Task #1781 (closed)
Opened 14 years ago
Closed 14 years ago
Permissions : Allow group owners to manage own group
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | major | Milestone: | OMERO-Beta4.2 |
Component: | Security | Version: | 4.1 |
Keywords: | n.a. | Cc: | atarkowska, jburel, cxallan |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description
This ticket is a part of #1434
Group owners should have special privileges for some methods of the IAdmin interface.
See shoola:ticket:1132 for concerns / which methods should be enabled.
Change History (3)
comment:1 Changed 14 years ago by jmoore
comment:2 Changed 14 years ago by jmoore
- r6066 - ticket:1781 - Fixing issues with exp/grp update (API CHANGE) For …
- r6065 - ticket:1781 - Fixing a few bugs, adding tests
This seems to be quite working well, though with some of the "system" group changes from #1784 it may need to be reviewed.
comment:3 Changed 14 years ago by jmoore
- Resolution set to fixed
- Status changed from new to closed
We may need to add group-owner access to other special methods, but for now this seems to be complete (iteration II of WorkPlan/Permissions)
r6061 contains a first implementation of this. @RolesAllowed("system") methods which took a group's or user's id, name, or object was changed to @RolesAllowed("user") with a check added adminOrPiOf...(). There will need to be more tests run to guarantee that no hole has been opened, but the key functions seem to be working.