Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

User Story #1171 (closed)

Opened 15 years ago

Closed 14 years ago

User cannot see superuser annotation/tags

Reported by: atarkowska Owned by: jamoore
Priority: major Milestone: OMERO-Beta4.2
Component: General Keywords: n.a.
Cc: jburel, cxallan, jrswedlow Story Points: n.a.
Sprint: n.a. Importance: n.a.
Total Remaining Time: n.a. Estimated Remaining Time: n.a.

Description

User cannot retrieve the annotation/tag done by the superuser on his/her own data because permissions doesn't allow to do that.

Suggestions:

  • I think we are looking for a retrieval strategy.

Change History (6)

comment:1 Changed 15 years ago by jmoore

  • Cc jason added

To over-simplify, perhaps, there are two ways to do this:

  • Fix at write-time
  • Fix at read-time

At write-time, the group of the annotation MUST be set to match that of the image owner, and the annotation give AT LEAST group-read permissions. After that everything works (hopefully) as expected. A question: do clients do this or the server? If we never forsee a reason for an admin to create private information on someone else's objects, then the server should do it. (We might need to assume for the moment that we can first solve the breakage that that entails in order to find the best solution)

With on-read, we could make everything admins do visible. I.e. they're "work" is immediately public. In the case of root, this is fairly straight-forward. For other admins, it could be a bit complicated; think:

  obj.owner_id in (?,?,?,?,....)

for everyone admin on the system.

Though I don't see it happening for 4.0 (without a push), the write-time fix seems more like our overall goal of having "profiles" which control what happens when a user tries to attach data to someone else's "stuff".

comment:2 Changed 15 years ago by jmoore

Does this become a "major" or "critical" priority for 4.1?

comment:3 Changed 15 years ago by jmoore

  • Priority changed from minor to major

comment:4 Changed 15 years ago by atarkowska

  • Milestone changed from OMERO-Beta4 to OMERO-Beta4.1

comment:5 Changed 15 years ago by atarkowska

related ticket #1072

comment:6 Changed 14 years ago by jmoore

  • Milestone changed from Unscheduled to OMERO-Beta4.2
  • Resolution set to duplicate
  • Status changed from new to closed

This is subsumed by the permissions changes planned for 4.2 (#1434)

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.64658 sec.)

We're Hiring!