Open Microscopy Environment

The OME community
https://www.openmicroscopy.org/community/

GroupSecurityViolation using omero script replace

https://www.openmicroscopy.org/community/viewtopic.php?f=5&t=737

Page 1 of 1

GroupSecurityViolation using omero script replace

PostPosted: Fri Jul 01, 2011 2:15 pm
by a.herbert
I am trying to replace one of my --official scripts and get a GroupSecurityViolation error.

I am using Omero 4.3.0 with a localhost install. The problem is not anything within my script since the same thing happens when I try to upload then replace one of the scripts that ships with omero:

[ah403@tallinn ~/omero/scripts] % omero script upload test/Batch_Image_Export.py --official
Using session 773cd9c8-4158-4c98-9556-66c75b9d1ec4 (ah403@localhost:4064). Idle timeout: 10.0 min. Current group: GDSC
Uploaded official script as original file #253
[ah403@tallinn ~/omero/scripts] % omero script replace 253 test/Batch_Image_Export.py
Using session 773cd9c8-4158-4c98-9556-66c75b9d1ec4 (ah403@localhost:4064). Idle timeout: 10.0 min. Current group: GDSC
Traceback (most recent call last):
File "/usr/local/omero_dist/bin/omero", line 123, in <module>
rv = omero.cli.argv()
File "/usr/local/omero_dist/lib/python/omero/cli.py", line 1172, in argv
cli.invoke(args[1:])
File "/usr/local/omero_dist/lib/python/omero/cli.py", line 722, in invoke
stop = self.onecmd(line, previous_args)
File "/usr/local/omero_dist/lib/python/omero/cli.py", line 791, in onecmd
self.execute(line, previous_args)
File "/usr/local/omero_dist/lib/python/omero/cli.py", line 871, in execute
args.func(args)
File "/usr/local/omero_dist/lib/python/omero/plugins/script.py", line 554, in replace
scriptSvc.editScript(ofile, scriptText)
File "/usr/local/omero_dist/lib/python/omero_api_IScript_ice.py", line 126, in editScript
return _M_omero.api.IScript._op_editScript.invoke(self, ((fileObject, scriptText), _ctx))
omero.GroupSecurityViolation: exception ::omero::GroupSecurityViolation
{
serverStackTrace = ome.conditions.GroupSecurityViolation: ome.model.core.OriginalFile:Id_253-modification violates group-security.
at ome.security.basic.BasicACLVoter.throwUpdateViolation(BasicACLVoter.java:167)
at ome.security.CompositeACLVoter.throwUpdateViolation(CompositeACLVoter.java:90)
at ome.security.ACLEventListener.onPreUpdate(ACLEventListener.java:129)
at org.hibernate.action.EntityUpdateAction.preUpdate(EntityUpdateAction.java:236)
at org.hibernate.action.EntityUpdateAction.execute(EntityUpdateAction.java:87)
at org.hibernate.engine.ActionQueue.execute(ActionQueue.java:267)
at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:259)
at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:179)
at org.hibernate.event.def.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:321)
at org.hibernate.event.def.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:51)
at org.hibernate.impl.SessionImpl.flush(SessionImpl.java:1208)
at ome.logic.UpdateImpl.afterUpdate(UpdateImpl.java:294)
at ome.logic.UpdateImpl.doAction(UpdateImpl.java:312)
at ome.logic.UpdateImpl.doAction(UpdateImpl.java:302)
at ome.logic.UpdateImpl.saveAndReturnObject(UpdateImpl.java:118)
at ome.services.blitz.impl.ScriptI$15.doWork(ScriptI.java:592)
at sun.reflect.GeneratedMethodAccessor229.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at ome.services.util.Executor$Impl$Interceptor.invoke(Executor.java:440)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.security.basic.EventHandler.invoke(EventHandler.java:150)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:231)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:116)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy64.doWork(Unknown Source)
at ome.services.util.Executor$Impl.execute(Executor.java:371)
at ome.services.blitz.impl.ScriptI.updateFile(ScriptI.java:585)
at ome.services.blitz.impl.ScriptI.access$500(ScriptI.java:82)
at ome.services.blitz.impl.ScriptI$6.call(ScriptI.java:267)
at ome.services.throttling.Callback2.run(Callback2.java:49)
at ome.services.throttling.InThreadThrottlingStrategy.safeRunnableCall(InThreadThrottlingStrategy.java:80)
at ome.services.blitz.impl.AbstractAmdServant.safeRunnableCall(AbstractAmdServant.java:155)
at ome.services.blitz.impl.ScriptI.editScript_async(ScriptI.java:244)
at omero.api._IScriptTie.editScript_async(_IScriptTie.java:78)
at omero.api._IScriptDisp.___editScript(_IScriptDisp.java:305)
at omero.api._IScriptDisp.__dispatch(_IScriptDisp.java:490)
at IceInternal.Incoming.invoke(Incoming.java:159)
at Ice.ConnectionI.invokeAll(ConnectionI.java:2037)
at Ice.ConnectionI.message(ConnectionI.java:972)
at IceInternal.ThreadPool.run(ThreadPool.java:577)
at IceInternal.ThreadPool.access$100(ThreadPool.java:12)
at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)

serverExceptionClass = ome.conditions.GroupSecurityViolation
message = ome.model.core.OriginalFile:Id_253-modification violates group-security.
}


At current in order to replace the script I have to delete the script from the server scripts directory, restart omero and then upload the script again.

However I can use the replace command if the script is not flagged as official. So is it even possible to use 'replace' on an official script? The ScriptingServicesGuide appears to indicate that it is allowed:

http://trac.openmicroscopy.org.uk/ome/wiki/OmeroPy/ScriptingServiceGuide

Any help would be appreciated.

Thanks,

Alex

Re: GroupSecurityViolation using omero script replace

PostPosted: Mon Jul 04, 2011 8:31 am
by wmoore
Hi

I've never seen this error before, but I did manage to reproduce it ;)

It's definitely a bug, so I've created a ticket for it. http://trac.openmicroscopy.org.uk/ome/ticket/6065

It seems that you get this error if you are not the owner of the group which you are logged in to.

In your case ah403 is not an owner of the group GDSC.

As a temporary work-around, you can add yourself as an owner of group "GDSC"
http://localhost:4080/webadmin/groups/ (click "edit" icon, not "manage members")
NB: Be careful to use multi-select on the owners list, so as not to remove current owners.

Hope that helps,
Will.

Re: GroupSecurityViolation using omero script replace

PostPosted: Mon Jul 04, 2011 1:25 pm
by a.herbert
Hi Will,

That has fixed my issue. Thanks.

Alex

Re: GroupSecurityViolation using omero script replace

PostPosted: Wed Jul 20, 2011 1:19 pm
by a.herbert
Hi,

A further update on this issue.

I was migrating my scripts from my localhost server to our test server and I encountered this problem again. This server more closely mirrors our production environment and all the groups are Private by default.

When I added my username to the list of group owners for my default login group the problem still occurred. The group has about 20 members, several owners and is set as private. I checked my localhost server where I fixed the problem and the group permissions are Collaborative.

I did not want to change the existing group's policy so I had to create a new group just for me and the other admins with Collaborative permissions and set it as my default login group. This solved the problem. I can now upload and replace scripts.

Regards,

Alex

Re: GroupSecurityViolation using omero script replace

PostPosted: Thu Jul 21, 2011 10:55 am
by wmoore
Thanks Alex, I added that to the ticket. The correct link for the ticket was http://trac.openmicroscopy.org.uk/ome/ticket/6066

Cheers,

Will.
All times are UTC
Page 1 of 1
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/