Since it's been over two years without any further information provided, we're closing this Jira issue for now. If more details become available in the future, we can reopen it. Thank you.

I tracked down where this was "removed" to https://sakaiproject.atlassian.net/browse/SAK-18258#icft=SAK-18258 but even if the site check is added back in there again it fails the permission check (which doesn't look like it was removed?)

This might need to be done better in the BaseAuthzGroupService as the save method is still checking explicit permissions against the realm.

It seems like the problem is that if you have a group ref like
/site/1ae1687a-896c-462a-93c3-b18522bafc42/group/285b20f3-eac9-4651-bae2-8bde83a15050

And the instructor isn't in it they fail the check.

I'd feel like this should also be checking permissions on
/site/1ae1687a-896c-462a-93c3-b18522bafc42/

But it doesn't seem to be doing that?

Yeah, I see what you mean now, thanks for the video. Though it was working for me on a course site with the instructor but not working on the mercury project site with the maintain role.

The code here does an allowUpdate on the group checking for realm.upd but for some reason it's not passing. I'll try to look more at it, have you tried other sites? I wonder if this is related to the changes here in https://sakaiproject.atlassian.net/browse/SAK-29401#icft=SAK-29401

Hi Matt

Thanks for looking at this. I re-tested and still see the same issue, see screen recording: https://drive.google.com/file/d/0B5TNYI-9f2V2ZUljRTFOcUlBblE/view?usp=sharing

I'm testing this on 11.x today and I can't reproduce any problems. I log in as instructor, add a group and I can set permissions for that group. Maybe you didn't have a group added? I'm going to close this as Cannot Reproduce. If you have more information maybe you can attach a video?