Opened 8 years ago

Closed 8 years ago

#1779 closed defect (fixed)

Do not show plug-in configurations if the logged in user lacks USE permission

Reported by: Nicklas Nordborg Owned by: olle
Priority: minor Milestone: BASE 3.2.4
Component: web Version:
Keywords: Cc:

Description

The current "Run plugin" dialog include plug-ins and configurations that the logged in user only have READ access to. Selecting that option and clicking "Next" result in 'Permission denied' error message.

This can probably be fixed in ContextUtil.checkContext() method if a check for USE permission is included. But first check for places that are calling this method so that excluding READ-only plug-ins doesn't create a side-effect.

Change History (7)

comment:1 Changed 8 years ago by olle

Owner: changed from everyone to olle

comment:2 Changed 8 years ago by olle

Status: newassigned

Ticket accepted.

comment:3 Changed 8 years ago by olle

Traceability note:

  • A unified installation procedure for plug-ins was introduced in Ticket #1592 (Unified installation procedure for plug-ins, extensions and more...).

comment:4 Changed 8 years ago by olle

Problem discussion:

  • JSP script index.jsp in www/common/plugin/ calls public static method List<ContextResult> checkContext(DbControl dc, ItemQuery<PluginDefinition> pluginQuery, ItemQuery<PluginConfiguration> configQuery, GuiContext context, Object currentItem) in class/file ContextUtil.java in src/core/net/sf/basedb/util/ to get a list of ContextResult items to display in the plug-in menu.
  • JSP script index.jsp in www/common/import/ also calls public static method List<ContextResult> checkContext(DbControl dc, ItemQuery<PluginDefinition> pluginQuery, ItemQuery<PluginConfiguration> configQuery, GuiContext context, Object currentItem) in class/file ContextUtil.java in src/core/net/sf/basedb/util/ to get a list of ContextResult items to use as import plug-ins.

Proposed fix:

  • Class/file ContextUtil.java in src/core/net/sf/basedb/util/ is updated in public static method List<ContextResult> checkContext(DbControl dc, ItemQuery<PluginDefinition> pluginQuery, ItemQuery<PluginConfiguration> configQuery, GuiContext context, Object currentItem) to check if a plug-in and optional configuration have USE permission for the logged-in user.
Last edited 8 years ago by olle (previous) (diff)

comment:5 Changed 8 years ago by olle

(In [6343]) Refs #1779. Plug-in configurations are now not shown if the logged-in user lacks USE permission:

  1. Class/file ContextUtil.java in src/core/net/sf/basedb/util/ is updated in public static method List<ContextResult> checkContext(DbControl dc, ItemQuery<PluginDefinition> pluginQuery, ItemQuery<PluginConfiguration> configQuery, GuiContext context, Object currentItem) to check if a plug-in and optional configuration have USE permission for the logged-in user.

comment:6 Changed 8 years ago by olle

(In [6344]) Refs #1780. Refs #1779. The option to copy a transformation is now disabled, if insufficient permissions exist to perform it:

  1. JSP script www/views/experiments/bioassaysets/analysis_tree.jsp is updated to only add a 'copy' link, if the user has permission to use the plug-in and its configuration. The user might not have READ permission for a plug-in, which is considered when trying to obtain the plug-in configuration. A better solution than omitting the 'copy' link, would have been to display an icon for a disabled action, but this is left for a future update.
  2. JSP script www/views/experiments/transformations/view_transformation.jsp is updated to check if the user has permission to use the plug-in and its configuration, and disable the 'copy' button in the properties tool bar for the transformation, if the permissions are insufficient.

comment:7 Changed 8 years ago by olle

Resolution: fixed
Status: assignedclosed

Ticket closed as the requested functionality has been added.

Note: See TracTickets for help on using tickets.