Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #1731 (closed)

Opened 14 years ago

Closed 14 years ago

Last modified 14 years ago

Review session.details.permissions usage (4.1 and beyond)

Reported by: jamoore Owned by: jamoore
Priority: major Milestone: OMERO-Beta4.2
Component: Security Version: 4.1
Keywords: n.a. Cc: carlos@…
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: 0.0d
Sprint: 2010-04-02 (6)

Description (last modified by jmoore)

cF: https://trac.openmicroscopy.org.uk/omero/browser/trunk/components/server/src/ome/services/sessions/SessionManagerImpl.java#L206

The use of Permissions.DEFAULT here may be causing issues with setting the session permissions.

Related to #1434. See #1704

For the initial version, we will be restricting all object permissions to match the group permissions, which means that the use of umask and similar should be disabled and an exception added to catch explicit attempts.

Change History (15)

comment:1 Changed 14 years ago by jmoore

Related to #1774

comment:2 Changed 14 years ago by jmoore

  • Description modified (diff)

Semi-related to #1779 (see Carlos' comment).

comment:3 Changed 14 years ago by jmoore

  • Description modified (diff)

comment:4 Changed 14 years ago by jmoore

  • Type changed from defect to Task

comment:5 Changed 14 years ago by jmoore

  • Sprint set to Sprint 2

comment:6 Changed 14 years ago by jmoore

  • Status changed from new to assigned

comment:7 Changed 14 years ago by jmoore

From Jean-Marie:

I checked out the latest server code (r6126) and re-installed everything, my db was corrupted b/c of permissions test I was doing. I went through a fresh install twice just in case, and I still have the same error. Note that nothing during the process tells me that the install did not work. 

Caused by: ome.conditions.PermissionMismatchGroupSecurityViolation: Manually setting permissions currently disallowed
	at ome.security.basic.OmeroInterceptor.newTransientDetails(OmeroInterceptor.java:477)
	at ome.security.basic.OmeroInterceptor.onSave(OmeroInterceptor.java:160)
	at org.hibernate.event.def.AbstractSaveEventListener.substituteValuesIfNecessary(AbstractSaveEventListener.java:394)
	at org.hibernate.event.def.AbstractSaveEventListener.performSaveOrReplicate(AbstractSaveEventListener.java:270)
	at org.hibernate.event.def.AbstractSaveEventListener.performSave(AbstractSaveEventListener.java:181)
	at org.hibernate.event.def.AbstractSaveEventListener.saveWithGeneratedId(AbstractSaveEventListener.java:121)
	at org.hibernate.event.def.DefaultMergeEventListener.entityIsTransient(DefaultMergeEventListener.java:186)
	at org.springframework.orm.hibernate3.support.IdTransferringMergeEventListener.entityIsTransient(IdTransferringMergeEventListener.java:58)
	at ome.security.basic.MergeEventListener.entityIsTransient(MergeEventListener.java:135)
	at org.hibernate.event.def.DefaultMergeEventListener.onMerge(DefaultMergeEventListener.java:123)
	at ome.security.basic.MergeEventListener.onMerge(MergeEventListener.java:85)
	at org.hibernate.event.def.DefaultMergeEventListener.onMerge(DefaultMergeEventListener.java:53)
n	at ome.security.basic.MergeEventListener.onMerge(MergeEventListener.java:75)
	at org.hibernate.impl.SessionImpl.fireMerge(SessionImpl.java:677)
	at org.hibernate.impl.SessionImpl.merge(SessionImpl.java:661)
	at org.hibernate.impl.SessionImpl.merge(SessionImpl.java:665)
	at ome.logic.UpdateImpl.internalMerge(UpdateImpl.java:266)
	at ome.logic.UpdateImpl$2.run(UpdateImpl.java:120)
	at ome.logic.UpdateImpl$2.run(UpdateImpl.java:119)
	at ome.logic.UpdateImpl.doAction(UpdateImpl.java:304)
	at ome.logic.UpdateImpl.doAction(UpdateImpl.java:295)
	at ome.logic.UpdateImpl.saveAndReturnObject(UpdateImpl.java:117)
	at ome.services.scripts.ScriptUploader.createScript(ScriptUploader.java:182)
	at ome.services.scripts.ScriptUploader$1.doWork(ScriptUploader.java:121)

comment:8 Changed 14 years ago by jmoore

  • Remaining Time set to 4

comment:9 Changed 14 years ago by jmoore

r6129 has an attempted fix. The work on #1784 means that it should be unnecessary to set the permissions on these objects.

comment:10 Changed 14 years ago by jmoore

  • Remaining Time changed from 4 to 1

comment:11 Changed 14 years ago by jmoore

  • Owner jmoore deleted
  • Status changed from assigned to new

comment:12 Changed 14 years ago by jmoore

  • Sprint 2010-02-19 (3) deleted

comment:13 Changed 14 years ago by jmoore

  • Sprint set to 2010-04-02 (6)

comment:14 Changed 14 years ago by jmoore

  • Remaining Time changed from 1 to 0
  • Resolution set to duplicate
  • Status changed from new to closed

The work for this took place under #1704: defaultPermissions was removed, and umasks are no longer stored since group permissions (#1434) take precedence.

comment:15 Changed 14 years ago by jmoore

  • Owner set to jmoore
Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.67424 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!