Task #6620 (accepted)
Opened 13 years ago
Last modified 12 years ago
chgrp: security restrictions — at Version 3
| Reported by: | jamoore | Owned by: | jamoore |
|---|---|---|---|
| Priority: | critical | Milestone: | OMERO-Beta4.3.2 |
| Component: | Security | Version: | n.a. |
| Keywords: | n.a. | Cc: | jburel |
| Resources: | n.a. | Referenced By: | n.a. |
| References: | n.a. | Remaining Time: | n.a. |
| Sprint: | 2011-09-01 (4) |
Description (last modified by jmoore)
Restrictions
- As a group member, no moving data to a group that you're not a member of
- As a group owner, no moving other's data to a group that you're not an owner of
- As anyone, (partially) restrict move to group with lower permissions.
- ...
Open questions
- Should moving to the "user" group be allowed? The primary issue is one of testing. Are there any dead-ends that the data gets into, so that it can't get back out? (i.e. once someone links to an image in "user", then it could get stuck)
- Should users be able to move data from group A to B while logged into C? At the moment, they can't, but the ChgrpI implementation could login into A automatically (and temporarily)
Change History (3)
comment:1 Changed 13 years ago by jmoore
- Status changed from new to accepted
comment:2 Changed 13 years ago by jburel
comment:3 Changed 13 years ago by jmoore
- Description modified (diff)
Think 'automatically & temporarily' is a better way of what I meant with silently. Or transparently? But it's probably not important. Maybe just better to change to the group in question.
Note: See
TracTickets for help on using
tickets.
You may also have a look at Agilo extensions to the ticket.
not sure that silently is a good idea for general users, including group owners. Maybe only for admin.