Bug: IAdmin allows dangerous modification of admin tables

[jamoore]

As described in #10209, it is possible to perform several actions which leave one or more users or groups unusable:

• rename one of the groups: system, user
• rename one of the users: root, guest
• remove root from user or system
• remove the current user (if admin) from system

Rather than prevent this at the SQL level in 4.4.9, we can instead modify ome.logic.AdminImpl to check for these actions and raise a ValidationException (i.e. requested data change is invalid).

The javadocs on ome.api.IAdmin should be modified to describe the new limitations, and tests written in either Java or Python. (Internal integration tests in the server/ component would suffice)

Note: it will still be possible to perform the requested actions directly via IUpdate, but that may be an acceptable compromise for 4.4.9.

[atarkowska]

In the ​PR 1460 another bug was picked up. After closer look at the failing tests it turned out that it's a bug:

AssertionError: Can't remove user from the group members if this it's default group

User who is a member of one group shouldn't be removed from that group because 'USER' group will become his default. Webadmin prevents from doing that while rendering list of groups that can't be empty, but not API.

[mtbcarroll]

So, we should have a ValidationException when there is an attempt to remove a user from the only group of which they're a member?

[mtbcarroll]

fixed by ​https://github.com/openmicroscopy/openmicroscopy/pull/1537

[Colin Blackburn <colin@…>]

(In [9e1f87f263074d412a4a13ba9f579a7c2c1d831f/ome.git] on branch develop) adding decorator to failing test, see #11465

[Mark Carroll <m.t.b.carroll@…>]

(In [958b56cc95960ae4198cd43a7e5b4101011d7d0a/ome.git] on branch develop) fix #11465: add further admin action validation

Conflicts:

components/server/src/ome/logic/AdminImpl.java

[Josh Moore <josh@…>]

(In [69367aba4c3c7d473b83e148e5d3466261f2b948/ome.git] on branch develop) Merge pull request #1595 from mtbc/11465-admin-checks

fix #11465: add validation checks for admin service (rebased)

[jburel]

The remote Roles guest groupID and guest ID are not correct.
They are currently equal to 0 i.e. system group.
Found the issue while working on ​https://github.com/openmicroscopy/openmicroscopy/pull/1753

Moving to Beta2 so it appears in the list of ticket to be fixed before we can release.

[mtbcarroll]

Fixed by ​https://github.com/openmicroscopy/openmicroscopy/pull/1832.

[jean-marie burel <j.burel@…>]

(In [78ca348d3e00d3a06dc0a9b05bf7b19dc6144d62/ome.git] on branch develop) Merge pull request #1832 from mtbc/trac-11465-populate-roles

fix #11465: properly populate roles proxy object

[Aleksandra Tarkowska <A.Tarkowska@…>]

(In [d51f43e2344ff8d5d4329600e2c9f79bf34c5123/ome.git]on branches master, dev_4_4) adding decorator to failing test, see #11465

[cneves <carlos@…>]

(In [5ffad467df78bff371777726fd24e9e5ad4648ea/ome.git]on branches master, dev_4_4) Merge pull request #4 from aleksandra-tarkowska/dev/web_pytest_4_4

adding decorator to failing test, see #11465

[Mark Carroll <m.t.b.carroll@…>]

(In [15f31f9133575776f5afaa03c1facf49551ff45b/ome.git]on branches master, dev_4_4) fix #11465: add further admin action validation

[Josh Moore <josh@…>]

(In [c83023d54d677ed824f4bb65f043df592fb390cb/ome.git]on branches master, dev_4_4) Merge pull request #1537 from mtbc/11465-admin-checks

fix #11465: add validation checks for admin service