Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

User Story #228 (closed)

Opened 18 years ago

Closed 9 years ago

Permissions need a "C"ontainer flag.

Reported by: jamoore Owned by: jamoore
Priority: major Milestone: GatherReqs
Component: Security Keywords: permissions
Cc: Story Points: n.a.
Sprint: n.a. Importance: n.a.
Total Remaining Time: n.a. Estimated Remaining Time: n.a.

Description

Currently, permissions are changeable at any time. However, if user A sets entity 1 as "R"eadable and "U"seable, there will be problems for user B if those permissions are then reduced after having attached entity 2 to entity 1.

Most likely, the optimal solution for this is to make a "C"ontainer flag (similar but less strict than a "L"ocked flag), which states that once an entity has other entities attached to it, it's permissions cannot be reduced such that other users would have difficulty viewing their data.

This means that users should be careful about how quickly they open up their permissions.

Change History (5)

comment:1 Changed 18 years ago by jmoore

This is also a common topic on the Hibernate fora/issue system (HHH-881 for example). The Hibernate filters will not be applied to single-value associations because of the results when a many-to-one were to return a null rather than that association. In Omero, we would catch this with the permissions system, but Hibernate can't assume that.

Since this isn't supported by Hibernate, it looks like the requirement has to be once an attachment is allowed, the permissions of the "C"ontainer cannot be reduced.

We'll need to see what this means for each of the individual access groups (User/Group/World?).

comment:2 Changed 18 years ago by jmoore

A user should be able to delete all linked items and have the "C" flag removed, Perhaps another IAdmin method. This is dependent on the permissions of linked objects, which gets us into cascading deletes. Whoo hoo.

comment:3 Changed 18 years ago by jmoore

  • Milestone changed from 3.0-M3 to Future

Moving into milestone:Future . Currently no use case.

comment:4 Changed 18 years ago by jmoore

  • Milestone changed from Future to GatherReqs

comment:5 Changed 9 years ago by jamoore

  • Resolution set to wontfix
  • Status changed from new to closed

Don't think this is the way that permissions have gone. Closing.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.65778 sec.)

We're Hiring!