Task #1784 (closed)
Opened 15 years ago
Closed 15 years ago
Permissions : problems with Scripting service
Reported by: | wmoore | Owned by: | |
---|---|---|---|
Priority: | blocker | Milestone: | OMERO-Beta4.2 |
Component: | Scripting | Version: | 4.1 |
Keywords: | n.a. | Cc: | |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | 0.0d |
Sprint: | 2010-03-19 (5) |
Description (last modified by jmoore)
Scripts are an interesting problem for #1434. They are one of the few (the only?) case of data in the "system" group that is intended for use by others. To make this work, we will most likely need special handling until the FS solution is ready.
Issues
- #1315 (ScriptI sets permissions) is no longer allowed. Will's issue below
- Users would have to log into "system" to see the admin scripts
- Linking between the admin scripts and the result files is not allowed.
(Partial) Options:
- Make "system" public
- Allowing linking to "system" objects
- Cons: how to handle chgrp?
- Make all objects in "system" system types by definition
- Have the same scripts in each group
From Will:
Couldn't upload a script.
Using server r6063.
print scriptService.uploadScript(script) File "/Users/will/Documents/workspace/Omero/dist/lib/python/omero_api_IScript_ice.py", line 118, in uploadScript return _M_omero.api.IScript._op_uploadScript.invoke(self, ((script, ), _ctx)) Ice.UnknownException: exception ::Ice::UnknownException { unknown = ome.conditions.GroupSecurityViolation: Cannot change permissions for ome.model.core.OriginalFile:Id_51(rwr-r-) from Lrwrwrw to Lrwrwrw at ome.security.basic.OmeroInterceptor.managedPermissions(OmeroInterceptor.java:781) at ome.security.basic.OmeroInterceptor.checkManagedDetails(OmeroInterceptor.java:614) at ome.security.basic.OmeroInterceptor.resetDetails(OmeroInterceptor.java:303) at ome.security.basic.OmeroInterceptor.onFlushDirty(OmeroInterceptor.java:177) at org.hibernate.event.def.DefaultFlushEntityEventListener.invokeInterceptor(DefaultFlushEntityEventListener.java:331) at org.hibernate.event.def.DefaultFlushEntityEventListener.handleInterception(DefaultFlushEntityEventListener.java:308) at org.hibernate.event.def.DefaultFlushEntityEventListener.scheduleUpdate(DefaultFlushEntityEventListener.java:248) at org.hibernate.event.def.DefaultFlushEntityEventListener.onFlushEntity(DefaultFlushEntityEventListener.java:128) at ome.security.basic.FlushEntityEventListener.onFlushEntity(FlushEntityEventListener.java:52) at org.hibernate.event.def.AbstractFlushingEventListener.flushEntities(AbstractFlushingEventListener.java:196) at org.hibernate.event.def.AbstractFlushingEventListener.flushEverythingToExecutions(AbstractFlushingEventListener.java:76) at org.hibernate.event.def.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:26) at org.hibernate.impl.SessionImpl.flush(SessionImpl.java:1000) at ome.logic.UpdateImpl.afterUpdate(UpdateImpl.java:288) at ome.logic.UpdateImpl.doAction(UpdateImpl.java:306) at ome.logic.UpdateImpl.doAction(UpdateImpl.java:296) at ome.logic.UpdateImpl.saveAndReturnObject(UpdateImpl.java:117) at ome.services.JobBean$1.updateObject(JobBean.java:356) at ome.security.basic.BasicSecuritySystem.doAction(BasicSecuritySystem.java:484) at ome.services.JobBean.secureSave(JobBean.java:354) at ome.services.JobBean.submit(JobBean.java:175) at ome.services.blitz.impl.SharedResourcesI$6.doWork(SharedResourcesI.java:476) at ome.services.blitz.impl.SharedResourcesI$6.doWork(SharedResourcesI.java:464) at sun.reflect.GeneratedMethodAccessor172.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:592) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149) at ome.services.util.Executor$Impl$Interceptor.invoke(Executor.java:394) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at ome.security.basic.EventHandler.invoke(EventHandler.java:133) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:175) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:110) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at $Proxy55.doWork(Unknown Source) at ome.services.util.Executor$Impl.execute(Executor.java:324) at ome.services.blitz.impl.SharedResourcesI.acquireProcessor(SharedResourcesI.java:460) at omero.grid._SharedResourcesTie.acquireProcessor(_SharedResourcesTie.java:64) at omero.grid._SharedResourcesDisp.___acquireProcessor(_SharedResourcesDisp.java:114) at omero.grid._SharedResourcesDisp.__dispatch(_SharedResourcesDisp.java:219) at IceInternal.Incoming.invoke(Incoming.java:159) at Ice.ConnectionI.invokeAll(ConnectionI.java:2037) at Ice.ConnectionI.message(ConnectionI.java:972) at IceInternal.ThreadPool.run(ThreadPool.java:577) at IceInternal.ThreadPool.access$100(ThreadPool.java:12) at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)
Change History (15)
comment:1 Changed 15 years ago by wmoore
- Owner changed from dzmacdonald to jmoore
- Summary changed from Permissions problem with Scritping service to Permissions problem with Scripting service
comment:2 Changed 15 years ago by jmoore
- Description modified (diff)
- Priority changed from critical to blocker
- Summary changed from Permissions problem with Scripting service to Permissions : problems with Scripting service
comment:3 Changed 15 years ago by jmoore
- Description modified (diff)
comment:4 Changed 15 years ago by jmoore
comment:5 Changed 15 years ago by wmoore
This is working fine for me now - Many thanks!
Close ticket? - or a more permanent fix needed?
comment:6 Changed 15 years ago by jmoore
comment:7 Changed 15 years ago by jmoore
- Sprint set to Sprint 2
- Type changed from defect to Bug
comment:8 Changed 15 years ago by jmoore
- Type changed from Bug to Task
comment:9 Changed 15 years ago by jmoore
- Status changed from new to assigned
comment:10 Changed 15 years ago by jmoore
- Remaining Time set to 0.5
comment:11 Changed 15 years ago by jmoore
- Remaining Time changed from 0.5 to 4
comment:12 Changed 15 years ago by jmoore
- Owner jmoore deleted
- Status changed from assigned to new
comment:13 Changed 15 years ago by jmoore
- Sprint 2010-02-19 (3) deleted
comment:14 Changed 15 years ago by jmoore
comment:15 Changed 15 years ago by jmoore
- Remaining Time changed from 4 to 0
- Resolution set to fixed
- Sprint set to 2010-03-19 (5)
- Status changed from new to closed
Handling as a part of #1794. Public scripts will be put in the "user" group, either via a new IScript method ("uploadPublicScript" etc) or via a general-purpose method: iAdmin.moveToUser(objs)
source:trunk/components/toolsOmeroPy/test/integration/ping.py is working with the commits:
I'll keep testing this morning, but you should be able to try things again, Will.