User Story #6316 (new)
Opened 13 years ago
Last modified 12 years ago
Guest account accessibility — at Version 1
Reported by: | atarkowska | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | Unscheduled |
Component: | Security | Keywords: | n.a. |
Cc: | jamoore | Story Points: | n.a. |
Sprint: | n.a. | Importance: | n.a. |
Total Remaining Time: | 0.0d | Estimated Remaining Time: | n.a. |
Description (last modified by atarkowska)
Because OMEROBlitz provides access to OmeroApi services for OmeroClients that are logged in only, guest account was designed to give access to security annotated methods @PermitAll? to be called by all users regardless of their status.
Currently there is limited number of functionality that can be called by Guest user, like: all methods in IConfig and few in IAdmin (reportForgottenPassword, getEventContext, getSecurityRoles, changeExpiredCredentials). Based on the community feedback it seams they have higher expectation of the usage: