Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

User Story #236 (closed)

Opened 18 years ago

Closed 18 years ago

Write security umbrella

Reported by: jamoore Owned by: jamoore
Priority: critical Milestone: 3.0-M3
Component: Security Keywords: write,umbrella
Cc: Story Points: n.a.
Sprint: n.a. Importance: n.a.
Total Remaining Time: n.a. Estimated Remaining Time: n.a.

Description

Like (#200 -- the read umbrella ticket) there needs to be a catch all write permissions ticket for various changes. This is it.

Write security is split into System-Types writing (#156) and everything else (i.e. in general obeying permissions on updates.)

Change History (9)

comment:1 Changed 18 years ago by jmoore

r787 tightens the coupling between

  • OmeroInterceptor, which passes transient and detached instances to
  • SecuritySystem, which is initialized by
  • EventHandler

There are some difficulties in left over flushes. These should be addressed by the next round of changesets (refactoring UpdateImpl & UpdateFilter).

comment:2 Changed 18 years ago by jmoore

r788 (which belongs with r787) reworks the Hibernate listener system. GlobalListener is renamed to EventLogListener (it's current function) because attempts to make a single listener the end-all-be-all is too difficult. Instead EventListenerFactoryBean was introduced (this could have been done in XML but that's too messy) to speficy how we want to do event listening.

EventMethodInterceptor was also introduced to debug and disable various interfaces (using AOP).

Finally, SaveOrUpdateEventListener was required as a partner for MergeEventListener (content mostly copied -- needs refactoring) because internal changes (that is, to active Hibernate objects) were being "saved" and not "merged". This will continue to be true, and, in fact, SaveEventListener and UpdateEventListener need to be equally controlled.

comment:3 Changed 18 years ago by jmoore

r790 introduces several tests that need to be extended (and pass) for this to be successful. Other tests are also needed, though. This ends the r784 to r792 reports for this ticket.

comment:4 Changed 18 years ago by jmoore

r811 works out many of the bugs of write security. UpdateImpl was further cleaned of cruft, an Enum bug from MergeEventListener and lots of work on OmeroInterceptor including refactoring and documentation.

Note: The security tokens and actions of #235 / r812 belong with these changes but have their own ticket.

comment:5 Changed 18 years ago by jmoore

r828 moves UPDATE check (callback to SecuritySystem to ACLEventListener.

comment:6 Changed 18 years ago by jmoore

r895 significantly reworks the client-side write tests. They still need work but are now very manageable.

comment:7 Changed 18 years ago by jmoore

r929 reworks the client-side tests.

comment:8 Changed 18 years ago by jmoore

r941 further reworks test.

comment:9 Changed 18 years ago by jmoore

  • Resolution set to fixed
  • Status changed from new to closed

r984 closes. All tests are now passing or covered by other tickets.

More tests can be written under #378.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.67328 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!