Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

#1784 (new)

Opened 14 years ago

Last modified 14 years ago

Permissions : problems with Scripting service — at Version 2

Reported by: wmoore Owned by: jmoore
Priority: blocker Milestone: OMERO-Beta4.2
Component: Scripting Version: 4.1
Keywords: n.a. Cc:
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: n.a.

Description (last modified by jmoore)

Scripts are an interesting problem for #1434. They are one of the few (the only?) case of data in the "system" group that is intended for use by others. To make this work, we will most likely need special handling until the FS solution is ready.

Issues

  • #1315 (ScriptI sets permissions) is no longer allowed. Will's issue below
  • Users would have to log into "system" to see the admin scripts
  • Linking between the admin scripts and the result files is not allowed.

(Partial) Options:

  • Make "system" public
  • Allowing linking to "system" objects
    • Cons: how to handle chgrp?
  • Have the same scripts in each group

From Will:
Couldn't upload a script.
Using server r6063.

 print scriptService.uploadScript(script)
  File "/Users/will/Documents/workspace/Omero/dist/lib/python/omero_api_IScript_ice.py", line 118, in uploadScript
    return _M_omero.api.IScript._op_uploadScript.invoke(self, ((script, ), _ctx))
Ice.UnknownException: exception ::Ice::UnknownException
{
    unknown = ome.conditions.GroupSecurityViolation: Cannot change permissions for ome.model.core.OriginalFile:Id_51(rwr-r-) from Lrwrwrw to Lrwrwrw 
	at ome.security.basic.OmeroInterceptor.managedPermissions(OmeroInterceptor.java:781)
	at ome.security.basic.OmeroInterceptor.checkManagedDetails(OmeroInterceptor.java:614)
	at ome.security.basic.OmeroInterceptor.resetDetails(OmeroInterceptor.java:303)
	at ome.security.basic.OmeroInterceptor.onFlushDirty(OmeroInterceptor.java:177)
	at org.hibernate.event.def.DefaultFlushEntityEventListener.invokeInterceptor(DefaultFlushEntityEventListener.java:331)
	at org.hibernate.event.def.DefaultFlushEntityEventListener.handleInterception(DefaultFlushEntityEventListener.java:308)
	at org.hibernate.event.def.DefaultFlushEntityEventListener.scheduleUpdate(DefaultFlushEntityEventListener.java:248)
	at org.hibernate.event.def.DefaultFlushEntityEventListener.onFlushEntity(DefaultFlushEntityEventListener.java:128)
	at ome.security.basic.FlushEntityEventListener.onFlushEntity(FlushEntityEventListener.java:52)
	at org.hibernate.event.def.AbstractFlushingEventListener.flushEntities(AbstractFlushingEventListener.java:196)
	at org.hibernate.event.def.AbstractFlushingEventListener.flushEverythingToExecutions(AbstractFlushingEventListener.java:76)
	at org.hibernate.event.def.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:26)
	at org.hibernate.impl.SessionImpl.flush(SessionImpl.java:1000)
	at ome.logic.UpdateImpl.afterUpdate(UpdateImpl.java:288)
	at ome.logic.UpdateImpl.doAction(UpdateImpl.java:306)
	at ome.logic.UpdateImpl.doAction(UpdateImpl.java:296)
	at ome.logic.UpdateImpl.saveAndReturnObject(UpdateImpl.java:117)
	at ome.services.JobBean$1.updateObject(JobBean.java:356)
	at ome.security.basic.BasicSecuritySystem.doAction(BasicSecuritySystem.java:484)
	at ome.services.JobBean.secureSave(JobBean.java:354)
	at ome.services.JobBean.submit(JobBean.java:175)
	at ome.services.blitz.impl.SharedResourcesI$6.doWork(SharedResourcesI.java:476)
	at ome.services.blitz.impl.SharedResourcesI$6.doWork(SharedResourcesI.java:464)
	at sun.reflect.GeneratedMethodAccessor172.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:592)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
	at ome.services.util.Executor$Impl$Interceptor.invoke(Executor.java:394)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
	at ome.security.basic.EventHandler.invoke(EventHandler.java:133)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
	at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
	at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:175)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
	at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:110)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
	at $Proxy55.doWork(Unknown Source)
	at ome.services.util.Executor$Impl.execute(Executor.java:324)
	at ome.services.blitz.impl.SharedResourcesI.acquireProcessor(SharedResourcesI.java:460)
	at omero.grid._SharedResourcesTie.acquireProcessor(_SharedResourcesTie.java:64)
	at omero.grid._SharedResourcesDisp.___acquireProcessor(_SharedResourcesDisp.java:114)
	at omero.grid._SharedResourcesDisp.__dispatch(_SharedResourcesDisp.java:219)
	at IceInternal.Incoming.invoke(Incoming.java:159)
	at Ice.ConnectionI.invokeAll(ConnectionI.java:2037)
	at Ice.ConnectionI.message(ConnectionI.java:972)
	at IceInternal.ThreadPool.run(ThreadPool.java:577)
	at IceInternal.ThreadPool.access$100(ThreadPool.java:12)
	at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)

Change History (2)

comment:1 Changed 14 years ago by wmoore

  • Owner changed from dzmacdonald to jmoore
  • Summary changed from Permissions problem with Scritping service to Permissions problem with Scripting service

comment:2 Changed 14 years ago by jmoore

  • Description modified (diff)
  • Priority changed from critical to blocker
  • Summary changed from Permissions problem with Scripting service to Permissions : problems with Scripting service
Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.69498 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!