Task #12723 (closed)
Opened 9 years ago
Closed 9 years ago
Bug: Admin chgrp user to private Project
Reported by: | wmoore | Owned by: | mtbcarroll |
---|---|---|---|
Priority: | critical | Milestone: | 5.1.0-m4 |
Component: | Security | Version: | 5.0.5 |
Keywords: | n.a. | Cc: | jamoore |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description (last modified by wmoore)
See https://github.com/openmicroscopy/openmicroscopy/pull/3420
If Admin tries to chgrp a user's Dataset to a private group and link it to an existing user's Project there, we get error below.
Failing integration test added in https://github.com/will-moore/openmicroscopy/commit/2615f1af31ad397d7e8d2e0a95adcfb0fe9ec93c
Failed stacktrace: ome.conditions.ReadOnlyGroupSecurityViolation: Cannot link to ome.model.containers.Dataset:Id_2753 Current user (root) is an admin or the owner of the private group (Test Group=rw----). It is not allowed to link to users' data. at ome.security.basic.OmeroInterceptor.evaluateLinkages(OmeroInterceptor.java:513) at ome.security.basic.OmeroInterceptor.onSave(OmeroInterceptor.java:160) at org.hibernate.event.def.AbstractSaveEventListener.substituteValuesIfNecessary(AbstractSaveEventListener.java:414) at org.hibernate.event.def.AbstractSaveEventListener.performSaveOrReplicate(AbstractSaveEventListener.java:293)
Change History (5)
comment:1 Changed 9 years ago by wmoore
- Description modified (diff)
comment:2 Changed 9 years ago by mtbcarroll
comment:3 Changed 9 years ago by mtbcarroll
In case the above was confusing: I was looking at Insight's import because I wondered how "import as" copes with all this. For simply moving data, in that situation Insight doesn't even offer the admin the user's containers as destinations for the move and also doesn't seem to let the admin put the user's data into containers.
comment:4 Changed 9 years ago by mtbcarroll
- Milestone changed from 5.1.0 to 5.1.0-m4
- Status changed from new to accepted
comment:5 Changed 9 years ago by mtbcarroll
- Resolution set to fixed
- Status changed from accepted to closed
Fixed by Will on the basis of Josh's https://github.com/openmicroscopy/openmicroscopy/pull/3420#issuecomment-73228516 by setting link.details.owner to the appropriate unloaded Experimenter before saving the link.
The error makes sense to me: the Python gateway's chgrpObjects actually tries to create and save a new link and the server complains that the admin can't be linking to someone else's stuff in their private group, which seems reasonable.
The Java gateway's importImageFile instead indirectly utilizes ImportSettings.userSpecifiedTarget which I would guess is the correct approach and why Insight has no trouble in this workflow.