Task #9505 (closed)
Bug: canEdit group "-1" objects
Reported by: | wmoore | Owned by: | jamoore |
---|---|---|---|
Priority: | critical | Milestone: | OMERO-4.4.4 |
Component: | Queries | Version: | n.a. |
Keywords: | n.a. | Cc: | cxallan, cneves, jburel |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | 0.0d |
Sprint: | 2012-08-28 (3) |
Description
If I retrieve objects using omero.group:"-1" then canEdit, canAnnotate, canDelete etc return False, when they should return True.
I can work around this in some cases: E.g. http://github.com/will-moore/openmicroscopy/commit/3806c5340467dab6df391bc1bb372f733776e1c0
However, it is more problematic in other areas (see below).
Test for this will be committed below.
Change History (16)
comment:1 Changed 12 years ago by wmoore
comment:2 Changed 12 years ago by jmoore
- Remaining Time set to 0.5
- Sprint set to 2012-08-28 (3)
- Status changed from new to accepted
Thanks for the test, Will.
comment:3 Changed 12 years ago by jmoore
- Summary changed from canEdit group "-1" objects to Bug: canEdit group "-1" objects
comment:4 Changed 12 years ago by jmoore
- Owner changed from jmoore to wmoore
With later work (from another branch) the error I get is:
====================================================================== ERROR: Should be able to Annotate and Edit object retrieved with omero.group:'-1' ---------------------------------------------------------------------- Traceback (most recent call last): File "test/gatewaytest/chmod.py", line 333, in testGroupMinusOne self.assertCanEdit(p, True) File "test/gatewaytest/chmod.py", line 153, in assertCanEdit rv = update.saveObject(link, self.gateway.SERVICE_OPTS) File "/Users/moore/git/components/tools/OmeroPy/build/lib/omero/gateway/__init__.py", line 3303, in __call__ return self.handle_exception(e, *args, **kwargs) File "/Users/moore/git/components/tools/OmeroPy/build/lib/omero/gateway/__init__.py", line 3300, in __call__ return self.f(*args, **kwargs) File "/Users/moore/git/components/tools/OmeroPy/build/lib/omero_api_IUpdate_ice.py", line 89, in saveObject return _M_omero.api.IUpdate._op_saveObject.invoke(self, ((obj, ), _ctx)) ApiUsageException: exception ::omero::ApiUsageException { serverStackTrace = ome.conditions.ApiUsageException: No valid permissions available! DUMMY permissions are not intended for copying. Make sure that you have not passed omero.group=-1 for a save without context
which makes more sense. Basically, the context doesn't know what group you are in when it's trying to save. Do you think it would be possible to not pass -1 on the saveObject?
comment:5 Changed 12 years ago by wmoore
This is certainly OK (makes sense). If I comment out the canEdit checks, then the test fails on canAnnotate(), so there are still other issues to resolve.
I'll commit changes to assertCanEdit(), unless you already have something for that?
comment:6 Changed 12 years ago by cneves
There is a difference between being able to and actually doing it, right? If I'm an admin I should get True to all can* methods even if I passed the -1 group on object retrieval (which is the only way to get multiple objects off of multiple groups in one go). That's not to say that user can save without setting the actual group, though.
comment:7 Changed 12 years ago by wmoore
Carlos - that's correct exactly. I'm updating the test to reflect that:
- get the object using omero.group '-1'
- check value of canEdit()
- set the group to the same group as the object and test if I can actually Edit it
comment:8 Changed 12 years ago by Will Moore <will@…>
(In [47eada486b7e1248ebb3337c04e82ab8b5ba947d/ome.git] on branch develop) setGroupContext=True for load_metadata_details. See #9397, #9505
comment:9 Changed 12 years ago by wmoore
Updated test as described above https://github.com/will-moore/openmicroscopy/commit/10040e359d0997f31432533d01c1bc2bcba31292 and opened PR https://github.com/openmicroscopy/openmicroscopy/pull/309
comment:10 Changed 12 years ago by wmoore
- Owner changed from wmoore to jmoore
Test updated - back to jmoore...
comment:11 Changed 12 years ago by wmoore
See also #9526 as a use case waiting on this fix.
comment:12 Changed 12 years ago by jmoore
- Remaining Time changed from 0.5 to 0
- Resolution set to fixed
- Status changed from accepted to closed
Tests on https://github.com/openmicroscopy/openmicroscopy/pull/309 - I will hopefully be committing fixes this afternoon to the same PR.
comment:13 Changed 12 years ago by jmoore <josh@…>
(In [cd9f9c899d62ad53e5d126c062b82b3419c9a249/ome.git] on branch develop) gatewaytest for canEdit etc when get with omero.group:'-1'. See #9505
comment:14 Changed 12 years ago by jmoore <josh@…>
(In [edce3f6cddc91e5513f71a57b49f152d42109796/ome.git] on branch develop) chmod.py assertCanEdit() uses object's group ctx to save(). See #9505
comment:15 Changed 12 years ago by jmoore <josh@…>
(In [b4a378fa1c0357354e1abf1d8a885dfc330d8678/ome.git] on branch develop) Properly copy restrictions (See #9505)
Restrictions on objects like Project were being
improperly copied (to some extent from DUMMY
Permissions).
comment:16 Changed 12 years ago by jmoore <josh@…>
(In [f6dc5c1bdfc4c4df86ac45027c410e84d068edee/ome.git] on branch develop) Copy Permissions before assigning on applyContext (Fix #9505)
The group permissions object which was being cached in the
BasicEventContext? was being assigned directly to multiple
objects causing the restrictions value to be overwritten.
Test pushed to https://github.com/will-moore/openmicroscopy/commits/canEdit_group-1_9505
Workaround this issue is https://github.com/will-moore/openmicroscopy/commit/47eada486b7e1248ebb3337c04e82ab8b5ba947d