#1784 (new)
Opened 14 years ago
Last modified 14 years ago
Permissions : problems with Scripting service — at Version 3
Reported by: | wmoore | Owned by: | jmoore |
---|---|---|---|
Priority: | blocker | Milestone: | OMERO-Beta4.2 |
Component: | Scripting | Version: | 4.1 |
Keywords: | n.a. | Cc: | |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description (last modified by jmoore)
Scripts are an interesting problem for #1434. They are one of the few (the only?) case of data in the "system" group that is intended for use by others. To make this work, we will most likely need special handling until the FS solution is ready.
Issues
- #1315 (ScriptI sets permissions) is no longer allowed. Will's issue below
- Users would have to log into "system" to see the admin scripts
- Linking between the admin scripts and the result files is not allowed.
(Partial) Options:
- Make "system" public
- Allowing linking to "system" objects
- Cons: how to handle chgrp?
- Make all objects in "system" system types by definition
- Have the same scripts in each group
From Will:
Couldn't upload a script.
Using server r6063.
print scriptService.uploadScript(script) File "/Users/will/Documents/workspace/Omero/dist/lib/python/omero_api_IScript_ice.py", line 118, in uploadScript return _M_omero.api.IScript._op_uploadScript.invoke(self, ((script, ), _ctx)) Ice.UnknownException: exception ::Ice::UnknownException { unknown = ome.conditions.GroupSecurityViolation: Cannot change permissions for ome.model.core.OriginalFile:Id_51(rwr-r-) from Lrwrwrw to Lrwrwrw at ome.security.basic.OmeroInterceptor.managedPermissions(OmeroInterceptor.java:781) at ome.security.basic.OmeroInterceptor.checkManagedDetails(OmeroInterceptor.java:614) at ome.security.basic.OmeroInterceptor.resetDetails(OmeroInterceptor.java:303) at ome.security.basic.OmeroInterceptor.onFlushDirty(OmeroInterceptor.java:177) at org.hibernate.event.def.DefaultFlushEntityEventListener.invokeInterceptor(DefaultFlushEntityEventListener.java:331) at org.hibernate.event.def.DefaultFlushEntityEventListener.handleInterception(DefaultFlushEntityEventListener.java:308) at org.hibernate.event.def.DefaultFlushEntityEventListener.scheduleUpdate(DefaultFlushEntityEventListener.java:248) at org.hibernate.event.def.DefaultFlushEntityEventListener.onFlushEntity(DefaultFlushEntityEventListener.java:128) at ome.security.basic.FlushEntityEventListener.onFlushEntity(FlushEntityEventListener.java:52) at org.hibernate.event.def.AbstractFlushingEventListener.flushEntities(AbstractFlushingEventListener.java:196) at org.hibernate.event.def.AbstractFlushingEventListener.flushEverythingToExecutions(AbstractFlushingEventListener.java:76) at org.hibernate.event.def.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:26) at org.hibernate.impl.SessionImpl.flush(SessionImpl.java:1000) at ome.logic.UpdateImpl.afterUpdate(UpdateImpl.java:288) at ome.logic.UpdateImpl.doAction(UpdateImpl.java:306) at ome.logic.UpdateImpl.doAction(UpdateImpl.java:296) at ome.logic.UpdateImpl.saveAndReturnObject(UpdateImpl.java:117) at ome.services.JobBean$1.updateObject(JobBean.java:356) at ome.security.basic.BasicSecuritySystem.doAction(BasicSecuritySystem.java:484) at ome.services.JobBean.secureSave(JobBean.java:354) at ome.services.JobBean.submit(JobBean.java:175) at ome.services.blitz.impl.SharedResourcesI$6.doWork(SharedResourcesI.java:476) at ome.services.blitz.impl.SharedResourcesI$6.doWork(SharedResourcesI.java:464) at sun.reflect.GeneratedMethodAccessor172.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:592) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149) at ome.services.util.Executor$Impl$Interceptor.invoke(Executor.java:394) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at ome.security.basic.EventHandler.invoke(EventHandler.java:133) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:175) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:110) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at $Proxy55.doWork(Unknown Source) at ome.services.util.Executor$Impl.execute(Executor.java:324) at ome.services.blitz.impl.SharedResourcesI.acquireProcessor(SharedResourcesI.java:460) at omero.grid._SharedResourcesTie.acquireProcessor(_SharedResourcesTie.java:64) at omero.grid._SharedResourcesDisp.___acquireProcessor(_SharedResourcesDisp.java:114) at omero.grid._SharedResourcesDisp.__dispatch(_SharedResourcesDisp.java:219) at IceInternal.Incoming.invoke(Incoming.java:159) at Ice.ConnectionI.invokeAll(ConnectionI.java:2037) at Ice.ConnectionI.message(ConnectionI.java:972) at IceInternal.ThreadPool.run(ThreadPool.java:577) at IceInternal.ThreadPool.access$100(ThreadPool.java:12) at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)
Change History (3)
comment:1 Changed 14 years ago by wmoore
- Owner changed from dzmacdonald to jmoore
- Summary changed from Permissions problem with Scritping service to Permissions problem with Scripting service
comment:2 Changed 14 years ago by jmoore
- Description modified (diff)
- Priority changed from critical to blocker
- Summary changed from Permissions problem with Scripting service to Permissions : problems with Scripting service
comment:3 Changed 14 years ago by jmoore
- Description modified (diff)
Note: See
TracTickets for help on using
tickets.
You may also have a look at Agilo extensions to the ticket.