Task #3161 (closed)
Opened 13 years ago
Closed 13 years ago
"Viewed by" shows the same thumbnail
Reported by: | jburel | Owned by: | cxallan |
---|---|---|---|
Priority: | blocker | Milestone: | OMERO-Beta4.2.1 |
Component: | API | Version: | n.a. |
Keywords: | n.a. | Cc: | jamoore, cxallan, atarkowska |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | 2010-10-28 (18) |
Description (last modified by jburel)
"Viewed by" shows the same thumbnail for each user, regardless of real rendering settings
Context rwrw:
- user1, owner of the image (not owner of the group), changes settings,
- user2 can view settings set by user1 and the default view.
- user2 changes settings.
- user1 tries to view the thumbnail
omero.SecurityViolation serverStackTrace = "ome.conditions.SecurityViolation: Updating ome.model.display.Thumbnail:Id_604 not allowed. at ome.security.basic.BasicACLVoter.throwUpdateViolation(BasicACLVoter.java:171) at ome.security.CompositeACLVoter.throwUpdateViolation(CompositeACLVoter.java:90) at ome.security.ACLEventListener.onPreUpdate(ACLEventListener.java:129) at org.hibernate.action.EntityUpdateAction.preUpdate(EntityUpdateAction.java:236) at org.hibernate.action.EntityUpdateAction.execute(EntityUpdateAction.java:87) at org.hibernate.engine.ActionQueue.execute(ActionQueue.java:268) at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:260) at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:180)
we use the method getThumbnail(sizeX, sizeY);
other scenario in rwrw--
- user1 imports image and changes Rendering to R1
- user2 looks at the image and changes settings to R2
- user3 owner of the group looks using "viewed by" and thumbail for user1 and user2 are the same
Problem when user browses his/her data
See screen shot
Attachments (2)
Change History (7)
Changed 13 years ago by jburel
comment:1 Changed 13 years ago by jburel
- Description modified (diff)
- Priority changed from critical to blocker
Changed 13 years ago by jburel
comment:2 Changed 13 years ago by cxallan
comment:3 Changed 13 years ago by cxallan
- Status changed from new to assigned
comment:4 Changed 13 years ago by cxallan
comment:5 Changed 13 years ago by cxallan
- Resolution set to fixed
- Status changed from assigned to closed
Closing #3106 and #3161 based on some review with J-M after the fixes put in place in r8423. Basically OMERO.insight was trying to be a bit too smart for the server when refreshing thumbnails in the Data Manager after "preview" rendering settings change. This caused Thumbnail metadata to not be updated, and as a non-owner of an object (either in the RO or RW group case) cannot update the thumbnail this resulted in "old" thumbnails coming through the cache.
(In [8423]) Handle cases where Thumbnail metadata is dirty but we're not the owner of that Thumbnail and can't thus update it; fixes security violation. (See #3161)