Task #9437 (closed)
Opened 12 years ago
Closed 12 years ago
Bug: Web showing two different user names
Reported by: | saloynton | Owned by: | saloynton |
---|---|---|---|
Priority: | major | Milestone: | OMERO-4.4.4 |
Component: | Web | Version: | n.a. |
Keywords: | n.a. | Cc: | web-team@…, ux@… |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description
- I took the image link from IE 9 logged in as user 6 group-read annotate.
- Pasted link into chrome
- logged in as user 3 to confirm the image would not be shown.
- logged out
- logged in as user 6 to access the image
- now I see user-6 in top right hand corner
- but I see the group shown as group-read annotate user-3.
See screenshot attached.
Attachments (1)
Change History (7)
comment:1 Changed 12 years ago by wmoore
- Owner changed from wmoore to saloynton
comment:2 Changed 12 years ago by saloynton
- Cc changed from web-team@openmicroscopy.org.uk, ux@openmicroscopy.org.uk, ux@openmicroscopy.org.uk to web-team@openmicroscopy.org.uk, ux@openmicroscopy.org.uk
Yes sorry Will the wrong screenshot is shown I will switch that over later as it on the other machine I was using for testing.
The correct screenshot is up but I did not copy in the URL to check if it was the already known problem. I shall re-test this now.
comment:3 Changed 12 years ago by saloynton
In trying to reproduce this error again I have had the following exception.
I was trying to log in as user-2 to the url that belongs to user-6. User-2 does definitely not have access to the image.
Traceback (most recent call last): File "/home/omero/slave/workspace/OMERO-merge-green/src/dist/lib/python/django/core/handlers/base.py", line 111, in get_response response = callback(request, *callback_args, **callback_kwargs) File "/home/omero/slave/workspace/OMERO-merge-green/src/dist/lib/python/omeroweb/decorators.py", line 376, in wrapped retval = f(request, *args, **kwargs) File "/home/omero/slave/workspace/OMERO-merge-green/src/dist/lib/python/omeroweb/decorators.py", line 413, in wrapper context = f(request, *args, **kwargs) File "/home/omero/slave/workspace/OMERO-merge-green/src/dist/lib/python/omeroweb/webclient/views.py", line 481, in load_data manager.listContainerHierarchy(filter_user_id) File "/home/omero/slave/workspace/OMERO-merge-green/src/dist/lib/python/omeroweb/webclient/controller/container.py", line 275, in listContainerHierarchy self.experimenter = self.conn.getObject("Experimenter", eid) File "/home/omero/slave/workspace/OMERO-merge-green/src/dist/lib/python/omero/gateway/__init__.py", line 2479, in getObject result = self.getQueryService().findByQuery(query, params, self.SERVICE_OPTS) File "/home/omero/slave/workspace/OMERO-merge-green/src/dist/lib/python/omero/gateway/__init__.py", line 3286, in __call__ return self.handle_exception(e, *args, **kwargs) File "/home/omero/slave/workspace/OMERO-merge-green/src/dist/lib/python/omeroweb/webclient/webclient_gateway.py", line 1875, in handle_exception e, *args, **kwargs) File "/home/omero/slave/workspace/OMERO-merge-green/src/dist/lib/python/omero/gateway/__init__.py", line 3283, in __call__ return self.f(*args, **kwargs) File "/home/omero/slave/workspace/OMERO-merge-green/src/dist/lib/python/omero_api_IQuery_ice.py", line 133, in findByQuery return _M_omero.api.IQuery._op_findByQuery.invoke(self, ((query, params), _ctx)) SecurityViolation: exception ::omero::SecurityViolation { serverStackTrace = ome.conditions.SecurityViolation: User 3 is not a member of group 5 and cannot login at ome.security.basic.BasicSecuritySystem.loadEventContext(BasicSecuritySystem.java:380) at ome.security.basic.EventHandler.doLogin(EventHandler.java:210) at ome.security.basic.EventHandler.invoke(EventHandler.java:146) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:241) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:116) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at $Proxy75.findByQuery(Unknown Source) at sun.reflect.GeneratedMethodAccessor297.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at ome.security.basic.BasicSecurityWiring.invoke(BasicSecurityWiring.java:98) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at ome.services.blitz.fire.AopContextInitializer.invoke(AopContextInitializer.java:43) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at $Proxy75.findByQuery(Unknown Source) at sun.reflect.GeneratedMethodAccessor390.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at ome.services.blitz.util.IceMethodInvoker.invoke(IceMethodInvoker.java:179) at ome.services.throttling.Callback.run(Callback.java:56) at ome.services.throttling.InThreadThrottlingStrategy.callInvokerOnRawArgs(InThreadThrottlingStrategy.java:56) at ome.services.blitz.impl.AbstractAmdServant.callInvokerOnRawArgs(AbstractAmdServant.java:137) at ome.services.blitz.impl.QueryI.findByQuery_async(QueryI.java:92) at sun.reflect.GeneratedMethodAccessor389.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at omero.cmd.CallContext.invoke(CallContext.java:59) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at $Proxy76.findByQuery_async(Unknown Source) at omero.api._IQueryTie.findByQuery_async(_IQueryTie.java:113) at omero.api._IQueryDisp.___findByQuery(_IQueryDisp.java:342) at omero.api._IQueryDisp.__dispatch(_IQueryDisp.java:508) at IceInternal.Incoming.invoke(Incoming.java:159) at Ice.ConnectionI.invokeAll(ConnectionI.java:2037) at Ice.ConnectionI.message(ConnectionI.java:972) at IceInternal.ThreadPool.run(ThreadPool.java:577) at IceInternal.ThreadPool.access$100(ThreadPool.java:12) at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971) serverExceptionClass = ome.conditions.SecurityViolation message = User 3 is not a member of group 5 and cannot login } <WSGIRequest GET:<QueryDict: {u'view': [u'tree']}>, POST:<QueryDict: {}>, COOKIES:{'sessionid': '216503d0eaa580f023bb95b6e9fb6220'}, META:{'DOCUMENT_ROOT': '/var/www', 'GATEWAY_INTERFACE': 'CGI/1.1', 'HTTP_ACCEPT': 'text/html, */*; q=0.01', 'HTTP_ACCEPT_CHARSET': 'ISO-8859-1,utf-8;q=0.7,*;q=0.3', 'HTTP_ACCEPT_ENCODING': 'gzip,deflate,sdch', 'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.8', 'HTTP_CONNECTION': 'keep-alive', 'HTTP_COOKIE': 'sessionid=216503d0eaa580f023bb95b6e9fb6220', 'HTTP_HOST': 'gretzky.openmicroscopy.org.uk', 'HTTP_REFERER': 'http://gretzky.openmicroscopy.org.uk/webclient/?show=image-1770', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11', 'HTTP_X_REQUESTED_WITH': 'XMLHttpRequest', 'PATH': '/usr/local/bin:/usr/bin:/bin', 'PATH_INFO': u'/webclient/load_data/', 'PATH_TRANSLATED': '/home/omero/OMERO-CURRENT/var/omero.fcgi/webclient/load_data/', 'QUERY_STRING': 'view=tree', 'REMOTE_ADDR': '10.34.1.155', 'REMOTE_PORT': '63865', 'REQUEST_METHOD': 'GET', 'REQUEST_URI': '/webclient/load_data/?view=tree', 'SCRIPT_FILENAME': '/home/omero/OMERO-CURRENT/var/omero.fcgi', 'SCRIPT_NAME': u'', 'SERVER_ADDR': '134.36.65.227', 'SERVER_ADMIN': 'webmaster@localhost', 'SERVER_NAME': 'gretzky.openmicroscopy.org.uk', 'SERVER_PORT': '80', 'SERVER_PROTOCOL': 'HTTP/1.1', 'SERVER_SIGNATURE': '<address>Apache/2.2.14 (Ubuntu) Server at gretzky.openmicroscopy.org.uk Port 80</address>\n', 'SERVER_SOFTWARE': 'Apache/2.2.14 (Ubuntu)', 'wsgi.errors': <flup.server.fcgi_base.TeeOutputStream object at 0x499b6d0>, 'wsgi.input': <flup.server.fcgi_base.InputStream object at 0x4910cd0>, 'wsgi.multiprocess': True, 'wsgi.multithread': False, 'wsgi.run_once': False, 'wsgi.url_scheme': 'http', 'wsgi.version': (1, 0)}>
Changed 12 years ago by saloynton
comment:4 Changed 12 years ago by wmoore
I think this is a different issue caused by switching users without logging out? I created a ticket #9448
I just tried logging in as user-3, logging out and logging in as user-6, but didn't get shown user-3 data (as in screen-shot). Any ideas? If you repeat the steps above, do you still get the same screen-shot? Could you try it and capture the url too - would help a lot, Cheers,
comment:5 Changed 12 years ago by eehill
closing as Scott says this was not reproducible.
comment:6 Changed 12 years ago by eehill
- Resolution set to worksforme
- Status changed from new to closed
Is that the wrong screen-shot Scott? Doesn't seem to match the text.
Who is the owner of the image in your description? When you say "logged in as user 6 to access the image" did you follow the landing page url? Did it show you the image?
When you follow the ?show=image-<id> path, the data tree displayed will be for the image Owner and Group that the image is currently in.