Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #1731 (closed)

Opened 10 years ago

Closed 9 years ago

Last modified 9 years ago

Review session.details.permissions usage (4.1 and beyond)

Reported by: jamoore Owned by: jamoore
Priority: major Milestone: OMERO-Beta4.2
Component: Security Version: 4.1
Keywords: n.a. Cc: carlos@…
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: 0.0d
Sprint: 2010-04-02 (6)

Description (last modified by jmoore)

cF: https://trac.openmicroscopy.org.uk/omero/browser/trunk/components/server/src/ome/services/sessions/SessionManagerImpl.java#L206

The use of Permissions.DEFAULT here may be causing issues with setting the session permissions.

Related to #1434. See #1704

For the initial version, we will be restricting all object permissions to match the group permissions, which means that the use of umask and similar should be disabled and an exception added to catch explicit attempts.

Change History (15)

comment:1 Changed 10 years ago by jmoore

Related to #1774

comment:2 Changed 9 years ago by jmoore

  • Description modified (diff)

Semi-related to #1779 (see Carlos' comment).

comment:3 Changed 9 years ago by jmoore

  • Description modified (diff)

comment:4 Changed 9 years ago by jmoore

  • Type changed from defect to Task

comment:5 Changed 9 years ago by jmoore

  • Sprint set to Sprint 2

comment:6 Changed 9 years ago by jmoore

  • Status changed from new to assigned

comment:7 Changed 9 years ago by jmoore

From Jean-Marie:

I checked out the latest server code (r6126) and re-installed everything, my db was corrupted b/c of permissions test I was doing. I went through a fresh install twice just in case, and I still have the same error. Note that nothing during the process tells me that the install did not work. 

Caused by: ome.conditions.PermissionMismatchGroupSecurityViolation: Manually setting permissions currently disallowed
	at ome.security.basic.OmeroInterceptor.newTransientDetails(OmeroInterceptor.java:477)
	at ome.security.basic.OmeroInterceptor.onSave(OmeroInterceptor.java:160)
	at org.hibernate.event.def.AbstractSaveEventListener.substituteValuesIfNecessary(AbstractSaveEventListener.java:394)
	at org.hibernate.event.def.AbstractSaveEventListener.performSaveOrReplicate(AbstractSaveEventListener.java:270)
	at org.hibernate.event.def.AbstractSaveEventListener.performSave(AbstractSaveEventListener.java:181)
	at org.hibernate.event.def.AbstractSaveEventListener.saveWithGeneratedId(AbstractSaveEventListener.java:121)
	at org.hibernate.event.def.DefaultMergeEventListener.entityIsTransient(DefaultMergeEventListener.java:186)
	at org.springframework.orm.hibernate3.support.IdTransferringMergeEventListener.entityIsTransient(IdTransferringMergeEventListener.java:58)
	at ome.security.basic.MergeEventListener.entityIsTransient(MergeEventListener.java:135)
	at org.hibernate.event.def.DefaultMergeEventListener.onMerge(DefaultMergeEventListener.java:123)
	at ome.security.basic.MergeEventListener.onMerge(MergeEventListener.java:85)
	at org.hibernate.event.def.DefaultMergeEventListener.onMerge(DefaultMergeEventListener.java:53)
n	at ome.security.basic.MergeEventListener.onMerge(MergeEventListener.java:75)
	at org.hibernate.impl.SessionImpl.fireMerge(SessionImpl.java:677)
	at org.hibernate.impl.SessionImpl.merge(SessionImpl.java:661)
	at org.hibernate.impl.SessionImpl.merge(SessionImpl.java:665)
	at ome.logic.UpdateImpl.internalMerge(UpdateImpl.java:266)
	at ome.logic.UpdateImpl$2.run(UpdateImpl.java:120)
	at ome.logic.UpdateImpl$2.run(UpdateImpl.java:119)
	at ome.logic.UpdateImpl.doAction(UpdateImpl.java:304)
	at ome.logic.UpdateImpl.doAction(UpdateImpl.java:295)
	at ome.logic.UpdateImpl.saveAndReturnObject(UpdateImpl.java:117)
	at ome.services.scripts.ScriptUploader.createScript(ScriptUploader.java:182)
	at ome.services.scripts.ScriptUploader$1.doWork(ScriptUploader.java:121)

comment:8 Changed 9 years ago by jmoore

  • Remaining Time set to 4

comment:9 Changed 9 years ago by jmoore

r6129 has an attempted fix. The work on #1784 means that it should be unnecessary to set the permissions on these objects.

comment:10 Changed 9 years ago by jmoore

  • Remaining Time changed from 4 to 1

comment:11 Changed 9 years ago by jmoore

  • Owner jmoore deleted
  • Status changed from assigned to new

comment:12 Changed 9 years ago by jmoore

  • Sprint 2010-02-19 (3) deleted

comment:13 Changed 9 years ago by jmoore

  • Sprint set to 2010-04-02 (6)

comment:14 Changed 9 years ago by jmoore

  • Remaining Time changed from 1 to 0
  • Resolution set to duplicate
  • Status changed from new to closed

The work for this took place under #1704: defaultPermissions was removed, and umasks are no longer stored since group permissions (#1434) take precedence.

comment:15 Changed 9 years ago by jmoore

  • Owner set to jmoore
Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.83328 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!