Task #404 (closed)
Opened 13 years ago
Closed 13 years ago
Decide on (and enforce) a non-User group for users.
| Reported by: | jamoore | Owned by: | jamoore |
|---|---|---|---|
| Priority: | critical | Milestone: | 3.0-Beta1 |
| Component: | Security | Version: | 3.0-M3 |
| Keywords: | groups, login | Cc: | cxallan |
| Resources: | n.a. | Referenced By: | n.a. |
| References: | n.a. | Remaining Time: | n.a. |
| Sprint: | n.a. |
Description
Currently during user creation via "java omero adduser" a user is added to the "user" group, but the groupexperimentermap is not set as the default group. This is because it was originally planned that a user not be allowed to login to the user group, but that it only be used for defining a ROLE.
There is nothing (now) preventing users from logging into the "user" group, but it would make sense that that NOT happen, since the owner of the "user" group is root, and therefore there is no PI.
See also #251, a corollary of this, which states that createUser() should require a non-null, non-"user" group for all users. (The same would need to be done for java omero adduser as well.)
Attachments (1)
Change History (7)
comment:1 Changed 13 years ago by jmoore
- Cc callan added
- Owner changed from callan to jmoore
comment:2 Changed 13 years ago by jmoore
- Priority changed from major to critical
Changed 13 years ago by jmoore
comment:3 Changed 13 years ago by jmoore
comment:4 Changed 13 years ago by jmoore
r1124 contains related minor fixes in several security tests.
comment:5 Changed 13 years ago by jmoore
- Milestone changed from 3.0-RC1 to 3.0-Beta1
comment:6 Changed 13 years ago by jmoore
- Resolution set to fixed
- Status changed from new to closed
Heard no complaints. Closing.
First shot patch. Needs work. Getting it off my system so I can do other stuff.