I can maybe answer the first two bullet points:
In general, you can restrict what the public user can access via a regex filter on urls.
Here is a little script you can use to test regexes: https://gist.github.com/will-moore/8315580
It has an example regex that will restrict access to urls for running scripts,
creating Projects & Datasets etc.
The script also prints out the command you need to enter in the OMERO command line to configure this.
If you want to allow particular functions, it may be possible to achieve this simply with the regex alone if there is a unique url for it. However, if you need something a bit more flexible - E.g. allowing only particular scripts to be run, you probably need to add urls and views.py code to handle this.
An example of this is the ome_tiff_script: https://github.com/openmicroscopy/openm ... s.py#L2751
This provides a url that you can then allow via the regex. You'd probably also want to provide a link or a dialog where the user can launch the script and start the Activities polling for script completion (javascript: OME.showActivities(); will do this in the main window).
It's worth bearing in mind that these scripts were not designed with public use in mind. The OME-TIFF UI attempts to check if anyone has already created an OME-TIFF for the chosen image and offers a download if they have, but this approach is not particularly robust.
We also don't have any way of deleting the OME-TIFF after download, so disk space will get used up. It's only been tested on a small scale and might need a bit more work to make it 'production ready'.
Anyway, I hope this is helpful info.
Cheers,
Will.
