Task #8277 (closed)
Adjust all permissions per user on read
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | critical | Milestone: | OMERO-4.4 |
Component: | General | Version: | n.a. |
Keywords: | n.a. | Cc: | jburel, wmoore |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | 0.0d |
Sprint: | 2012-04-10 (12) |
Description (last modified by jmoore)
Permission objects which are returned along with data graphs should be adjusted in order to reflect the capabilities of the current security context. For this implementation, the permission values on the actual rows will be ignored, which is inline with the overall story (#2874).
This work includes:
- Add methods canLink and canEdit (DONE)
- Add the call context, the event context, and the client/session object to the details of all objects. (DONE)
- Make the default object factory for permissions return a non-editable version (DONE)
- Perform the adjustment before returning any objects. Unloaded objects will not have permission objects, and therefore will need to be reloaded by the user.
See: https://www.openmicroscopy.org/site/community/minutes/minigroup/2012.03.12-groupperms
Change History (20)
comment:1 Changed 12 years ago by jmoore
- Status changed from new to accepted
comment:2 Changed 12 years ago by jmoore
- Description modified (diff)
comment:3 Changed 12 years ago by jmoore
- Description modified (diff)
comment:4 Changed 12 years ago by jmoore
- Description modified (diff)
comment:5 Changed 12 years ago by jmoore
- Description modified (diff)
- Remaining Time changed from 1.0 to 0.75
comment:6 Changed 12 years ago by jburel
- Sprint changed from 2012-03-27 (11) to 2012-04-10 (12)
Moved from sprint 2012-03-27 (11)
comment:7 Changed 12 years ago by jmoore
- Remaining Time changed from 0.75 to 0
- Resolution set to fixed
- Status changed from accepted to closed
Done in my 2874-chmod branch.
comment:8 Changed 12 years ago by jmoore <josh@…>
(In [d4b9f52dabc353309c83f0a7bda935d3761a30cb/ome.git] on branch develop) Add Immutable permissions (See #8277)
Once permissions are transferred to the client, they should
no longer be mutable to prevent false expectations.
comment:9 Changed 12 years ago by jmoore <josh@…>
(In [07e2e2d682e5c151235896e7386787350b4e46bb/ome.git] on branch develop) Change immutable implementation (See #8277)
Ice uses the default constructor of the PermissionsI
objects in a factory to first create objects and only
then does it fill in the fields, therefore it's not
possible to use the same ImmutablePermissionsI strategy
as done for internal permissions.
comment:10 Changed 12 years ago by jmoore <josh@…>
(In [43e5858292a800e3bc30924874950db68e6982fa/ome.git] on branch develop) PermissionsI.immutable for all SDKs (See #8277)
comment:11 Changed 12 years ago by jmoore <josh@…>
(In [e1e45adc6eb833c447cb32db9be26d5756a19255/ome.git] on branch develop) Passing chmod tests (See #8277, #8278)
These are simple tests which already pass when there is not much data.
The intent is to remove the changing of each row (#8278) and then have
these fail until #8277 is implemented.
comment:12 Changed 12 years ago by jmoore <josh@…>
(In [c7794a500b77327dc93c8c2df67da6ad2b08409c/ome.git] on branch develop) Post-processing permissions via BasicACLVoter (See #8277)
comment:13 Changed 12 years ago by jmoore <josh@…>
(In [71433e22d763d5a3c0f5cb739b8eabb58526aaf5/ome.git] on branch develop) All permissions now modifid on read (Fix #8277)
Permission values stored in the database for non-group
objects are now ignored, and instead the current group
permissions are set on all objects at read time.
This also properly sets (and tests) the setting of:
- details.getEventContext()
- details.getCallContext()
- permissions.canAnnotate()
- permissions.canEdit()
comment:14 Changed 12 years ago by jmoore <josh@…>
(In [d4b9f52dabc353309c83f0a7bda935d3761a30cb/ome.git] on branch develop) Add Immutable permissions (See #8277)
Once permissions are transferred to the client, they should
no longer be mutable to prevent false expectations.
comment:15 Changed 12 years ago by jmoore <josh@…>
(In [07e2e2d682e5c151235896e7386787350b4e46bb/ome.git] on branch develop) Change immutable implementation (See #8277)
Ice uses the default constructor of the PermissionsI
objects in a factory to first create objects and only
then does it fill in the fields, therefore it's not
possible to use the same ImmutablePermissionsI strategy
as done for internal permissions.
comment:16 Changed 12 years ago by jmoore <josh@…>
(In [43e5858292a800e3bc30924874950db68e6982fa/ome.git] on branch develop) PermissionsI.immutable for all SDKs (See #8277)
comment:17 Changed 12 years ago by jmoore <josh@…>
(In [e1e45adc6eb833c447cb32db9be26d5756a19255/ome.git] on branch develop) Passing chmod tests (See #8277, #8278)
These are simple tests which already pass when there is not much data.
The intent is to remove the changing of each row (#8278) and then have
these fail until #8277 is implemented.
comment:18 Changed 12 years ago by jmoore <josh@…>
(In [c7794a500b77327dc93c8c2df67da6ad2b08409c/ome.git] on branch develop) Post-processing permissions via BasicACLVoter (See #8277)
comment:19 Changed 12 years ago by jmoore <josh@…>
(In [71433e22d763d5a3c0f5cb739b8eabb58526aaf5/ome.git] on branch develop) All permissions now modifid on read (Fix #8277)
Permission values stored in the database for non-group
objects are now ignored, and instead the current group
permissions are set on all objects at read time.
This also properly sets (and tests) the setting of:
- details.getEventContext()
- details.getCallContext()
- permissions.canAnnotate()
- permissions.canEdit()
comment:20 Changed 12 years ago by jmoore <josh@…>
(In [4356899660f19858c66c1dc2b37d70627203a9df/ome.git] on branch develop) Fix BasicACLVoter.postProcess for unload objs (See #8277)
Updating after discussion in devteam about the choice between canAnnotate(event, call) and just canAnnotate()