Context Navigation

← Previous Ticket
Next Ticket →

Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.

Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Bug #553 (closed)

Opened 17 years ago

Closed 17 years ago

BasicSecuritySystem.managedPermissions is too strict on locking

Reported by:	jamoore	Owned by:	jamoore
Priority:	minor	Cc:
Sprint:	n.a.
Total Remaining Time:	n.a.

Description

The security system is currently disallowing non-owning, non-supervisor users from locking objects.

References

Change History (3)

comment:1 Changed 17 years ago by jmoore

ome.conditions.SecurityViolation: You are not authorized to change the permissions for Project:Id_1053 from rwrwrw to Lrwrwrw
	at ome.security.basic.BasicSecuritySystem.managedPermissions(BasicSecuritySystem.java:706)
	at ome.security.basic.BasicSecuritySystem.checkManagedDetails(BasicSecuritySystem.java:548)
	at ome.security.basic.OmeroInterceptor.resetDetails(OmeroInterceptor.java:280)
	at ome.security.basic.OmeroInterceptor.onFlushDirty(OmeroInterceptor.java:165)

Possibly related: #337 #339

comment:2 Changed 17 years ago by jmoore

The ideal here would be to have this only happen (exception thrown) when it is clear that the user manually set the object to locked. However, it's unclear that we don't want to support this.

Am removing the check for Flag.LOCKED which implies that a user can lock an object without making any other changes. Need to review.

comment:3 Changed 17 years ago by jmoore

Resolution set to fixed
Status changed from new to closed

r1123 fixes.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

Download in other formats: