Unable to assign users group membership

Developer Experience
1

Calling this URL: /api/group/members/assign/{usergroupId} with a POST method an ‘userID’ = ## set in the form-urlencoded data.

We get a response back with a 200 code, it shows the name of the user group we were trying to add the user to but it doesn’t have membership in the CMS.

Even get this message:
“message”: “Membership set for XXXX Users”,

Looking in the debug log, it looks like the SQL command may be referencing the user ID of the account that has API access.

The user ID sent to the API was 18, not 8 as seen in the log:

4/13/2021 9:39	API	POST	DEBUG		/group/members/assign/38	Loading 8. All Objects = 0

4/13/2021 9:39 API POST DEBUG /group/members/assign/38 "SET @userId=‘8’;
SET @isUserSpecific=‘0’;
SET @isEveryone=‘0’;

    SELECT 	`group`.group,
        `group`.groupId,
        `group`.isUserSpecific,
        `group`.isEveryone,
        `group`.libraryQuota,
        `group`.isSystemNotification,
        `group`.isDisplayNotification
    
      FROM `group`
     WHERE 1 = 1
     AND `group`.groupId IN (SELECT groupId FROM `lkusergroup` WHERE userId = @userId)  AND isUserSpecific = @isUserSpecific  AND isEveryone = @isEveryone ORDER BY `group`"

4/13/2021 9:39 API POST DEBUG /group/members/assign/38 “SET @userId=‘8’;
SELECT * FROM useroption WHERE userId = @userId
4/13/2021 9:39 API POST DEBUG /group/members/assign/38 "SET @access_token=‘HpoRFf17dg1sJnKhnXwQ11GABk1S3L01MbTaNkCv’;

        SELECT oauth_scopes.id, oauth_scopes.description
          FROM oauth_access_token_scopes
            INNER JOIN oauth_scopes ON oauth_access_token_scopes.scope = oauth_scopes.id
         WHERE access_token = @access_token
    "

4/13/2021 9:39 API POST DEBUG /group/members/assign/38 Assign User for groupId 38
4/13/2021 9:39 API POST DEBUG /group/members/assign/38 "SET @groupId=‘38’;
SET @isEveryone=‘0’;

    SELECT 	`group`.group,
        `group`.groupId,
        `group`.isUserSpecific,
        `group`.isEveryone,
        `group`.libraryQuota,
        `group`.isSystemNotification,
        `group`.isDisplayNotification
    
      FROM `group`
     WHERE 1 = 1
     AND `group`.groupId = @groupId  AND isEveryone = @isEveryone ORDER BY `group`"

4/13/2021 9:39 API POST DEBUG /group/members/assign/38 "
SELECT user.userId,
userName,
userTypeId,
email,
lastAccessed,
newUserWizard,
retired,
CSPRNG,
UserPassword AS password,
group.groupId,
group.group,
pages.pageId AS homePageId,
pages.title AS homePage,
user.firstName,
user.lastName,
user.phone,
user.ref1,
user.ref2,
user.ref3,
user.ref4,
user.ref5,
IFNULL(group.libraryQuota, 0) AS libraryQuota,
group.isSystemNotification,
group.isDisplayNotification,
user.isPasswordChangeRequired,
user.twoFactorTypeId,
user.twoFactorSecret,
user.twoFactorRecoveryCodes,
user.showContentFrom

          FROM `user`
            INNER JOIN lkusergroup
            ON lkusergroup.userId = user.userId
            INNER JOIN `group`
            ON `group`.groupId = lkusergroup.groupId
              AND isUserSpecific = 1
            LEFT OUTER JOIN `pages`
            ON pages.pageId = `user`.homePageId
         WHERE 1 = 1
      AND user.userId IN (SELECT userId FROM `lkusergroup` WHERE groupId IN (38)) ORDER BY userName"

4/13/2021 9:39 API POST INFO /group/members/assign/38 “Request stats: {
“default”: {
“select”: 9
},
“log”: {
“insert”: 10
},
“length”: 0.08898591995239258,
“memoryUsage”: 11330192,
“peakMemoryUsage”: 11386008
}.”

2

Can anybody else replicate this?

image

Double-checking
Calling this URL: /api/group/members/assign/{usergroupId} with a POST method an ‘userID’ = ## set in the form-urlencoded data.

{userGroupId} is the group ID of the User Group I want to add the user to. userID is the user ID of the user account I want to add.

3

I should add as well, using the same parameters, the /group/members/unassign works

4

You don’t need the form-urlencoded data that is only for put requests.
Also are you using the key as an array? Your form data key should be “userId[]”.
I have replicated post assign and unassign and it is working. But when I did the key as “userId” it did unassign all and not able to assign any user.

5

Haha yep, that was it! I re-read the swagger doc after seeing your post, guess I need to improve my reading comprehension! Thanks!