Context Navigation

← Previous Ticket
Next Ticket →

Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.

Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #8712 (closed)

Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

Bug: Member and read permissions

Reported by:	jburel	Owned by:	jburel
Priority:	blocker	Milestone:	OMERO-4.4
Component:	Services	Version:	n.a.
Keywords:	n.a.	Cc:	jamoore
Resources:	n.a.	Referenced By:	n.a.
References:	n.a.	Remaining Time:	n.a.
Sprint:	2012-05-22 (15)

Description

A basic user in RW, RWR, or RWRA is able to delete other member's data.

Test available in jburel/permission

References

Referenced by:
← User Story (#8434): chmod clients

Change History (10)

comment:1 Changed 12 years ago by jmoore

Jean-Marie, specifically what test?

comment:2 Changed 12 years ago by jmoore

I'm guessing RolesTest.testInteraction?

for rw, the report returned is "Object missing."
for rwr, it's also not actually deleting the object.

We'll need to modify the tests to test for deletion, and perhaps open a bug to have an error raised if the top-level object is not found (this goes for chgrp, too).

comment:3 Changed 12 years ago by jburel

I will review the tests and check that we have something in place for the DeleteServicePermission tests

comment:4 Changed 12 years ago by wmoore

I find that a member of 'rwrw--' is NOT able to delete another user's data. See #8723.

comment:5 Changed 12 years ago by jburel

tests reviewed/modified:

chmod/Roles:
- Failing: testInteractionByAdminRW and testInteractionByGroupOwnerRW, both awaiting the change of canEdit discussed above.
DeleteServicePermissionsTest
- failing testDeleteObjectByMemberRWRW

comment:6 Changed 12 years ago by jmoore

Cc jmoore added
Owner changed from jmoore to jburel

@chmod_web_8434 /tmp/scratch $ ./build.py -Dtestng.verbose=10 -Dtestng.useDefaultListeners=true -f components/tools/OmeroJava/build.xml test -DTEST=RolesTest
...
PASSED: testInteractionByAdminRW on instance null(integration.chmod.RolesTest)
PASSED: testInteractionByAdminRWR on instance null(integration.chmod.RolesTest)
PASSED: testInteractionByAdminRWRA on instance null(integration.chmod.RolesTest)
PASSED: testInteractionByAdminRWRW on instance null(integration.chmod.RolesTest)
PASSED: testInteractionByGroupOwnerRWR on instance null(integration.chmod.RolesTest)
PASSED: testInteractionByGroupOwnerRWRA on instance null(integration.chmod.RolesTest)
PASSED: testInteractionByGroupOwnerRWRW on instance null(integration.chmod.RolesTest)
PASSED: testInteractionByMemberRW on instance null(integration.chmod.RolesTest)
PASSED: testInteractionByMemberRWR on instance null(integration.chmod.RolesTest)
PASSED: testInteractionByMemberRWRA on instance null(integration.chmod.RolesTest)
PASSED: testInteractionByMemberRWRW on instance null(integration.chmod.RolesTest)
FAILED: testInteractionByGroupOwnerRW on instance null(integration.chmod.RolesTest)
junit.framework.AssertionFailedError: Group owner should not be allowed to delete an image/dataset link.
	at junit.framework.Assert.fail(Assert.java:47)
	at integration.chmod.RolesTest.testInteractionByGroupOwnerRW(RolesTest.java:239)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:74)
	at org.testng.internal.Invoker.invokeMethod(Invoker.java:673)
	at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:846)
	at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1170)
	at org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:125)
	at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:109)
	at org.testng.TestRunner.runWorkers(TestRunner.java:1125)
	at org.testng.TestRunner.privateRun(TestRunner.java:749)
	at org.testng.TestRunner.run(TestRunner.java:600)
	at org.testng.SuiteRunner.runTest(SuiteRunner.java:317)
	at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:312)
	at org.testng.SuiteRunner.privateRun(SuiteRunner.java:274)
	at org.testng.SuiteRunner.run(SuiteRunner.java:223)
	at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
	at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
	at org.testng.TestNG.runSuitesSequentially(TestNG.java:1007)
	at org.testng.TestNG.runSuitesLocally(TestNG.java:932)
	at org.testng.TestNG.run(TestNG.java:868)
	at org.testng.TestNG.privateMain(TestNG.java:1150)
	at org.testng.TestNG.main(TestNG.java:1114)
===============================================
    Ant test
    Tests run: 12, Failures: 1, Skips: 0
===============================================
...

Tests all seem to be passing except for the status of a group-owner, which was discussed today. Passing back to you, J-M, for handling. (We really should have a place for tests which test the difference between client and server expectations. Any ideas?)

comment:7 Changed 12 years ago by jburel

I will add more test for the difference between the 2 following today's discussion

comment:8 Changed 12 years ago by jburel

Status changed from new to closed

comment:9 Changed 12 years ago by jburel <j.burel@…>

(In [68378aabf1b8004cd027573a4994afa704e37a59/ome.git] on branch develop) Review permissions test (see #8712).

comment:10 Changed 12 years ago by jburel <j.burel@…>

(In [bcbef5b9011b02828e320847f78ba1bdb8d6bfdf/ome.git] on branch develop) Review test following permission discussion. (see #8712)

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

Download in other formats: