Permissions need a "C"ontainer flag.

[jamoore]

Currently, permissions are changeable at any time. However, if user A sets entity 1 as "R"eadable and "U"seable, there will be problems for user B if those permissions are then reduced after having attached entity 2 to entity 1.

Most likely, the optimal solution for this is to make a "C"ontainer flag (similar but less strict than a "L"ocked flag), which states that once an entity has other entities attached to it, it's permissions cannot be reduced such that other users would have difficulty viewing their data.

This means that users should be careful about how quickly they open up their permissions.

[jmoore]

This is also a common topic on the Hibernate fora/issue system (​HHH-881 for example). The Hibernate filters will not be applied to single-value associations because of the results when a many-to-one were to return a null rather than that association. In Omero, we would catch this with the permissions system, but Hibernate can't assume that.

Since this isn't supported by Hibernate, it looks like the requirement has to be once an attachment is allowed, the permissions of the "C"ontainer cannot be reduced.

We'll need to see what this means for each of the individual access groups (User/Group/World?).

[jmoore]

A user should be able to delete all linked items and have the "C" flag removed, Perhaps another IAdmin method. This is dependent on the permissions of linked objects, which gets us into cascading deletes. Whoo hoo.

[jmoore]

Moving into milestone:Future . Currently no use case.

[jamoore]

Don't think this is the way that permissions have gone. Closing.