User Story #2874 (closed)
Opened 14 years ago
Closed 12 years ago
Only change the group permissions for changePermissions and not all objects
| Reported by: | jamoore | Owned by: | |
|---|---|---|---|
| Priority: | critical | Milestone: | OMERO-4.4 |
| Component: | Security | Keywords: | n.a. |
| Cc: | cxallan, jburel, cneves, wmoore | Story Points: | n.a. |
| Sprint: | n.a. | Importance: | n.a. |
| Total Remaining Time: | 0.0d | Estimated Remaining Time: | n.a. |
Description (last modified by jmoore)
For 4.2.0, we decided to change the permissions of all objects in a group to keep the IObject.details contract intact. If we decided to break that contract, then we could vastly increase the time of changePermissions.
This may require throwing an exception if users call: getDetails().getPermissions() Other possible options include:
- Removing the permissions from all objects
- Copying the groups permissions to the objects on read
- Documenting the change and fixing our own code
- ...
For 4.4.0, the requirement (especially from Carlos) is that modifying permissions can be done quickly and painlessly:
- Make group writable for all
- Take away group write, but make world readable
- Remove world readable and make group editable again.
The one caveat is that removing read wether from world -> group or group -> user (see #2183) would require for any linked objects. Therefore it's probably best to not allow public editing at the moment.
Change History (14)
comment:1 Changed 14 years ago by cxallan
- Sprint set to 2010-09-09 (16)
comment:2 Changed 14 years ago by atarkowska
- Remaining Time set to 0.25
comment:3 Changed 14 years ago by jmoore
- Milestone changed from OMERO-Beta4.2.1 to Unscheduled
- Owner jmoore deleted
- Sprint 2010-09-09 (16) deleted
- Type changed from Task to User Story
comment:4 Changed 13 years ago by jmoore
- Priority changed from major to critical
Increasing priority after closing #2872 in 4.3
comment:5 Changed 12 years ago by jmoore
- Cc cneves-x wmoore added
- Description modified (diff)
- Milestone changed from Unscheduled to OMERO-Beta4.4
comment:6 Changed 12 years ago by agilo
- Status changed from new to accepted
Updated status, related task in progress
comment:7 Changed 12 years ago by jmoore
- Summary changed from Possibly only change the group permissions for changePermissions and not all objects to Only change the group permissions for changePermissions and not all objects
comment:8 Changed 12 years ago by jmoore
- Resolution set to fixed
- Status changed from accepted to closed
See https://github.com/openmicroscopy/openmicroscopy/pull/135
Significant testing and client modification needed.
comment:9 Changed 12 years ago by agilo
- Status changed from closed to accepted
Updated status, related task in progress
comment:10 Changed 12 years ago by jmoore <josh@…>
(In [2c57d726a36957007fdd562748b0991cd259864e/ome.git] on branch develop) Store current client in Details of all SDKs (See #2874)
After refactoring the C++ and more significantly the Python
model object factory logic, it's possible to have the client
instance set on the DetailsI of all model objects as they
are returned from the server
This includes the alphabetical ordering of DSL types to make
it easier to compare different implementations of, say,
omero.ObjectFactoryRegistrar?.py.
comment:11 Changed 12 years ago by jmoore <josh@…>
(In [baac19cf5ba05d90b61f7d77013814937b6b1965/ome.git] on branch develop) Set context fields to Details (See #2874)
Note: not all of the const-ness of these fields
is as ideal as I would like it. This comes from
various reasons (not the least of which is probably
my own misunderstanding). For the moment, "client
developers beware" -- no fiddling with the values
in these context instances (which is of course
always the case for Python)
comment:12 Changed 12 years ago by jmoore <josh@…>
(In [2c57d726a36957007fdd562748b0991cd259864e/ome.git] on branch develop) Store current client in Details of all SDKs (See #2874)
After refactoring the C++ and more significantly the Python
model object factory logic, it's possible to have the client
instance set on the DetailsI of all model objects as they
are returned from the server
This includes the alphabetical ordering of DSL types to make
it easier to compare different implementations of, say,
omero.ObjectFactoryRegistrar?.py.
comment:13 Changed 12 years ago by jmoore <josh@…>
(In [baac19cf5ba05d90b61f7d77013814937b6b1965/ome.git] on branch develop) Set context fields to Details (See #2874)
Note: not all of the const-ness of these fields
is as ideal as I would like it. This comes from
various reasons (not the least of which is probably
my own misunderstanding). For the moment, "client
developers beware" -- no fiddling with the values
in these context instances (which is of course
always the case for Python)
comment:14 Changed 12 years ago by jburel
- Status changed from accepted to closed
Modifying to a story to contain the various bits of work needed to implement the larger solution for #2872 (which this ticket was contained in).