership in the CMS.
Even get this message:
“message”: “Membership set for XXXX Users”,
Looking in the debug log, it looks like the SQL command may be referencing the user ID of the account that has API access.
The user ID sent to the API was 18, not 8 as seen in the log:
4/13/2021 9:39 API POST DEBUG /group/members/assign/38 Loading 8. All Objects = 0
4/13/2021 9:39 API POST DEBUG /group/members/assign/38 "SET @userId=‘8’;
SET @isUserSpecific=‘0’;
SET @isEveryone=‘0’;
SELECT `group`.group,
`group`.groupId,
`group`.isUserSpecific,
`group`.isEveryone,
`group`.libraryQuota,
`group`.isSystemNotification,
`group`.isDisplayNotification
FROM `group`
WHERE 1 = 1
AND `group`.groupId IN (SELECT groupId FROM `lkusergroup` WHERE userId = @userId) AND isUserSpecific = @isUserSpecific AND isEveryone = @isEveryone ORDER BY `group`"
4/13/2021 9:39 API POST DEBUG /group/members/assign/38 “SET @userId=‘8’;
SELECT * FROM useroption
WHERE userId = @userId”
4/13/2021 9:39 API POST DEBUG /group/members/assign/38 "SET @access_token=‘HpoRFf17dg1sJnKhnXwQ11GABk1S3L01MbTaNkCv’;
SELECT oauth_scopes.id, oauth_scopes.description
FROM oauth_access_token_scopes
INNER JOIN oauth_scopes ON oauth_access_token_scopes.scope = oauth_scopes.id
WHERE access_token = @access_token
"
4/13/2021 9:39 API POST DEBUG /group/members/assign/38 Assign User for groupId 38
4/13/2021 9:39 API POST DEBUG /group/members/assign/38 "SET @groupId=‘38’;
SET @isEveryone=‘0’;
SELECT `group`.group,
`group`.groupId,
`group`.isUserSpecific,
`group`.isEveryone,
`group`.libraryQuota,
`group`.isSystemNotification,
`group`.isDisplayNotification
FROM `group`
WHERE 1 = 1
AND `group`.groupId = @groupId AND isEveryone = @isEveryone ORDER BY `group`"
4/13/2021 9:39 API POST DEBUG /group/members/assign/38 "
SELECT user
.userId,
userName,
userTypeId,
email,
lastAccessed,
newUserWizard,
retired,
CSPRNG,
UserPassword AS password,
group.groupId,
group.group,
pages
.pageId AS homePageId,
pages
.title AS homePage,
user
.firstName,
user
.lastName,
user
.phone,
user
.ref1,
user
.ref2,
user
.ref3,
user
.ref4,
user
.ref5,
IFNULL(group.libraryQuota, 0) AS libraryQuota,
group
.isSystemNotification,
group
.isDisplayNotification,
user
.isPasswordChangeRequired,
user
.twoFactorTypeId,
user
.twoFactorSecret,
user
.twoFactorRecoveryCodes,
user
.showContentFrom
FROM `user`
INNER JOIN lkusergroup
ON lkusergroup.userId = user.userId
INNER JOIN `group`
ON `group`.groupId = lkusergroup.groupId
AND isUserSpecific = 1
LEFT OUTER JOIN `pages`
ON pages.pageId = `user`.homePageId
WHERE 1 = 1
AND user.userId IN (SELECT userId FROM `lkusergroup` WHERE groupId IN (38)) ORDER BY userName"
4/13/2021 9:39 API POST INFO /group/members/assign/38 “Request stats: {
“default”: {
“select”: 9
},
“log”: {
“insert”: 10
},
“length”: 0.08898591995239258,
“memoryUsage”: 11330192,
“peakMemoryUsage”: 11386008
}.”