Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #6620 (closed)

Opened 13 years ago

Closed 12 years ago

chgrp: security restrictions

Reported by: jamoore Owned by: jamoore
Priority: major Milestone: OMERO-4.4
Component: Security Version: n.a.
Keywords: n.a. Cc: jburel
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: n.a.

Description (last modified by jmoore)

Restrictions

  • As a group member, no moving data to a group that you're not a member of
  • As a group owner, no moving other's data to a group that you're not an owner of
  • As anyone, (partially) restrict move to group with lower permissions.
  • ...

Future (advanced features)

  • As a group member, move another members data to a group that both are a member of.

Open questions

  • Should moving to the "user" group be allowed? The primary issue is one of testing. Are there any dead-ends that the data gets into, so that it can't get back out? (i.e. once someone links to an image in "user", then it could get stuck)
  • Should users be able to move data from group A to B while logged into C? At the moment, they can't, but the ChgrpI implementation could login into A automatically (and temporarily)

Change History (10)

comment:1 Changed 13 years ago by jmoore

  • Status changed from new to accepted

comment:2 Changed 13 years ago by jburel

not sure that silently is a good idea for general users, including group owners. Maybe only for admin.

comment:3 Changed 13 years ago by jmoore

  • Description modified (diff)

Think 'automatically & temporarily' is a better way of what I meant with silently. Or transparently? But it's probably not important. Maybe just better to change to the group in question.

comment:4 Changed 13 years ago by jmoore

  • Description modified (diff)

comment:5 Changed 13 years ago by jburel

  • Sprint changed from 2011-09-01 (4) to 2011-09-15 (5)

Moved from sprint 2011-09-01 (4)

comment:6 Changed 13 years ago by jburel

  • Sprint changed from 2011-09-15 (5) to 2011-09-29 (6)

Moved from sprint 2011-09-15 (5)

comment:7 Changed 13 years ago by jburel

  • Milestone changed from OMERO-Beta4.3.2 to OME-5.0
  • Sprint 2011-09-29 (6) deleted

comment:8 Changed 12 years ago by jmoore <josh@…>

(In [1c4f714898977edf0d499cdd26f953eadc2d8405/ome.git] on branch develop) IAdmin.getEventContextQuiet for ChgrpI security checks (See #6620)

comment:9 Changed 12 years ago by jmoore

  • Priority changed from critical to major

This should primarily just be cross-checked against the various google docs that we have in place. Lowering to "major" to not block rc1 or ga.

comment:10 Changed 12 years ago by jburel

  • Resolution set to invalid
  • Status changed from accepted to closed

Questions moved to https://docs.google.com/spreadsheet/ccc?key=0AuqP9_Rq_HgldDNjT0ZIcHRSOUg1OFpjVUthdzM4cmc#gid=2

While writing tests, more open questions

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.70183 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!