Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #1798 (closed)

Opened 14 years ago

Closed 14 years ago

BUG: SecurityFilter doesn't seem to be applied to ExperimenterAnnotationLink

Reported by: jamoore Owned by: jamoore
Priority: critical Milestone: OMERO-Beta4.2
Component: Security Version: 4.1
Keywords: n.a. Cc:
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: 0.0d
Sprint: 2010-03-19 (5)

Description

IMetadata.loadAnnotations(Experimenter.class, userId, ["FileAnnotation"], null, null, null) results in the SQL:

select this_.id ,...
  from experimenter this_ left outer join experimenterannotationlink links1_
    on this_.id=links1_.parent left outer join annotation annotation2_
    on links1_.child=annotation2_.id left outer join event ann_create4_
    on annotation2_.creation_id=ann_create4_.id left outer join experimenter ann_owner3_
    on annotation2_.owner_id=ann_owner3_.id left outer join originalfile ann_file5_
    on annotation2_.file=ann_file5_.id where this_.id in (?) limit ?

which doesn't do any group-based filtering resulting in:

ome.conditions.SecurityViolation: Cannot read ome.model.annotations.ExperimenterAnnotationLink:Id_101
	at ome.security.basic.BasicACLVoter.throwLoadViolation(BasicACLVoter.java:111)
	at ome.security.CompositeACLVoter.throwLoadViolation(CompositeACLVoter.java:86)
	at ome.security.ACLEventListener.onPostLoad(ACLEventListener.java:104)
...

Change History (6)

comment:1 Changed 14 years ago by jmoore

See #663

comment:2 Changed 14 years ago by jmoore

  • Summary changed from Permissions : SecurityFilter doesn't seem to be applied to ExperimenterAnnotationLink to BUG: SecurityFilter doesn't seem to be applied to ExperimenterAnnotationLink
  • Type changed from Bug to Task

comment:3 Changed 14 years ago by jmoore

  • Sprint set to 2010-03-19 (5)

Related to #1794 (which includes #1784 & #1791)

comment:4 Changed 14 years ago by jmoore

  • Remaining Time set to 0.5

comment:5 Changed 14 years ago by jmoore

  • Status changed from new to assigned

comment:6 Changed 14 years ago by jmoore

  • Remaining Time changed from 0.5 to 0
  • Resolution set to fixed
  • Status changed from assigned to closed

r6398 adds filters to global objects (system types like experimenter, etc) for collections of non-global objects. The primary example of this consists of annotation links.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.73528 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!