Opened 11 years ago
Closed 11 years ago
#1779 closed defect (fixed)
Do not show plug-in configurations if the logged in user lacks USE permission
Reported by: | Nicklas Nordborg | Owned by: | olle |
---|---|---|---|
Priority: | minor | Milestone: | BASE 3.2.4 |
Component: | web | Version: | |
Keywords: | Cc: |
Description
The current "Run plugin" dialog include plug-ins and configurations that the logged in user only have READ access to. Selecting that option and clicking "Next" result in 'Permission denied' error message.
This can probably be fixed in ContextUtil.checkContext()
method if a check for USE permission is included. But first check for places that are calling this method so that excluding READ-only plug-ins doesn't create a side-effect.
Change History (7)
comment:1 by , 11 years ago
Owner: | changed from | to
---|
comment:2 by , 11 years ago
Status: | new → assigned |
---|
comment:3 by , 11 years ago
Traceability note:
- A unified installation procedure for plug-ins was introduced in Ticket #1592 (Unified installation procedure for plug-ins, extensions and more...).
comment:4 by , 11 years ago
Problem discussion:
- JSP script
index.jsp
inwww/common/plugin/
calls public static methodList<ContextResult> checkContext(DbControl dc, ItemQuery<PluginDefinition> pluginQuery, ItemQuery<PluginConfiguration> configQuery, GuiContext context, Object currentItem)
in class/fileContextUtil.java
insrc/core/net/sf/basedb/util/
to get a list ofContextResult
items to display in the plug-in menu. - JSP script
index.jsp
inwww/common/import/
also calls public static methodList<ContextResult> checkContext(DbControl dc, ItemQuery<PluginDefinition> pluginQuery, ItemQuery<PluginConfiguration> configQuery, GuiContext context, Object currentItem)
in class/fileContextUtil.java
insrc/core/net/sf/basedb/util/
to get a list ofContextResult
items to use as import plug-ins.
Proposed fix:
- Class/file
ContextUtil.java
insrc/core/net/sf/basedb/util/
is updated in public static methodList<ContextResult> checkContext(DbControl dc, ItemQuery<PluginDefinition> pluginQuery, ItemQuery<PluginConfiguration> configQuery, GuiContext context, Object currentItem)
to check if a plug-in and optional configuration haveUSE
permission for the logged-in user.
comment:5 by , 11 years ago
(In [6343]) Refs #1779. Plug-in configurations are now not shown if the logged-in user lacks USE
permission:
- Class/file
ContextUtil.java
insrc/core/net/sf/basedb/util/
is updated in public static methodList<ContextResult> checkContext(DbControl dc, ItemQuery<PluginDefinition> pluginQuery, ItemQuery<PluginConfiguration> configQuery, GuiContext context, Object currentItem)
to check if a plug-in and optional configuration haveUSE
permission for the logged-in user.
comment:6 by , 11 years ago
(In [6344]) Refs #1780. Refs #1779. The option to copy a transformation is now disabled, if insufficient permissions exist to perform it:
- JSP script
www/views/experiments/bioassaysets/analysis_tree.jsp
is updated to only add a 'copy' link, if the user has permission to use the plug-in and its configuration. The user might not haveREAD
permission for a plug-in, which is considered when trying to obtain the plug-in configuration. A better solution than omitting the 'copy' link, would have been to display an icon for a disabled action, but this is left for a future update. - JSP script
www/views/experiments/transformations/view_transformation.jsp
is updated to check if the user has permission to use the plug-in and its configuration, and disable the 'copy' button in the properties tool bar for the transformation, if the permissions are insufficient.
comment:7 by , 11 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Ticket closed as the requested functionality has been added.
Ticket accepted.