We're Hiring!

GroupSecurityViolation using omero script replace

Having a problem deploying OMERO? Please ask new questions at https://forum.image.sc/tags/omero
Please note:
Historical discussions about OMERO. Please look for and ask new questions at https://forum.image.sc/tags/omero

The OMERO.server installation documentation begins here and you can find OMERO.web deployment documentation here.

GroupSecurityViolation using omero script replace

Postby a.herbert » Fri Jul 01, 2011 2:15 pm

I am trying to replace one of my --official scripts and get a GroupSecurityViolation error.

I am using Omero 4.3.0 with a localhost install. The problem is not anything within my script since the same thing happens when I try to upload then replace one of the scripts that ships with omero:

[ah403@tallinn ~/omero/scripts] % omero script upload test/Batch_Image_Export.py --official
Using session 773cd9c8-4158-4c98-9556-66c75b9d1ec4 (ah403@localhost:4064). Idle timeout: 10.0 min. Current group: GDSC
Uploaded official script as original file #253
[ah403@tallinn ~/omero/scripts] % omero script replace 253 test/Batch_Image_Export.py
Using session 773cd9c8-4158-4c98-9556-66c75b9d1ec4 (ah403@localhost:4064). Idle timeout: 10.0 min. Current group: GDSC
Traceback (most recent call last):
File "/usr/local/omero_dist/bin/omero", line 123, in <module>
rv = omero.cli.argv()
File "/usr/local/omero_dist/lib/python/omero/cli.py", line 1172, in argv
cli.invoke(args[1:])
File "/usr/local/omero_dist/lib/python/omero/cli.py", line 722, in invoke
stop = self.onecmd(line, previous_args)
File "/usr/local/omero_dist/lib/python/omero/cli.py", line 791, in onecmd
self.execute(line, previous_args)
File "/usr/local/omero_dist/lib/python/omero/cli.py", line 871, in execute
args.func(args)
File "/usr/local/omero_dist/lib/python/omero/plugins/script.py", line 554, in replace
scriptSvc.editScript(ofile, scriptText)
File "/usr/local/omero_dist/lib/python/omero_api_IScript_ice.py", line 126, in editScript
return _M_omero.api.IScript._op_editScript.invoke(self, ((fileObject, scriptText), _ctx))
omero.GroupSecurityViolation: exception ::omero::GroupSecurityViolation
{
serverStackTrace = ome.conditions.GroupSecurityViolation: ome.model.core.OriginalFile:Id_253-modification violates group-security.
at ome.security.basic.BasicACLVoter.throwUpdateViolation(BasicACLVoter.java:167)
at ome.security.CompositeACLVoter.throwUpdateViolation(CompositeACLVoter.java:90)
at ome.security.ACLEventListener.onPreUpdate(ACLEventListener.java:129)
at org.hibernate.action.EntityUpdateAction.preUpdate(EntityUpdateAction.java:236)
at org.hibernate.action.EntityUpdateAction.execute(EntityUpdateAction.java:87)
at org.hibernate.engine.ActionQueue.execute(ActionQueue.java:267)
at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:259)
at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:179)
at org.hibernate.event.def.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:321)
at org.hibernate.event.def.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:51)
at org.hibernate.impl.SessionImpl.flush(SessionImpl.java:1208)
at ome.logic.UpdateImpl.afterUpdate(UpdateImpl.java:294)
at ome.logic.UpdateImpl.doAction(UpdateImpl.java:312)
at ome.logic.UpdateImpl.doAction(UpdateImpl.java:302)
at ome.logic.UpdateImpl.saveAndReturnObject(UpdateImpl.java:118)
at ome.services.blitz.impl.ScriptI$15.doWork(ScriptI.java:592)
at sun.reflect.GeneratedMethodAccessor229.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at ome.services.util.Executor$Impl$Interceptor.invoke(Executor.java:440)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.security.basic.EventHandler.invoke(EventHandler.java:150)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:231)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:116)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy64.doWork(Unknown Source)
at ome.services.util.Executor$Impl.execute(Executor.java:371)
at ome.services.blitz.impl.ScriptI.updateFile(ScriptI.java:585)
at ome.services.blitz.impl.ScriptI.access$500(ScriptI.java:82)
at ome.services.blitz.impl.ScriptI$6.call(ScriptI.java:267)
at ome.services.throttling.Callback2.run(Callback2.java:49)
at ome.services.throttling.InThreadThrottlingStrategy.safeRunnableCall(InThreadThrottlingStrategy.java:80)
at ome.services.blitz.impl.AbstractAmdServant.safeRunnableCall(AbstractAmdServant.java:155)
at ome.services.blitz.impl.ScriptI.editScript_async(ScriptI.java:244)
at omero.api._IScriptTie.editScript_async(_IScriptTie.java:78)
at omero.api._IScriptDisp.___editScript(_IScriptDisp.java:305)
at omero.api._IScriptDisp.__dispatch(_IScriptDisp.java:490)
at IceInternal.Incoming.invoke(Incoming.java:159)
at Ice.ConnectionI.invokeAll(ConnectionI.java:2037)
at Ice.ConnectionI.message(ConnectionI.java:972)
at IceInternal.ThreadPool.run(ThreadPool.java:577)
at IceInternal.ThreadPool.access$100(ThreadPool.java:12)
at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)

serverExceptionClass = ome.conditions.GroupSecurityViolation
message = ome.model.core.OriginalFile:Id_253-modification violates group-security.
}


At current in order to replace the script I have to delete the script from the server scripts directory, restart omero and then upload the script again.

However I can use the replace command if the script is not flagged as official. So is it even possible to use 'replace' on an official script? The ScriptingServicesGuide appears to indicate that it is allowed:

http://trac.openmicroscopy.org.uk/ome/wiki/OmeroPy/ScriptingServiceGuide

Any help would be appreciated.

Thanks,

Alex
a.herbert
 
Posts: 53
Joined: Tue Jan 11, 2011 1:35 pm

Re: GroupSecurityViolation using omero script replace

Postby wmoore » Mon Jul 04, 2011 8:31 am

Hi

I've never seen this error before, but I did manage to reproduce it ;)

It's definitely a bug, so I've created a ticket for it. http://trac.openmicroscopy.org.uk/ome/ticket/6065

It seems that you get this error if you are not the owner of the group which you are logged in to.

In your case ah403 is not an owner of the group GDSC.

As a temporary work-around, you can add yourself as an owner of group "GDSC"
http://localhost:4080/webadmin/groups/ (click "edit" icon, not "manage members")
NB: Be careful to use multi-select on the owners list, so as not to remove current owners.

Hope that helps,
Will.
User avatar
wmoore
Team Member
 
Posts: 674
Joined: Mon May 18, 2009 12:46 pm

Re: GroupSecurityViolation using omero script replace

Postby a.herbert » Mon Jul 04, 2011 1:25 pm

Hi Will,

That has fixed my issue. Thanks.

Alex
a.herbert
 
Posts: 53
Joined: Tue Jan 11, 2011 1:35 pm

Re: GroupSecurityViolation using omero script replace

Postby a.herbert » Wed Jul 20, 2011 1:19 pm

Hi,

A further update on this issue.

I was migrating my scripts from my localhost server to our test server and I encountered this problem again. This server more closely mirrors our production environment and all the groups are Private by default.

When I added my username to the list of group owners for my default login group the problem still occurred. The group has about 20 members, several owners and is set as private. I checked my localhost server where I fixed the problem and the group permissions are Collaborative.

I did not want to change the existing group's policy so I had to create a new group just for me and the other admins with Collaborative permissions and set it as my default login group. This solved the problem. I can now upload and replace scripts.

Regards,

Alex
a.herbert
 
Posts: 53
Joined: Tue Jan 11, 2011 1:35 pm

Re: GroupSecurityViolation using omero script replace

Postby wmoore » Thu Jul 21, 2011 10:55 am

Thanks Alex, I added that to the ticket. The correct link for the ticket was http://trac.openmicroscopy.org.uk/ome/ticket/6066

Cheers,

Will.
User avatar
wmoore
Team Member
 
Posts: 674
Joined: Mon May 18, 2009 12:46 pm


Return to Installation and Deployment

Who is online

Users browsing this forum: No registered users and 1 guest