Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #8710 (new)

Opened 10 years ago

Last modified 9 years ago

Review canChgrp()

Reported by: wmoore Owned by: jamoore
Priority: major Milestone: Unscheduled
Component: Services Version: n.a.
Keywords: n.a. Cc: atarkowska, cxallan, jburel
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: n.a.


devteam chat:
(Needs further discussion)

Josh - am I right in thinking that you can't chgrp an object unless you own it?

or are group/system admin.

Will Moore
If group owner moves data belonging to another group member, does that change the ownership
or do they have to move it to another group that the data-owner is a member?

At the moment, neither. Membership in a group is not required for a user to own data in a group.

Will Moore
If the data-owner is not in the same group as the data, I imagine the data won't show up in the clients
since we always browse data under users in a group

Hmmm….good point.

Will Moore
Easiest is to only allow data-owner to move data
If group-owner were to move data belonging to another member, which groups can they move it to?
Do they have to be group owner of destingation groups?
or just group member?

at the moment, a member of the target group.
btw, to do this, we'd need to add a "canChgrp" permission.

Will Moore
So, they could move it there, but not necessarily be able to move it back?


Change History (15)

comment:1 Changed 10 years ago by wmoore

If I am an owner of the group and I try to chgrp data belonging to another user via 'old API'

chgrp = omero.cmd.Chgrp(type=graph_spec, id=obj_id, options=None, grp=group_id)
prx = self.c.sf.submit(chgrp)

I get:

stacktrace: omero.cmd.HandleI$Cancel: non-owner
	at omero.cmd.Helper.cancel(Helper.java:202)
	at omero.cmd.Helper.cancel(Helper.java:175)
	at omero.cmd.graphs.ChgrpI.init(ChgrpI.java:118)
	at omero.cmd.HandleI.steps(HandleI.java:334)
	at omero.cmd.HandleI.doRun(HandleI.java:320)
	at omero.cmd.HandleI$1.doWork(HandleI.java:272)
	at omero.cmd.HandleI$1.doWork(HandleI.java:268)
	at sun.reflect.GeneratedMethodAccessor243.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
	at ome.services.util.Executor$Impl$Interceptor.invoke(Executor.java:498)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.security.basic.EventHandler.invoke(EventHandler.java:165)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:236)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:116)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
	at $Proxy65.doWork(Unknown Source)
	at ome.services.util.Executor$Impl.execute(Executor.java:402)
	at omero.cmd.HandleI.run(HandleI.java:266)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
	at ome.services.util.Executor$Impl$1.call(Executor.java:427)
	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
	at java.util.concurrent.FutureTask.run(FutureTask.java:138)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:680)
, message: non-owner

comment:2 Changed 10 years ago by jburel

  • Sprint changed from 2012-05-08 (14) to 2012-05-22 (15)

Moved from sprint 2012-05-08 (14)

comment:3 Changed 10 years ago by wmoore

After discussion in today's meeting, decided that clients will limit chgrp to data owners and Admins only.

So, this ticket can be closed as far as canChgrp() is concerned, but you may want to keep it for the stack trace (for when a group-owner moves data belonging to another group member. Although we are not going to try and support it in clients. Maybe we don't want server to support this anyway).

comment:4 Changed 10 years ago by Will Moore <will@…>

(In [dbe414d5cfe0122550fade1b4f6f703fc90b6e45/ome.git] on branch develop) Adding canChgrp() to Blitz Gateway with client-side logic. See #8710

We return True if the current user is the owner of the data OR the owner of the group
that the data is in OR is an Admin

comment:5 Changed 10 years ago by Will Moore <will@…>

(In [524bcff63cc8ddbbd79144f0c937e344ffe094b3/ome.git] on branch develop) Adding canChgrp flag to jsTree nodes, update right-click menu. See #8710

comment:6 Changed 10 years ago by Will Moore <will@…>

(In [d07dd935a1cf71938612d36679ae91d03e36e98b/ome.git] on branch develop) Small fixes to Activities chgrp. See #8710

This fixes the fact that the chgrpfailed? flag did not get updated
in the request.session, so that we tried to retrieve this callback again
and failed at checkedCast.

comment:7 Changed 10 years ago by Will Moore <will@…>

(In [bb582bbdd9747ad10ca2873fb8199377de2cf1c6/ome.git] on branch develop) canChgrp() only True for Admins or Data-Owners. See #8710

comment:8 Changed 10 years ago by jmoore

  • Sprint changed from 2012-05-22 (15) to 2012-06-05 (16)
  • Summary changed from canChgrp() to Bug: canChgrp()

Marking as a bug to make sure only the proper roles can chgrp.

comment:9 Changed 9 years ago by jburel

  • Sprint changed from 2012-06-05 (16) to 2012-06-19 (17)

Moved from sprint 2012-06-05 (16)

comment:10 Changed 9 years ago by jmoore

  • Priority changed from critical to major

comment:11 Changed 9 years ago by jburel

  • Sprint changed from 2012-06-19 (17) to 2012-07-03 (18)

Moved from sprint 2012-06-19 (17)

comment:12 Changed 9 years ago by jburel

  • Sprint changed from 2012-07-03 (18) to 2012-07-17 (19)

Moved from sprint 2012-07-03 (18)

comment:13 Changed 9 years ago by jmoore

  • Milestone changed from OMERO-Beta4.4 to OMERO-Beta4.4.1
  • Sprint 2012-07-17 (19) deleted

Moving to 4.4.1 for review.

comment:14 Changed 9 years ago by jmoore

  • Milestone changed from OMERO-4.4.3 to OMERO-4.5
  • Summary changed from Bug: canChgrp() to Review canChgrp()

Moving to the next larger milestone for review.

comment:15 Changed 9 years ago by jmoore

  • Milestone changed from OMERO-4.5 to Unscheduled

Moving to unscheduled with and in #8100

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.69972 sec.)

We're Hiring!