Task #2219 (closed)
Investigate way for backend to be in all groups
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | minor | Milestone: | OMERO-Beta4.2.1 |
Component: | Security | Version: | n.a. |
Keywords: | n.a. | Cc: | atarkowska |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | 0.0d |
Sprint: | 2010-09-30 (17) |
Description
Currently there is no way for anyone (even admins) to set a flag allowing queries on all groups. The current methods for viewing other groups is to either "setSecurityContext" or pass the ctx["omero.group"]=gidflag which temporarily changes the group. If the user is an admin, we may want to allow searching all groups, with the assumption that they will do it responsibly. This should be logged clearly.
Change History (7)
comment:1 Changed 14 years ago by jmoore
comment:2 Changed 14 years ago by jmoore
- Milestone changed from OMERO-Beta4.2 to Unscheduled
comment:3 Changed 14 years ago by jmoore
comment:4 Changed 13 years ago by jmoore
- Milestone changed from Unscheduled to OMERO-Beta4.2.1
- Sprint set to 2010-09-30 (17)
- Status changed from new to assigned
comment:5 Changed 13 years ago by jmoore
- Remaining Time set to 0
- Resolution set to fixed
- Status changed from assigned to closed
comment:6 Changed 13 years ago by jmoore
comment:7 Changed 12 years ago by jmoore <josh@…>
(In [ecf24f49519268d83e4a9f359f5cf993bca3b7ad/ome.git] on branch develop) Make ShareBean?.setShareId public (See #2219, #3529, Fix #8037)
The use of shareId==-1 was intended only for session-wide
activities. The use via HandleI and ChgrpI led to the data
leakage outlined by Will (#8037).
This commits makes use of the omero.group facilities added
as part of #3529.
(In [6882]) fix #2327 - Fixed shares with a new DB, OMERO4.2-RC5
ShareMember still had a group_id associated with it, causing
searches while in another group to return "not a member"
A related issue caused comments in other groups to also not be
found. A "group" entry has been added to Share, and also shares
are created with group set to the current context value. Searches
take place by disabling group security (see #2219)
See also #2333