Task #11479 (closed)
Bug: remove others' Tags when group -> private
Reported by: | wmoore | Owned by: | jamoore |
---|---|---|---|
Priority: | blocker | Milestone: | 5.0.2 |
Component: | Security | Version: | n.a. |
Keywords: | BACKPORT-4.4 | Cc: | java@… |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | 0.0d |
Sprint: | n.a. |
Description
If I link another user's Tag to my data (in a read-annotate group) and then the permissions of the group are changed to private, the annotation link is not removed. I can still access the link but NOT the other user's Tag that it links to, which makes no sense.
This creates errors in the web client and "Annotation could not be loaded" in Insight.
NB: If the owner of the Tag has also linked their tag to my data (we've both linked the same Tag to the same Project) then their link IS removed when the group becomes private. We just need to have the same behaviour for the other link too.
Change History (8)
comment:1 Changed 11 years ago by jamoore
- Cc java@… added; mtbcarroll removed
- Owner changed from jmoore to jamoore
- Priority changed from major to blocker
comment:2 Changed 10 years ago by jamoore
Linked to #11752 (graph related issues)
comment:3 Changed 10 years ago by jamoore
- Milestone changed from 5.1.0 to 5.0.2
Moving all remaining blockers to 5.0.2 for re-evaluation.
comment:4 Changed 10 years ago by jamoore
Investigation ticket added in PR https://github.com/openmicroscopy/openmicroscopy/pull/2369
comment:5 Changed 10 years ago by jamoore
- Resolution set to fixed
- Status changed from new to closed
Fix pushed to the same PR.
comment:6 Changed 10 years ago by Will Moore <w.moore@…>
(In [588342dabf6ebdee008331b2ecfc2e001d5de827/ome.git] on branch develop) Handle SecurityViolation? on group save(). See #11479
comment:7 Changed 10 years ago by jmoore <josh@…>
(In [0f6175f8e987ceada0a90f56be0e0e775b2e7d7d/ome.git] on branch develop) Add non-reproducing method (See #11479)
This method attempts to reproduce the described error
from 11479. An ERR is returned during the chmod, however,
preventing the test from completing:
`
Cannot change permissions on ome.model.meta.ExperimenterGroup:Id_1162 to rw---- due to locks:
{*=1, ome.model.annotations.ProjectAnnotationLink?=1}
`
comment:8 Changed 10 years ago by jmoore <josh@…>
- Remaining Time set to 0
(In [28f6b77d6ac8d5edd93ed3c5a4cf4c9e46b61f09/ome.git] on branch develop) Perform check in omero.group=-1 (Fix #11479)
This certainly seems critical, not to mention that it goes along with the remaining few graph tickets in 4.4.9. Probably need to sit down and discuss.