Open Microscopy Environment

[darraghennis]

Hi everyone,

We have had an issue where one of our users' figures are not visible to anyone else in the group. Even if given a link it just displays a blank image. He is a user with read/write permissions in the group and even the owners of the group cannot view them. This only happens to a subset of the figures he has created. Anybody got any thoughts on how to fix this? Thanks

[carandraug]

I think I found the root of the issue and it has to do with the OMERO
group that a figure belongs. I don't think this is part of the
interface so when a user creates a figure, he does not know on which
group the figure will end up.

To add more detail to Darragh's issue and hopefully make things
clearer. We have two users, Ilias and Ana. Both belong to the mRNA
group and both are creating new figures. However, Ilias is also part
of the Petros group. Although all figures use images from the mRNA
group, Ana can't see some of Ilias figures.

This seems to be because some of Ilias figures are part of Petros
group which Ana is not part of. The group that a user is connected to
when he creates a new figure sets the group permission of that figure.
However, nothing on the figure interface refers to group permission
which is causing some confusion to the users. There is also nothing
on the interface to change the group of a figure.

[carandraug]

I have moved all the affected figures with:

Code: Select all

$ omero chgrp $MRNAGROUPID Annotation:$FIGUREID


and that seemed to have fixed. However, querying the database, I
noticed that the permissions of the figures that were moved with chgrp
are different from those that were created on that group (the two
groups from where the figures were moved have different permissions
models).

I moved figures (annotations) from group A to B. Group A permissions
model is read-annotate and Group B is read-write. Annotations that
were moved from A to B have a permissions value of -40 while the
figures created on B have a permissions value of -8. This doesn't
seem to cause any issue for our case, but I am wondering if this is by
design.

[mtbc]

Thank you, some great analysis there already! You're quite correct: we would have expected figures to be in their first image's group and Will's created https://trello.com/c/4mto2Vyj/186-show-group-and-chgrp to track this issue as it makes sense that this would be confusing and unhelpful as it is now. As far as I know, the permissions database column for normal model objects like annotations is ignored: it's the permissions on their group that matter. -40 is read-annotate and -8 is read-write. Of course, queries through HQL should usually return something sensible and the moved objects' can* methods should give correct results in client code.

Cheers,
Mark

[carandraug]

Code: Select all

As far as I know, the permissions database column for normal model objects like annotations is ignored: it's the permissions on their group that matter. -40 is read-annotate and -8 is read-write. Of course, queries through HQL should usually return something sensible and the moved objects' can* methods should give correct results in client code.

Ah! I was querying the database directly in SQL, so maybe that explains it.