Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #11375 (new)

Opened 6 years ago

Last modified 4 years ago

Bug: permissions test throws wrong exception

Reported by: cblackburn Owned by: jamoore
Priority: minor Milestone: Permissions
Component: Security Version: 4.4.8
Keywords: n.a. Cc:
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: n.a.

Description

The Python test:

integration.permissions.testSaveBadLink

Throws a SecurityViolation when it should throw a GroupSecurityViolation See exception in comment below.

Change History (3)

comment:1 Changed 6 years ago by cblackburn

ERROR: testSaveBadLink (test.integration.permissions.TestPermissions)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/cblackburn/Work/repos/ome/components/tools/OmeroPy/test/integration/permissions.py", line 652, in testSaveBadLink
    update.saveAndReturnObject, image)
  File "/usr/local/Cellar/python/2.7.4/Frameworks/Python.framework/Versions/2.7/lib/python2.7/unittest/case.py", line 476, in assertRaises
    callableObj(*args, **kwargs)
  File "/Users/cblackburn/Work/repos/ome/components/tools/OmeroPy/target/omero_api_IUpdate_ice.py", line 101, in saveAndReturnObject
    return _M_omero.api.IUpdate._op_saveAndReturnObject.invoke(self, ((obj, ), _ctx))
SecurityViolation: exception ::omero::SecurityViolation
{
    serverStackTrace = ome.conditions.SecurityViolation: You are not authorized to set the ExperimenterGroup for ome.model.annotations.TagAnnotation:Id_1176 to ome.model.meta.ExperimenterGroup:Id_1009
	at ome.security.basic.OmeroInterceptor.newTransientDetails(OmeroInterceptor.java:601)
	at ome.security.basic.OmeroInterceptor.onSave(OmeroInterceptor.java:157)
	at org.hibernate.event.def.AbstractSaveEventListener.substituteValuesIfNecessary(AbstractSaveEventListener.java:414)
	at org.hibernate.event.def.AbstractSaveEventListener.performSaveOrReplicate(AbstractSaveEventListener.java:293)
	at org.hibernate.event.def.AbstractSaveEventListener.performSave(AbstractSaveEventListener.java:204)
	at org.hibernate.event.def.AbstractSaveEventListener.saveWithGeneratedId(AbstractSaveEventListener.java:144)
	at org.hibernate.event.def.DefaultMergeEventListener.saveTransientEntity(DefaultMergeEventListener.java:415)
	at org.hibernate.event.def.DefaultMergeEventListener.mergeTransientEntity(DefaultMergeEventListener.java:341)
	at org.hibernate.event.def.DefaultMergeEventListener.entityIsTransient(DefaultMergeEventListener.java:303)
	at org.springframework.orm.hibernate3.support.IdTransferringMergeEventListener.entityIsTransient(IdTransferringMergeEventListener.java:59)
	at ome.security.basic.MergeEventListener.entityIsTransient(MergeEventListener.java:161)
	at org.hibernate.event.def.DefaultMergeEventListener.onMerge(DefaultMergeEventListener.java:258)
	at ome.security.basic.MergeEventListener.onMerge(MergeEventListener.java:94)
	at org.hibernate.impl.SessionImpl.fireMerge(SessionImpl.java:871)
	at org.hibernate.impl.SessionImpl.merge(SessionImpl.java:853)
	at org.hibernate.engine.CascadingAction$6.cascade(CascadingAction.java:279)
	at org.hibernate.engine.Cascade.cascadeToOne(Cascade.java:392)
	at org.hibernate.engine.Cascade.cascadeAssociation(Cascade.java:335)
	at org.hibernate.engine.Cascade.cascadeProperty(Cascade.java:204)
	at org.hibernate.engine.Cascade.cascade(Cascade.java:161)
	at org.hibernate.event.def.AbstractSaveEventListener.cascadeBeforeSave(AbstractSaveEventListener.java:451)
	at org.hibernate.event.def.DefaultMergeEventListener.mergeTransientEntity(DefaultMergeEventListener.java:336)
	at org.hibernate.event.def.DefaultMergeEventListener.entityIsTransient(DefaultMergeEventListener.java:303)
	at org.springframework.orm.hibernate3.support.IdTransferringMergeEventListener.entityIsTransient(IdTransferringMergeEventListener.java:59)
	at ome.security.basic.MergeEventListener.entityIsTransient(MergeEventListener.java:161)
	at org.hibernate.event.def.DefaultMergeEventListener.onMerge(DefaultMergeEventListener.java:258)
	at ome.security.basic.MergeEventListener.onMerge(MergeEventListener.java:94)
	at org.hibernate.impl.SessionImpl.fireMerge(SessionImpl.java:871)
	at org.hibernate.impl.SessionImpl.merge(SessionImpl.java:853)
	at org.hibernate.engine.CascadingAction$6.cascade(CascadingAction.java:279)
	at org.hibernate.engine.Cascade.cascadeToOne(Cascade.java:392)
	at org.hibernate.engine.Cascade.cascadeAssociation(Cascade.java:335)
	at org.hibernate.engine.Cascade.cascadeProperty(Cascade.java:204)
	at org.hibernate.engine.Cascade.cascadeCollectionElements(Cascade.java:425)
	at org.hibernate.engine.Cascade.cascadeCollection(Cascade.java:362)
	at org.hibernate.engine.Cascade.cascadeAssociation(Cascade.java:338)
	at org.hibernate.engine.Cascade.cascadeProperty(Cascade.java:204)
	at org.hibernate.engine.Cascade.cascade(Cascade.java:161)
	at org.hibernate.event.def.AbstractSaveEventListener.cascadeAfterSave(AbstractSaveEventListener.java:476)
	at org.hibernate.event.def.DefaultMergeEventListener.mergeTransientEntity(DefaultMergeEventListener.java:388)
	at org.hibernate.event.def.DefaultMergeEventListener.entityIsTransient(DefaultMergeEventListener.java:303)
	at org.springframework.orm.hibernate3.support.IdTransferringMergeEventListener.entityIsTransient(IdTransferringMergeEventListener.java:59)
	at ome.security.basic.MergeEventListener.entityIsTransient(MergeEventListener.java:161)
	at org.hibernate.event.def.DefaultMergeEventListener.onMerge(DefaultMergeEventListener.java:258)
	at ome.security.basic.MergeEventListener.onMerge(MergeEventListener.java:94)
	at org.hibernate.event.def.DefaultMergeEventListener.onMerge(DefaultMergeEventListener.java:84)
	at ome.security.basic.MergeEventListener.onMerge(MergeEventListener.java:80)
	at org.hibernate.impl.SessionImpl.fireMerge(SessionImpl.java:861)
	at org.hibernate.impl.SessionImpl.merge(SessionImpl.java:845)
	at org.hibernate.impl.SessionImpl.merge(SessionImpl.java:849)
	at ome.logic.UpdateImpl.internalMerge(UpdateImpl.java:273)
	at ome.logic.UpdateImpl$2.run(UpdateImpl.java:121)
	at ome.logic.UpdateImpl$2.run(UpdateImpl.java:118)
	at ome.logic.UpdateImpl.doAction(UpdateImpl.java:311)
	at ome.logic.UpdateImpl.doAction(UpdateImpl.java:302)
	at ome.logic.UpdateImpl.saveAndReturnObject(UpdateImpl.java:118)
	at sun.reflect.GeneratedMethodAccessor750.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
	at ome.security.basic.EventHandler.invoke(EventHandler.java:154)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:241)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:116)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
	at com.sun.proxy.$Proxy81.saveAndReturnObject(Unknown Source)
	at sun.reflect.GeneratedMethodAccessor750.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
	at ome.security.basic.BasicSecurityWiring.invoke(BasicSecurityWiring.java:98)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.services.blitz.fire.AopContextInitializer.invoke(AopContextInitializer.java:43)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
	at com.sun.proxy.$Proxy81.saveAndReturnObject(Unknown Source)
	at sun.reflect.GeneratedMethodAccessor833.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at ome.services.blitz.util.IceMethodInvoker.invoke(IceMethodInvoker.java:179)
	at ome.services.throttling.Callback.run(Callback.java:56)
	at ome.services.throttling.InThreadThrottlingStrategy.callInvokerOnRawArgs(InThreadThrottlingStrategy.java:56)
	at ome.services.blitz.impl.AbstractAmdServant.callInvokerOnRawArgs(AbstractAmdServant.java:149)
	at ome.services.blitz.impl.UpdateI.saveAndReturnObject_async(UpdateI.java:64)
	at sun.reflect.GeneratedMethodAccessor832.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
	at omero.cmd.CallContext.invoke(CallContext.java:59)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
	at com.sun.proxy.$Proxy82.saveAndReturnObject_async(Unknown Source)
	at omero.api._IUpdateTie.saveAndReturnObject_async(_IUpdateTie.java:92)
	at omero.api._IUpdateDisp.___saveAndReturnObject(_IUpdateDisp.java:185)
	at omero.api._IUpdateDisp.__dispatch(_IUpdateDisp.java:365)
	at IceInternal.Incoming.invoke(Incoming.java:159)
	at Ice.ConnectionI.invokeAll(ConnectionI.java:2037)
	at Ice.ConnectionI.message(ConnectionI.java:972)
	at IceInternal.ThreadPool.run(ThreadPool.java:577)
	at IceInternal.ThreadPool.access$100(ThreadPool.java:12)
	at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)
    serverExceptionClass = ome.conditions.SecurityViolation
    message = You are not authorized to set the ExperimenterGroup for ome.model.annotations.TagAnnotation:Id_1176 to ome.model.meta.ExperimenterGroup:Id_1009
}

comment:2 Changed 6 years ago by jamoore

  • Milestone changed from OMERO-4.4.9 to OMERO-4.4.x

comment:3 Changed 4 years ago by jamoore

  • Milestone changed from 5.x to Permissions
Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.99586 sec.)

We're Hiring!