Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

User Story #337 (closed)

Opened 18 years ago

Closed 18 years ago

Locking umbrella

Reported by: jamoore Owned by: jamoore
Priority: critical Milestone: 3.0-M3
Component: Security Keywords: iteration5, locking, USE
Cc: Story Points: n.a.
Sprint: n.a. Importance: n.a.
Total Remaining Time: n.a. Estimated Remaining Time: n.a.

Description

After lengthy discussions of the Permissions.Right.USE it was decided (#310) to remove that particular flexibility. The security privileges were merged with READ.

The server responsibility of locking objects that have been USED (now simply "linked to") still remains and is actually quite complex. This ticket is to gather up all the changes related to that locking functionality.

Change History (11)

comment:1 Changed 18 years ago by jmoore

(New) Requirements:

  • ExtendedMetadata for static information for graph walking
  • FlushEntityEventListener due to the weird semantics of changing a graph out of turn
  • CurrentDetails.lockCandidatesHolder to hold the current context until !FEEListener can set the LOCK flag
  • IAdmin.unlock to undo the whole business (sysadmin only)
  • PostProcessInjector because of a the cyclical dependency of Security->SessionFactory->Security

comment:2 Changed 18 years ago by jmoore

r921 provides the listed requirements. As stated, client-side testing needed. Several existing tests will break due to (now) disallowed details changes.

comment:3 Changed 18 years ago by jmoore

See #339 for a sub-issue. r923 and r924 contain related changes.

comment:4 Changed 18 years ago by jmoore

  • Keywords iteration5 locking USE added; iteration4 removed

Testing to take place in iteration5. Rescheduling.

comment:5 Changed 18 years ago by jmoore

r939 contains updates to the locking system. See #328 for more.

comment:6 Changed 18 years ago by jmoore

r941 reworks client-side tests.

comment:7 Changed 18 years ago by jmoore

r944 loosens semantics in the case of WORLD-READ. Specifically, if a locked object is world-readable, then it is possible to change the owner.

comment:8 Changed 18 years ago by jmoore

r946 adds a boolean array return value to IAdmin.unlock. Also further server-side testing with AdminTest

comment:9 Changed 18 years ago by jmoore

There's no reason to lock entites that don't have permissions (system-types). Otherwise, you get output like this:

20:23:21,165 INFO  [BasicSecuritySystem] Adding log:UPDATE,class ome.model.meta.Experimenter,135
20:23:21,165 INFO  [EventHandler]   Auth:       user=135,group=1,event=3524(User)
20:23:21,192 INFO  [BasicSecuritySystem] Adding log:UPDATE,class ome.model.acquisition.Microscope,13
20:23:21,193 INFO  [BasicSecuritySystem] Adding log:UPDATE,class ome.model.meta.Experimenter,133
20:23:21,233 INFO  [ServiceHandler] Rslt:       Microscope:Id_13

comment:10 Changed 18 years ago by jmoore

See #357.

comment:11 Changed 18 years ago by jmoore

  • Resolution set to fixed
  • Status changed from new to closed

r984 closes. All tests are now passing or covered by other tickets.

More tests can be written under #378.

(Unneccesary updates covered by #379)

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.72125 sec.)

We're Hiring!