Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #3161 (closed)

Opened 13 years ago

Closed 13 years ago

"Viewed by" shows the same thumbnail

Reported by: jburel Owned by: cxallan
Priority: blocker Milestone: OMERO-Beta4.2.1
Component: API Version: n.a.
Keywords: n.a. Cc: jamoore, cxallan, atarkowska
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: 2010-10-28 (18)

Description (last modified by jburel)

"Viewed by" shows the same thumbnail for each user, regardless of real rendering settings

Context rwrw:

  • user1, owner of the image (not owner of the group), changes settings,
  • user2 can view settings set by user1 and the default view.
  • user2 changes settings.
  • user1 tries to view the thumbnail
    omero.SecurityViolation
        serverStackTrace = "ome.conditions.SecurityViolation: Updating ome.model.display.Thumbnail:Id_604 not allowed.
                            	at ome.security.basic.BasicACLVoter.throwUpdateViolation(BasicACLVoter.java:171)
                            	at ome.security.CompositeACLVoter.throwUpdateViolation(CompositeACLVoter.java:90)
                            	at ome.security.ACLEventListener.onPreUpdate(ACLEventListener.java:129)
                            	at org.hibernate.action.EntityUpdateAction.preUpdate(EntityUpdateAction.java:236)
                            	at org.hibernate.action.EntityUpdateAction.execute(EntityUpdateAction.java:87)
                            	at org.hibernate.engine.ActionQueue.execute(ActionQueue.java:268)
                            	at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:260)
                            	at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:180)
    

we use the method getThumbnail(sizeX, sizeY);

other scenario in rwrw--

  • user1 imports image and changes Rendering to R1
  • user2 looks at the image and changes settings to R2
  • user3 owner of the group looks using "viewed by" and thumbail for user1 and user2 are the same

Problem when user browses his/her data
See screen shot

Attachments (2)

Snapz Pro XScreenSnapz015.jpg (9.9 KB) - added by jburel 13 years ago.
Document1.docx (454.6 KB) - added by jburel 13 years ago.

Download all attachments as: .zip

Change History (7)

Changed 13 years ago by jburel

comment:1 Changed 13 years ago by jburel

  • Description modified (diff)
  • Priority changed from critical to blocker

Changed 13 years ago by jburel

comment:2 Changed 13 years ago by cxallan

(In [8423]) Handle cases where Thumbnail metadata is dirty but we're not the owner of that Thumbnail and can't thus update it; fixes security violation. (See #3161)

comment:3 Changed 13 years ago by cxallan

  • Status changed from new to assigned

comment:4 Changed 13 years ago by cxallan

(In [8425]) Further test case for three user "viewed by" view. (See #3161)

comment:5 Changed 13 years ago by cxallan

  • Resolution set to fixed
  • Status changed from assigned to closed

Closing #3106 and #3161 based on some review with J-M after the fixes put in place in r8423. Basically OMERO.insight was trying to be a bit too smart for the server when refreshing thumbnails in the Data Manager after "preview" rendering settings change. This caused Thumbnail metadata to not be updated, and as a non-owner of an object (either in the RO or RW group case) cannot update the thumbnail this resulted in "old" thumbnails coming through the cache.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.68145 sec.)

We're Hiring!