New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix #12160: root-owned template paths #2448
Conversation
also tighten constructor exception declaration
Currently testing with https://gist.github.com/joshmoore/ea7d99dd7cb5548cab12 I haven't pinned down just which scenarios are the most painful, but the |
Certainly some of those paths should fail through not having both root- and user-owned parts or through not being sufficiently unique per fileset. |
Yup, eventually I'd like to have |
Basically,
|
I wonder if I was meant to catch and wrap/map the exception somewhere. |
Should I look into why the exception message is disappearing -- you have no idea? Is there anything else I should be doing on this PR? |
If you could look into filling the error messages, that would be great. Possibly something in the error printing code of I'm still testing behavior. Your 3-point list above is very helpful. I am wondering though if we will need to allow root to take over a user directory if the |
Thank you! If we do need that, I'll need to chat to you about how one might change the ownership without resorting to SQL. |
I haven't yet managed to figure out what's going wrong to eat the exception message. I wanted to check if the https://github.com/openmicroscopy/openmicroscopy/blob/dev_5_0/components/blitz/src/omero/util/IceMapper.java#L870 |
for ServerError the .toString() and .getMessage() do not include the message!
With the template
as a new user in a new ( See https://gist.github.com/joshmoore/ea7d99dd7cb5548cab12/b03c09c5038d5fcde366d35e31cdb811731a82cb#file-repo_test-py-L92 for the test I'm running with |
final Current sudoCurrent = makeAdjustedCurrent(current); | ||
sudoCurrent.ctx = new HashMap<String, String>(current.ctx); | ||
sudoCurrent.ctx.put(SUDO_REAL_SESSIONUUID, current.ctx.get(omero.constants.SESSIONUUID.value)); | ||
sudoCurrent.ctx.put(SUDO_REAL_GROUP, current.ctx.get(omero.constants.GROUP.value)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The group doesn't actually seem to be in the context here, just the session UUID and client UUID.
Note: this probably needs a corresponding docs PR. |
In that case, /cc @hflynn to force us to do it! |
I'll sort one out once we actually decide to merge this! As it is I am still trying to work out how to get a group name for |
(I had tried plugging the admin service into |
Docs PR open by Friday if at all possible please @mtbc |
public Object doWork(Session session, ServiceFactory sf) { | ||
return ((LocalAdmin) sf.getAdminService()).getEventContextQuiet(); | ||
} | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, in trying to import as user-2
into private-1
, realSessionUuid
is set but realGroup == null
. Also, effectiveEventContext
does have user-2
but group user
.
Documentation PR opened: ome/omero-documentation#778 |
Just writing more tests now, but the only conditions I'm seeing with the current state of |
Previous commit made previous tests all pass:
|
Haven't found any other issues; merging. More testing will be good over the course of the RCs. Thanks, @mtbc! |
fix #12160: root-owned template paths
Fixes http://trac.openmicroscopy.org.uk/ome/ticket/12160 to allow managed repository template paths to start with some root-owned directories.
In
etc/omero.properties
theomero.fs.repo.path
now has a//
for one of the path separators. Imports should still work fine, the images remaining usable, with those earlier directories before the//
owned by root instead of by the user.One can use
bin/omero hql
to check directory ownership with queries like,--rebased-to #2514