LabKey · labkey-adam · Jun 10, 2024 · Jun 9, 2024
diff --git a/mGAP/src/org/labkey/mgap/mGAPController.java b/mGAP/src/org/labkey/mgap/mGAPController.java
@@ -399,7 +399,6 @@ public void validateForm(ApproveUserRequestsForm form, Errors errors)
         public Object execute(ApproveUserRequestsForm form, BindException errors) throws Exception
         {
             ApiSimpleResponse response = new ApiSimpleResponse();
-            MutableSecurityPolicy policy = new MutableSecurityPolicy(mGAPManager.get().getMGapContainer().getPolicy());
             List<SecurityManager.NewUserStatus> newUserStatusList = new ArrayList<>();
             List<User> existingUsersGivenAccess = new ArrayList<>();
             try (DbScope.Transaction transaction = CoreSchema.getInstance().getScope().ensureTransaction())
@@ -433,7 +432,7 @@ public Object execute(ApproveUserRequestsForm form, BindException errors) throws
                             u.setLastName((String)map.get("lastName"));
                             UserManager.updateUser(getUser(), u);
 
-                            if (st.isLdapEmail())
+                            if (st.isLdapOrSsoEmail())
                             {
                                 existingUsersGivenAccess.add(st.getUser());
                             }
@@ -449,23 +448,24 @@ public Object execute(ApproveUserRequestsForm form, BindException errors) throws
                     row.put("userId", u.getUserId());
                     Table.update(getUser(), ti, row, requestId);
 
-                    if (!policy.hasPermission(u, ReadPermission.class))
+                    Container mGapContainer = mGAPManager.get().getMGapContainer();
+
+                    if (!mGapContainer.hasPermission(u, ReadPermission.class))
                     {
+                        MutableSecurityPolicy policy = new MutableSecurityPolicy(mGapContainer.getPolicy());
                         policy.addRoleAssignment(u, ReaderRole.class);
+                        SecurityPolicyManager.savePolicy(policy, getUser());
                     }
                     else
                     {
                         _log.info("user already has read permission on mGAP container: " + u.getDisplayName(getUser()));
                     }
                 }
 
-                SecurityPolicyManager.savePolicy(policy, getUser());
-
                 transaction.commit();
             }
 
-            Set<User> allUsers = new HashSet<>();
-            allUsers.addAll(existingUsersGivenAccess);
+            Set<User> allUsers = new HashSet<>(existingUsersGivenAccess);
 
             //send emails:
             for (SecurityManager.NewUserStatus st : newUserStatusList)

diff --git a/mcc/src/org/labkey/mcc/MccController.java b/mcc/src/org/labkey/mcc/MccController.java
@@ -373,7 +373,7 @@ public Object execute(ApproveUserRequestsForm form, BindException errors) throws
                             u.setLastName((String)map.get("lastName"));
                             UserManager.updateUser(getUser(), u);
 
-                            if (st.isLdapEmail())
+                            if (st.isLdapOrSsoEmail())
                             {
                                 existingUsersGivenAccess.add(st.getUser());
                             }