User Story #1171 (closed)
Opened 15 years ago
Closed 14 years ago
User cannot see superuser annotation/tags
Reported by: | atarkowska | Owned by: | jamoore |
---|---|---|---|
Priority: | major | Milestone: | OMERO-Beta4.2 |
Component: | General | Keywords: | n.a. |
Cc: | jburel, cxallan, jrswedlow | Story Points: | n.a. |
Sprint: | n.a. | Importance: | n.a. |
Total Remaining Time: | n.a. | Estimated Remaining Time: | n.a. |
Description
User cannot retrieve the annotation/tag done by the superuser on his/her own data because permissions doesn't allow to do that.
Suggestions:
- I think we are looking for a retrieval strategy.
Change History (6)
comment:1 Changed 15 years ago by jmoore
- Cc jason added
comment:2 Changed 15 years ago by jmoore
Does this become a "major" or "critical" priority for 4.1?
comment:3 Changed 15 years ago by jmoore
- Priority changed from minor to major
comment:4 Changed 15 years ago by atarkowska
- Milestone changed from OMERO-Beta4 to OMERO-Beta4.1
comment:5 Changed 15 years ago by atarkowska
related ticket #1072
comment:6 Changed 14 years ago by jmoore
- Milestone changed from Unscheduled to OMERO-Beta4.2
- Resolution set to duplicate
- Status changed from new to closed
This is subsumed by the permissions changes planned for 4.2 (#1434)
Note: See
TracTickets for help on using
tickets.
You may also have a look at Agilo extensions to the ticket.
To over-simplify, perhaps, there are two ways to do this:
At write-time, the group of the annotation MUST be set to match that of the image owner, and the annotation give AT LEAST group-read permissions. After that everything works (hopefully) as expected. A question: do clients do this or the server? If we never forsee a reason for an admin to create private information on someone else's objects, then the server should do it. (We might need to assume for the moment that we can first solve the breakage that that entails in order to find the best solution)
With on-read, we could make everything admins do visible. I.e. they're "work" is immediately public. In the case of root, this is fairly straight-forward. For other admins, it could be a bit complicated; think:
for everyone admin on the system.
Though I don't see it happening for 4.0 (without a push), the write-time fix seems more like our overall goal of having "profiles" which control what happens when a user tries to attach data to someone else's "stuff".