NOTE: This page has been moved to #1854. The following breakdown is kept for historical reasons.

Breakdown

OMERO.server:

Breakdown:

1. #1434 Re-enable group permissions (Iteration I)
   1. rollback #1405 (remove configurable default perms) DONE
   2. rollback #1204 (make group global) DONE
   3. choice to make groups public on creation? cF. ticket:1204 (essentially re-opening that ticket) DONE
   4. All linked objects are checked for group (warning/exception on mixed group and/or mixed permissions) DONE
   5. All new objects are created in current group (warning/exception on explicit) with proper permissions for group DONE
   6. No object can be linked to an object of another group, regardless of permissions. DONE
   7. #1310 setGroup (1 day) DONE
   8. Prevent changing groups to "755" except through API! DONE
   9. #445 allow admin's to login into another group (Est. 1 day / Act. 0.5 days)
   10. #1767 Enumerations made global (Est. 1 days / Act. 0.5 days)
   11. #1764 Allow root to login to any group even if not member (Est. 0.5 days / Act. 0.5 days)
   12. #1766 Allow multiple owners (Est. 0.5 days, partially done before / Act. 0.5 days)
   13. #1762 All returned graphs are group-consistent, i.e. consist only of objects from a single group (with the exception of system types) (Est. 2 day / Act. 1.5 days)
2. Cont. (Iteration II, Ending Feb. 18)
   1. #1771 simpify filter group_id = X && true|false should suffice (DONE as part of #1769)
   2. #1769 handle root annotations of private groups (Est. 1 day / Act. 1.5 day)
   3. #1776 disallow calls to changePermissions with breaking permissions (Est. 0.5 days / Act. 0.5 days)
   4. #1778 add/removeGroupOwners (Est. 0.5 days / Act. 0.5 days)
   5. #1781 allow group owners to manage group (Est. 0.5 days / Act. 0.5 days)
   6. Bugs (Act. 2.5 days)
      • #1792 (link restrictions)
      • #1791 (user photos)
      • #1784 (scripting service)
      • #1775 (createGroup -> public)
      • #1774 (sudo broken)
      • #1434 (misc)
3. Cont. (Iteration III - mostly cleanup items)
   1. #1731 - unify umask and defaultPermissions
   2. "user" group becomes the "world public space" (may required "guest" to login to only "user") (2 days) ???
   3. Allow all users to login to public groups.
   4. #1783 decide on sensible permissions for initial groups
4. Cont. (Later)
   1. #1750 database upgrade (8 days)
   2. #320 changeGroup (and #967) (5 days)
   3. decide on world-public space (0.5 days) ???

everything above here transferred to agilo

• Cont
  • chown similar to chgrp ( email)
  • How long does setting a group public take? (timeouts)
    • Return sum of rows
  • rollback #337 (remove locking) (2 days)
  • review exceptions so, e.g write violation in share clearly states a share-violation
  • rollback #307 (remove 'soft' perms) (2 days)
  • Check interaction with runAsAdmin & privileged-tokens. (i.e. which has the highest priority) (1 day)
  • #1765 Move-User Wizard (3 days)
  • decide what "user-non-read" means.
  • eventually handle individual user settings of WRITE permissions ( transitions)
  • possibly remove "guest" group, since it won't help to view other groups.
  • prevent "setSecurityContext('user')"
  • allow "user.group" setting in implicit context
  • Finally, review all open tickets in securty component.

Note: #1434 still contains some "Items under discussion". These should be deleted or moved to other tickets upon completion.

---

OMERO.insight:

1.  insight#1026,  insight#1115 Allow user to switch between groups DONE.
2.  insight#1026 Allow user to view other experimenters DONE  insight r7009.
3. Allow to set the security context when logging in.  insight r7003. (Act. 1 day)
4.  insight#1132 Build facility for Group Owner (e.g. PI) to administrate his/her group (6 days)
   • Integrate in DataManager  insight r7033 (Act. 0.5 days) DONE
   •  insight#1149 (Iteration I) Integrate in DataBrowser ,  insight r7034 (Act. 0.5 days) DONE
   • (Iteration II/III) Build UI to create, remove, group and experimenter,  insight r7038, insight r7040,  insight r7058- insight r7060 DONE
   •  insight#1151 (Iteration II/III) Build structure to connect to server  insight r7037,  insight r7041,  insight r7061 (Act. 2 days) DONE
   •  insight#1174 (Iteration III) Build UI to copy/cut/paste experimenters (Act. 0.5 days)  insight r7065 DONE
   •  insight#1174 (Iteration III) Build structure to copy/cut/paste experimenters (Act. 0.5 days)  insight r7064 DONE
   •  insight#1175 (Maybe) LDAP support
   •  insight#1176 (Iteration III) Modify Group ownership  insight r7071 (Act. 0.5 days) DONE
   •  insight#1177 (Iteration III) Experimenter status
   •  insight#1178 (Iteration III) Reset password by administrator  insight r7079 (Act. 0.5 days) DONE

1. Bugs
   
   1. Major problems: permission RWR (Act. 1day so far)
      
      •  insight#1159 Problems with render compressed
      •  insight#1179 private group: rendering settings changes  insight r7073 DONE
      •  insight#1162 Security exceptions and UI availability when logged in as a group owner  insight r7056 DONE
   2. 1.Minor problems: (Act. 0.5)
      •  insight#1166 Expanded comments disappear when moving between images  insight r7075 DONE
      •  insight#1165 Longer user names are cut off.  insight r7075 DONE
      •  insight#1164 Tag manipulation view missing group's tags. See also #1829
      •  insight#1189 Login screen, group selection.

Note: Discussion Ola, Josh, J-M (21/01/10)

Options for a Group are rw, rwr, rwrw If the option is rwrw, clients will add controls so that the user cannot add a dataset for example to a project that does not belong to him/her

---

OMERO.web: #1456

1. WebAdmin changes (Iteration II 8-12/02/10):
   • access control field in GroupForm (est. 1 day | act. 1 day)
   • multi-selection owner field in GroupForm (est. 0.5 day | act. 0.5 day)
   • group controller modification (est. 0.5 day | act. 0.5 day)
   • group owner panel in 'myaccount' including new page for managing group by owner (est. 1.5 day | act. 1.5 day)
   • 'myaccount' controller modification (est. 0.5 day | act. 0.5 day)
   • gateway modification including new role 'owner' (est. 1 day | act. 1 day)
2. WebClient (Iteration II 15-19/02/10):
   • managing data for active group (est. 2 days | act. 2 days)
   • managing user data for active group (est. 2 days | act. 2 days)
   • controller modification (est. 0.5 day | act. 0.5 day)
   • gateway modification (est. 0.5 day | act. 0.5 day)
3. WebClient (Iteration III 22-26/02):
   • 'my account' update based on webadmin panel (est. 0.5 day)
4. WebClient (Iteration III 1-5/03):
   • managing group data for active group (est. 3 days)
   • controller modification (est. 0.5 day)
   • gateway modification (est. 0.5 day)
5. Extra tasks (Iteration I 1-5/02/10):
   • general server tests (act. 2 days)
   • integration tests (est. 1 day| act. 1 day)

• Decide on multi-group login

---

OMERO.importer:

1. Review and make changes to ImportLibrary (1 day)
2. Import dialog changes to show groups (1 day)
3. History system updates to store groups (1 day)

• Decide on multi-group login