conn.setMembersOfGroup SecurityViolation cannot give administrator privileges that current user does not have #660
Description
https://qa.openmicroscopy.org/qa/feedback/91987/
File "/opt/omero/web/venv-3.12/lib64/python3.12/site-packages/omeroweb/webadmin/views.py", line 885, in manage_group
removalFails = conn.setMembersOfGroup(group, new_members)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/omero/web/venv-3.12/lib64/python3.12/site-packages/omeroweb/webclient/webclient_gateway.py", line 1360, in setMembersOfGroup
admin_serv.addGroups(e._obj, [group._obj])
File "/opt/omero/web/venv-3.12/lib64/python3.12/site-packages/omero/gateway/__init__.py", line 4873, in __call__
return self.handle_exception(e, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/omero/web/venv-3.12/lib64/python3.12/site-packages/omeroweb/webclient/webclient_gateway.py", line 2106, in handle_exception
super(OmeroWebSafeCallWrapper, self).handle_exception(e, *args, **kwargs)
File "/opt/omero/web/venv-3.12/lib64/python3.12/site-packages/omero/gateway/__init__.py", line 4870, in __call__
return self.f(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/omero/web/venv-3.12/lib64/python3.12/site-packages/omero_api_IAdmin_ice.py", line 1970, in addGroups
return _M_omero.api.IAdmin._op_addGroups.invoke(self, ((user, groups), _ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
omero.SecurityViolation: exception ::omero::SecurityViolation
{
serverStackTrace = ome.conditions.SecurityViolation: cannot give administrator privileges that current user does not have
at ome.logic.AdminImpl.assertNoPrivilegeElevation(AdminImpl.java:1659)