| 3 | | * The 'copy' icon for a transformation is placed in the bioassayset analysis tree GUI by JSP script `www/views/experiments/bioassaysets/analysis_tree.jsp`, provided a job and an interactive plug-in exist. |
| 4 | | * The 'copy' button in the properties tool bar for a transformation is created by JSP script `www/views/experiments/transformation/view_transformation.jsp`, provided `WRITE` permission for the transformation exists. |
| | 3 | * The 'copy' icon for a transformation is placed in the bioassayset analysis tree GUI by JSP script `www/views/experiments/bioassaysets/analysis_tree.jsp`, provided a job and an interactive plug-in exist, but no check that the user has permission to use the plug-in or its configuration is performed. |
| | 4 | * The 'copy' button in the properties tool bar for a transformation is created by JSP script `www/views/experiments/transformation/view_transformation.jsp`, provided `WRITE` permission for the transformation exists, but no check that the user has permission to use the plug-in or its configuration is performed. |
| | 5 | |
| | 6 | Suggested fix: |
| | 7 | |
| | 8 | * JSP script `www/views/experiments/bioassaysets/analysis_tree.jsp` should be updated to only add a 'copy' link, if the user has permission to use the plug-in and its configuration. The user might not have `READ` permission for a plug-in, which must be considered when trying to obtain the plug-in configuration. A better solution than omitting the 'copy' link, would have been to display an icon for a disabled action, but this is left for a future update. |
| | 9 | * JSP script `www/views/experiments/transformation/view_transformation.jsp` should be updated to check if the user has permission to use the plug-in and its configuration, and disable the 'copy' button in the properties tool bar for the transformation, if the permissions are insufficient. |
