Task #6620 (closed)
Opened 13 years ago
Closed 12 years ago
chgrp: security restrictions
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | major | Milestone: | OMERO-4.4 |
Component: | Security | Version: | n.a. |
Keywords: | n.a. | Cc: | jburel |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description (last modified by jmoore)
Restrictions
- As a group member, no moving data to a group that you're not a member of
- As a group owner, no moving other's data to a group that you're not an owner of
- As anyone, (partially) restrict move to group with lower permissions.
- ...
Future (advanced features)
- As a group member, move another members data to a group that both are a member of.
Open questions
- Should moving to the "user" group be allowed? The primary issue is one of testing. Are there any dead-ends that the data gets into, so that it can't get back out? (i.e. once someone links to an image in "user", then it could get stuck)
- Should users be able to move data from group A to B while logged into C? At the moment, they can't, but the ChgrpI implementation could login into A automatically (and temporarily)
Change History (10)
comment:1 Changed 13 years ago by jmoore
- Status changed from new to accepted
comment:2 Changed 13 years ago by jburel
comment:3 Changed 13 years ago by jmoore
- Description modified (diff)
Think 'automatically & temporarily' is a better way of what I meant with silently. Or transparently? But it's probably not important. Maybe just better to change to the group in question.
comment:4 Changed 13 years ago by jmoore
- Description modified (diff)
comment:5 Changed 13 years ago by jburel
- Sprint changed from 2011-09-01 (4) to 2011-09-15 (5)
Moved from sprint 2011-09-01 (4)
comment:6 Changed 13 years ago by jburel
- Sprint changed from 2011-09-15 (5) to 2011-09-29 (6)
Moved from sprint 2011-09-15 (5)
comment:7 Changed 13 years ago by jburel
- Milestone changed from OMERO-Beta4.3.2 to OME-5.0
- Sprint 2011-09-29 (6) deleted
comment:8 Changed 12 years ago by jmoore <josh@…>
(In [1c4f714898977edf0d499cdd26f953eadc2d8405/ome.git] on branch develop) IAdmin.getEventContextQuiet for ChgrpI security checks (See #6620)
comment:9 Changed 12 years ago by jmoore
- Priority changed from critical to major
This should primarily just be cross-checked against the various google docs that we have in place. Lowering to "major" to not block rc1 or ga.
comment:10 Changed 12 years ago by jburel
- Resolution set to invalid
- Status changed from accepted to closed
Questions moved to https://docs.google.com/spreadsheet/ccc?key=0AuqP9_Rq_HgldDNjT0ZIcHRSOUg1OFpjVUthdzM4cmc#gid=2
While writing tests, more open questions
not sure that silently is a good idea for general users, including group owners. Maybe only for admin.