• Views
  • Iteration Report
  • My Iteration Report
  •  
OMERO.server
  • Login
  • Help/Guide
  • About Trac
  • Preferences
  • Wiki
  • Timeline
  • Roadmap
  • Browse Source
  • View Tickets
  • Search

Context Navigation

  • ← Previous Ticket
  • Next Ticket →

Ticket #182 (closed story: fixed)

Opened 2 years ago

Last modified 2 years ago

Users want to be able to set umasks on a per-session basis.

Reported by: jmoore Owned by: jmoore
Priority: critical Milestone: 3.0-M3
Component: Security Version: 3.0-M3
Keywords: profiles, story114, iteration4 Cc:

Description

Really advanced users...

This would be the first use case for an ExperimenterProfile? (similar to the bash .profile or .bashrc). It's not currently needed, but would allow for a good deal of variability.

In the case of umasks, the class-umask could either overwrite or be OR'd with the system umask and then XOR'd against FFFF (we currently use four bits -- see #180).

Change History

Changed 2 years ago by jmoore

  • priority changed from minor to critical
  • status changed from new to assigned
  • milestone changed from Unscheduled to 3.0-M3

This has been written up to some extent under Omero+Security on the tiki. Probably will start without the per-class basis style but rather per-session basis.

Changed 2 years ago by jmoore

  • keywords story114, iteration4 added; story114 removed

Changed 2 years ago by jmoore

#307 details the need for a workaround.

Changed 2 years ago by jmoore

r895 fulfills this requirement by no longer having Permissions instantiated in all Details instances. (Null Permissions, however, produced the Hibernate bug described in #307) This allows users to either (a) leave them null and take the umask default or (b) set the permissions and have them used on the backend (overrides umask).

Umasks are set on ServiceFactory and are resent on each call (as outlined in Omero+Security.

Once #307 is resolved, the fixing of nulls should move from UpdateFilter to BasicSecuritySystem.transientDetails and the reference to Permissions.Flag.SOFT in BasicSecuritySystem.managedDetails should be removed.

The nulling of Permissions required some reworking of existing tests. There are also new tests in the ome.client.itests.sec package for testing umasks.

Changed 2 years ago by jmoore

r896 extends the tests. (Also adds a un-related testng suite, that's generally useful, though)

Changed 2 years ago by jmoore

r900 filters the SOFT flag off of all permissions. This may or may not be the best long-term usage (i.e. there may be a reason to allow permissions to remain "SOFT" in the DB), but in the short-term, it makes things a bit cleaner.

Changed 2 years ago by jmoore

r901 fixes my whoops.

Changed 2 years ago by jmoore

  • status changed from assigned to closed
  • resolution set to fixed
  • summary changed from Users want to be able to set umasks on a per-class basis. to Users want to be able to set umasks on a per-session basis.

Seems to be stable. Changing per-class to per-session. The per-class requirement can be written up (much) later.

Note: See TracTickets for help on using tickets.

Download in other formats:

  • Comma-delimited Text
  • Tab-delimited Text
  • RSS Feed
Trac Powered

Powered by Trac 0.11
By Edgewall Software.

Visit the Trac open source project at
http://trac.edgewall.org/