Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Bug #301 (closed)

Opened 18 years ago

Closed 18 years ago

BasicSecuritySystem only allows modifications for members logged into same group

Reported by: jamoore Owned by: jamoore
Priority: major Cc: cxallan
Sprint: n.a.
Total Remaining Time: n.a.

Description

BSS only permitted modifications to an object which was group-writable if the user had logged in explicitly to the group, e.g. via Login(userName,password, groupName, eventType)

The implementation was roughly:

1.  boolean allowUpdate(){
2.    //...
3.    if ( p.isGranted(GROUP,WRITE) && group.getId().equals( currentGroupId() ))
4.        return true;
5.    //...
6.  }

Line 3 should be changed to:

      if ( p.isGranted(GROUP,WRITE) && memberOfGroups().contains( group.getId() ))

Change History (2)

comment:1 Changed 18 years ago by jmoore

r890 implements the suggested fix.

comment:2 Changed 18 years ago by jmoore

  • Resolution set to fixed
  • Status changed from new to closed

This is working in (client) WriteSecurityTest?. Closing.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.68142 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!