Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #2219 (closed)

Opened 13 years ago

Closed 12 years ago

Last modified 11 years ago

Investigate way for backend to be in all groups

Reported by: jamoore Owned by: jamoore
Priority: minor Milestone: OMERO-Beta4.2.1
Component: Security Version: n.a.
Keywords: n.a. Cc: atarkowska
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: 0.0d
Sprint: 2010-09-30 (17)


Currently there is no way for anyone (even admins) to set a flag allowing queries on all groups. The current methods for viewing other groups is to either "setSecurityContext" or pass the ctx["omero.group"]=gidflag which temporarily changes the group. If the user is an admin, we may want to allow searching all groups, with the assumption that they will do it responsibly. This should be logged clearly.

Change History (7)

comment:1 Changed 13 years ago by jmoore

(In [6882]) fix #2327 - Fixed shares with a new DB, OMERO4.2-RC5

ShareMember still had a group_id associated with it, causing
searches while in another group to return "not a member"

A related issue caused comments in other groups to also not be
found. A "group" entry has been added to Share, and also shares
are created with group set to the current context value. Searches
take place by disabling group security (see #2219)

See also #2333

comment:2 Changed 13 years ago by jmoore

  • Milestone changed from OMERO-Beta4.2 to Unscheduled

comment:3 Changed 13 years ago by jmoore

(In [7281]) FullTextIndexer now runs in a global READ state. Fix #2497, See #2219

comment:4 Changed 12 years ago by jmoore

  • Milestone changed from Unscheduled to OMERO-Beta4.2.1
  • Sprint set to 2010-09-30 (17)
  • Status changed from new to assigned

comment:5 Changed 12 years ago by jmoore

  • Remaining Time set to 0
  • Resolution set to fixed
  • Status changed from assigned to closed

(In [8303]) Allow {"omero:group":"-1"} for admin queries, e.g. cleanse.py (Fix #2219, #2950)

comment:6 Changed 12 years ago by jmoore

(In [8352]) Using previous shareId in case omero.group not set (See #2219)

comment:7 Changed 11 years ago by jmoore <josh@…>

(In [ecf24f49519268d83e4a9f359f5cf993bca3b7ad/ome.git] on branch develop) Make ShareBean?.setShareId public (See #2219, #3529, Fix #8037)

The use of shareId==-1 was intended only for session-wide
activities. The use via HandleI and ChgrpI led to the data
leakage outlined by Will (#8037).

This commits makes use of the omero.group facilities added
as part of #3529.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.69464 sec.)

We're Hiring!