• Views
  • Iteration Report
  • My Iteration Report
  •  
OMERO.server
  • Login
  • Help/Guide
  • About Trac
  • Preferences
  • Wiki
  • Timeline
  • Roadmap
  • Browse Source
  • View Tickets
  • Search

Context Navigation

  • Start Page
  • Index
  • History
  • Last Change

Omero Admin Interface

The one central interface for administering the Omero security system is IAdmin. Though several of the methods are restricted to system users (root and other administrators), many are also for general use. (The @javax.ejb.security.RolesAllowed annotations on the AdminBean class define who can use which methods)

Actions available through IAdmin and IUpdate

A couple of the methods in the IAdmin interface are also available implicitly through IUpdate, the main interface for updating the DB. This duplication is mainly useful for large scale changes, such as changing the permissions to an entire object graph. * changePermissions * changeGroup

The following shows how these methods can be equivalently used: 

    // setup
   ServiceFactory sf = new ServiceFactory();
   IAdmin iAdmin = sf.getAdminService();
   IUpdate iUpdate = sf.getUpdateService();
   Image myImg = ... ; //
 
   // using IAdmin -- let's change the group of myImg
   // and then make it group private.
   iAdmin.changeGroup(myImg, new ExperimenterGroup( 3L, false ));
   iAdmin.changePermissions( myImg, new Permissions( Permissions.GROUP_PRIVATE ));

   // and do the same using Details and IUpdate
   myImg.getDetails().setPermissions( new Permissions( Permissions.GROUP_PRIVATE )); 
   myImg.getDetails().setGroup( new ExperimenterGroup( 3L, false ));
   iUpdate.saveObject( myImg );

The benefit of the second method is the batching of changes into a single call. The benefit of the first is at most explicitness.Note, however, that changing any of the values of Details which are not also changeable through IAdmin will result in a SecurityViolation?.

Actions only available through IAdmin

The rest of the write methods provided by IAdmin are disallowed for IUpdate and will throw SecurityViolations. This includes adding users, groups, user/group maps, events, enums, or similar. (Enums here are a special case, because they are created not through IAdmin but through ITypes). A system administrator may be able to use IUpdate to create these "System-Types" but using IAdmin is safer, cleaner, and guaranteed to work in the future.

The password methods and synchronizeLoginCache are also special cases in that they have no equivalent in any other API.

Similarities between IAdmin and IQuery

All of the read methods provided by IAdmin are also available from IQuery, that is, the IAdmin (currently) provide no special context or security privileges. Howver, having all of the methods in one interface reduces code duplication, which is especially useful when one wants the entire user/group graph as provided by getExperimenter/getGroup/lookupExperimenter/lookupGroup.

See also : OmeroApi

Download in other formats:

  • Plain Text
Trac Powered

Powered by Trac 0.11
By Edgewall Software.

Visit the Trac open source project at
http://trac.edgewall.org/