Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #10016 (closed)

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

Bug: webadmin remove self from group

Reported by: omero-qa Owned by: wmoore
Priority: major Milestone: OMERO-4.4.7
Component: WebAdmin Version: n.a.
Keywords: n.a. Cc: ned@…
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: 2013-01-15 (4)

Description

"I believe I had just removed myself from a couple of groups, leaving myself only in the group that I used to upload my data. I think it crashed when I left the admin page."

https://www.openmicroscopy.org/qa2/qa2/qa/feedback/4784/

Traceback (most recent call last):

  File "/home/omero/OMERO.server/lib/python/django/core/handlers/base.py", line 111, in get_response
    response = callback(request, *callback_args, **callback_kwargs)

  File "/home/omero/OMERO.server/lib/python/omeroweb/decorators.py", line 377, in wrapped
    retval = f(request, *args, **kwargs)

  File "/home/omero/OMERO.server/lib/python/omeroweb/webadmin/views.py", line 344, in index
    if conn.isAdmin():

  File "/home/omero/OMERO.server/lib/python/omero/gateway/__init__.py", line 1836, in isAdmin
    return self.getEventContext().isAdmin

  File "/home/omero/OMERO.server/lib/python/omero/gateway/__init__.py", line 1785, in getEventContext
    self._ctx = self._proxies['admin'].getEventContext()

  File "/home/omero/OMERO.server/lib/python/omero/gateway/__init__.py", line 3327, in __call__
    return self.handle_exception(e, *args, **kwargs)

  File "/home/omero/OMERO.server/lib/python/omeroweb/webclient/webclient_gateway.py", line 1876, in handle_exception
    e, *args, **kwargs)

  File "/home/omero/OMERO.server/lib/python/omero/gateway/__init__.py", line 3324, in __call__
    return self.f(*args, **kwargs)

  File "/home/omero/OMERO.server/lib/python/omero_api_IAdmin_ice.py", line 394, in getEventContext
    return _M_omero.api.IAdmin._op_getEventContext.invoke(self, ((), _ctx))

SecurityViolation: exception ::omero::SecurityViolation
{
    serverStackTrace = ome.conditions.SecurityViolation: User 2 is not a member of group 0 and cannot login
	at ome.security.basic.BasicSecuritySystem.loadEventContext(BasicSecuritySystem.java:380)
	at ome.security.basic.EventHandler.doLogin(EventHandler.java:210)
	at ome.security.basic.EventHandler.invoke(EventHandler.java:146)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:241)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:116)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
	at $Proxy78.getEventContext(Unknown Source)
	at sun.reflect.GeneratedMethodAccessor649.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
	at ome.security.basic.BasicSecurityWiring.invoke(BasicSecurityWiring.java:98)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.services.blitz.fire.AopContextInitializer.invoke(AopContextInitializer.java:43)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
	at $Proxy78.getEventContext(Unknown Source)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at ome.services.blitz.util.IceMethodInvoker.invoke(IceMethodInvoker.java:179)
	at ome.services.throttling.Callback.run(Callback.java:56)
	at ome.services.throttling.InThreadThrottlingStrategy.callInvokerOnRawArgs(InThreadThrottlingStrategy.java:56)
	at ome.services.blitz.impl.AbstractAmdServant.callInvokerOnRawArgs(AbstractAmdServant.java:150)
	at ome.services.blitz.impl.AdminI.getEventContext_async(AdminI.java:217)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
	at omero.cmd.CallContext.invoke(CallContext.java:59)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
	at $Proxy79.getEventContext_async(Unknown Source)
	at omero.api._IAdminTie.getEventContext_async(_IAdminTie.java:204)
	at omero.api._IAdminDisp.___getEventContext(_IAdminDisp.java:1405)
	at omero.api._IAdminDisp.__dispatch(_IAdminDisp.java:1561)
	at IceInternal.Incoming.invoke(Incoming.java:159)
	at Ice.ConnectionI.invokeAll(ConnectionI.java:2037)
	at Ice.ConnectionI.message(ConnectionI.java:972)
	at IceInternal.ThreadPool.run(ThreadPool.java:577)
	at IceInternal.ThreadPool.access$100(ThreadPool.java:12)
	at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)

    serverExceptionClass = ome.conditions.SecurityViolation
    message = User 2 is not a member of group 0 and cannot login
}


<WSGIRequest
GET:<QueryDict: {}>,
POST:<QueryDict: {}>,
COOKIES:{'__utma': '65601905.1757668320.1306890498.1306890498.1316938101.2',
 'sessionid': 'a9a7b33997bbc19b5fc54b17c2eb6764'},
META:{'CONTENT_LENGTH': '',
 'CONTENT_TYPE': '',
 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
 'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
 'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.5',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_COOKIE': '__utma=65601905.1757668320.1306890498.1306890498.1316938101.2; sessionid=a9a7b33997bbc19b5fc54b17c2eb6764',
 'HTTP_HOST': 'tralfaz.caltech.edu:8080',
 'HTTP_REFERER': 'http://tralfaz.caltech.edu:8080/webadmin/experimenters/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 5.1; rv:16.0) Gecko/20100101 Firefox/16.0',
 'PATH_INFO': u'/webadmin/',
 'QUERY_STRING': '',
 'REQUEST_METHOD': 'GET',
 'SCRIPT_NAME': u'',
 'SERVER_NAME': '_',
 'SERVER_PORT': '8080',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'wsgi.errors': <flup.server.fcgi_base.TeeOutputStream object at 0xb50f0cc>,
 'wsgi.input': <flup.server.fcgi_base.InputStream object at 0xb50f18c>,
 'wsgi.multiprocess': True,
 'wsgi.multithread': False,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}>

Change History (4)

comment:1 Changed 7 years ago by wmoore

  • Component changed from from QA to WebAdmin
  • Milestone changed from Unscheduled to OMERO-4.5
  • Priority changed from minor to major
  • Sprint set to 2012-12-18 (3)

comment:2 Changed 7 years ago by jburel

  • Sprint changed from 2012-12-18 (3) to 2013-01-15 (4)

Moved from sprint 2012-12-18 (3)

comment:3 Changed 7 years ago by wmoore

  • Resolution set to fixed
  • Status changed from new to closed

https://github.com/openmicroscopy/openmicroscopy/pull/565

comment:4 Changed 7 years ago by Will Moore <will@…>

(In [488a8b9a0af01237d6d88ce17947915cbac5df26/ome.git] on branch develop) Don't allow removal of 'system' from groups list. See #10016

Although we tried to prevent admins removing themselves from 'system' group, they could still do
this in the groups chooser.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.81251 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!