will-moore
commented
3 years ago Open will-moore opened 3 years ago
will-moore
commented
3 years ago will-moore
commented
3 years ago https://www.openmicroscopy.org/qa2/qa/feedback/29717/
https://www.openmicroscopy.org/qa2/qa/feedback/29716/
and https://www.openmicroscopy.org/qa2/qa/feedback/29723/
These 3 are all User * is not a member of group 503 and cannot login and don't include web stack trace, just the OMERO exception.
will-moore
commented
3 years ago http://openmicroscopy.org/qa2/qa/feedback/29724/ User 604 is not a member of group 655 and cannot login
will-moore
commented
3 years ago https://www.openmicroscopy.org/qa2/qa/feedback/30047/
ome.conditions.SecurityViolation: User 402 is not a member of group 356 and cannot login
at ome.security.basic.BasicSecuritySystem.loadEventContext(BasicSecuritySystem.java:437)But don't know what caused this.
will-moore
commented
2 years ago https://www.openmicroscopy.org/qa2/qa/feedback/30611/ and https://www.openmicroscopy.org/qa2/qa/feedback/30614/
ome.conditions.SecurityViolation: User 263 is not a member of group 3 and cannot login and 30614 has e-mail address.
will-moore
commented
2 years ago will-moore
commented
2 years ago https://www.openmicroscopy.org/qa2/qa/feedback/30618/ and https://www.openmicroscopy.org/qa2/qa/feedback/30619/ All these are "group 3" and have the same IP address. 30619 Also 30619 has e-mail address.
will-moore
commented
2 years ago SecurityViolation: User 256 is not a member of group 53 and cannot login
"This after a reload; in the middle, the group for the user changed."
will-moore
commented
2 years ago ome.conditions.SecurityViolation: User 1808 is not a member of group 204 and cannot login
in
load_template()
https://www.openmicroscopy.org/qa2/qa/feedback/30649/. omero-web 5.9.2
will-moore
commented
2 years ago https://www.openmicroscopy.org/qa2/qa/feedback/30845/
message = User 1863 is not a member of group 204 and cannot login 5.9.2
...
https://www.openmicroscopy.org/qa2/qa/feedback/30847/ (with e-mail address)
message = User 1863 is not a member of group 204 and cannot login
will-moore
commented
2 years ago https://www.openmicroscopy.org/qa2/qa/feedback/30875/
serverStackTrace = ome.conditions.SecurityViolation: User 52 is not a member of group 53 and cannot login
will-moore
commented
2 years ago User 3 is not a member of group 0 and cannot login https://www.openmicroscopy.org/qa2/qa/feedback/30900/
will-moore
commented
2 years ago
at ome.security.basic.BasicSecuritySystem.loadEventContext(BasicSecuritySystem.java:514)```
https://www.openmicroscopy.org/qa2/qa/feedback/31004/See https://www.openmicroscopy.org/qa2/qa/feedback/31078/ (asked for info)
serverExceptionClass = ome.conditions.SecurityViolation
message = User 5961 is not a member of group 2853 and cannot loginhttps://www.openmicroscopy.org/qa2/qa/feedback/31095/
File "/home/admin/omerowebvenv/lib64/python3.6/site-packages/omero_api_IAdmin_ice.py", line 2655, in getEventContext
return _M_omero.api.IAdmin._op_getEventContext.invoke(self, ((), _ctx))
omero.SecurityViolation: exception ::omero::SecurityViolation
{
serverStackTrace = ome.conditions.SecurityViolation: User 5952 is not a member of group 3 and cannot loginSame error from https://www.openmicroscopy.org/qa2/qa/feedback/31096/ (with e-mail address) and https://www.openmicroscopy.org/qa2/qa/feedback/31097/
will-moore
commented
2 years ago I'm not sure whether these errors are due to Public User, or something else (like user being removed from a group while they are logged-in). I tried to remove a user from a group while they were logged-in, but didn't see any of these errors. Also asked the users (for whom we have contact details above) if they have public user configured on their servers.
will-moore
commented
2 years ago https://www.openmicroscopy.org/qa2/qa/feedback/31124/ (no email)
serverExceptionClass = ome.conditions.SecurityViolation
message = User 902 is not a member of group 3 and cannot loginserverStackTrace = ome.conditions.SecurityViolation: User 3009 is not a member of group 53 and cannot login
https://www.openmicroscopy.org/qa2/qa/feedback/31275/ and https://www.openmicroscopy.org/qa2/qa/feedback/31276/ (same error) and https://www.openmicroscopy.org/qa2/qa/feedback/31277/ (with e-mail address)
will-moore
commented
1 year ago serverStackTrace = ome.conditions.SecurityViolation: User 378 is not a member of group 3 and cannot login https://www.openmicroscopy.org/qa2/qa/feedback/31320/
serverStackTrace = ome.conditions.SecurityViolation: User 377 is not a member of group 3 and cannot login https://www.openmicroscopy.org/qa2/qa/feedback/31319/
serverStackTrace = ome.conditions.SecurityViolation: User 377 is not a member of group 3 and cannot login https://www.openmicroscopy.org/qa2/qa/feedback/31318/
will-moore
commented
1 year ago serverStackTrace = ome.conditions.SecurityViolation: User 367 is not a member of group 3 and cannot login https://www.openmicroscopy.org/qa2/qa/feedback/31326/
serverStackTrace = ome.conditions.SecurityViolation: User 377 is not a member of group 3 and cannot login https://www.openmicroscopy.org/qa2/qa/feedback/31319/
will-moore
commented
1 year ago serverStackTrace = ome.conditions.SecurityViolation: User 204 is not a member of group 3 and cannot login https://www.openmicroscopy.org/qa2/qa/feedback/32532/ https://www.openmicroscopy.org/qa2/qa/feedback/32531/ https://www.openmicroscopy.org/qa2/qa/feedback/32530/
will-moore
commented
1 year ago unknown = ome.conditions.SecurityViolation: User 560 is not a member of group 53 and cannot login
https://www.openmicroscopy.org/qa2/qa/feedback/32941/ https://www.openmicroscopy.org/qa2/qa/feedback/32942/
unknown = ome.conditions.SecurityViolation: User 565 is not a member of group 53 and cannot login https://www.openmicroscopy.org/qa2/qa/feedback/32943/
unknown = ome.conditions.SecurityViolation: User 565 is not a member of group 53 and cannot login https://www.openmicroscopy.org/qa2/qa/feedback/32944/
jburel
commented
1 year ago This should be prioritised
will-moore
commented
1 year ago I don't know how to reproduce the bug so it's hard to address. One idea is to improve the QA reporting from webclient so that we have more info on what caused the problem (if that's possible) since we only have stacktrace above, not URL etc.
will-moore
commented
1 year ago So, I can reproduce the exception above by logging-in as Admin in a different Browser when also logged-in as a regular user and removing that user from a group that they are currently working in. This doesn't seem to break the ability for them to load data (queries use group -1) but if they try to create e.g. a Project then or add Comment to Dataset etc we get the SecurityViolation above.
So, if this is representative of the errors above, how do we fix it?
@login_required(setGroupContext=True) to know which group to add this to. In this case we could teach the decorator to check that the user is currently a member of that group.conn.SERVICE_OPTS.setOmeroGroup(obs[0].getDetails().group.id.val) so at this point we could check group.In both cases, if user isn't a member of the group, we could return HttpResponseForbidden as we do in a related fix at https://github.com/ome/omero-web/pull/154
However, when I refresh the page for regular user in the scenario above, it simply tries to re-load the group that they've just been removed from (I guess setGroupContext is still set to the group they've been removed from). This in turn returns a 403 trying to load the tree and the page refreshes -> infinite loop!
So we need to also update the session group before returning HttpResponseForbidden.
will-moore
commented
1 year ago I also see the SecurityViolation coming from load_template() at 32941
https://www.openmicroscopy.org/qa2/qa/feedback/30613/
will-moore
commented
1 year ago Quite a few errors come from the conn.getEventContext() (L493 above), which is possibly due to their context changing on the server (being removed from group) but their session still remembers a previous group?
Haven't been able to reproduce this.
will-moore
commented
1 year ago @joshmoore Any idea how to reproduce admin.getEventContext() throwing
serverStackTrace = ome.conditions.SecurityViolation: User 257 is not a member of group 3 and cannot login ?
joshmoore
commented
1 year ago The relevant code is:
// tickets:2950, 1940, 3529
if (!isAdmin && !ec.getMemberOfGroupsList().contains(groupId)) {
if (!callPerms.isGranted(Role.WORLD, Right.READ)) {
throw new SecurityViolation(String.format(
"User %s is not a member of group %s and cannot login",
ec.getCurrentUserId(), groupId));
}
}so there is the additional code path of the group not being world readable. Note: higher up the group is positive so this should be a group=-1 code path ... unless a switch happened in the middle of this call?!
will-moore
commented
1 year ago From that code I see:
ec = cd.getCurrentEventContext(); // Replace with callContext
final long groupId = ec.getCurrentGroupId();so we're getting this bug when ec.getCurrentGroupId() returns a group that the user isn't a member of.
Presumably this must be because they've just been removed from that group?
Is there any other way that could happen? It seems that we're seeing that error quite a bit, and it can't be very often that a user is removed from a group while logged-in.
Also, I didn't manage to reproduce that error above by removing user from a group while they were logged-in. I only got an error on u.saveAndReturnObject(obj, ctx).
will-moore
commented
1 year ago https://www.openmicroscopy.org/qa2/qa/feedback/32950/ unknown = ome.conditions.SecurityViolation: User 3475 is not a member of group 53 and cannot login
will-moore
commented
1 year ago https://www.openmicroscopy.org/qa2/qa/feedback/32951/
File "/mnt/data/OMERO.venv/web_venv3/lib64/python3.6/site-packages/omeroweb/webclient/views.py", line 496, in _load_template
leaders, members = conn.getObject("ExperimenterGroup", active_group).groupSummary()
File "/mnt/data/OMERO.venv/web_venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 3271, in getObject
result = self.getQueryService().findByQuery(
File "/mnt/data/OMERO.venv/web_venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 5101, in __getattr__
obj = self._obj or self._getObj()
File "/mnt/data/OMERO.venv/web_venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 5032, in _getObj
self._obj = self._create_func()
File "/mnt/data/OMERO.venv/web_venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 5008, in cf
obj = getattr(self._conn.c.sf, self._func_str)()
File "/mnt/data/OMERO.venv/web_venv3/lib64/python3.6/site-packages/omero_API_ice.py", line 758, in getQueryService
return _M_omero.api.ServiceFactory._op_getQueryService.invoke(self, ((), _ctx))
Ice.UnknownException: exception ::Ice::UnknownException
{
unknown = ome.conditions.SecurityViolation: User 3475 is not a member of group 53 and cannot loginhttps://www.openmicroscopy.org/qa2/qa/feedback/32954/
File "/mnt/data/OMERO.venv/web_venv3/lib64/python3.6/site-packages/omero_api_IAdmin_ice.py", line 2655, in getEventContext
return _M_omero.api.IAdmin._op_getEventContext.invoke(self, ((), _ctx))
omero.SecurityViolation: exception ::omero::SecurityViolation
{
serverStackTrace = ome.conditions.SecurityViolation: User 3476 is not a member of group 53 and cannot loginhttps://www.openmicroscopy.org/qa2/qa/feedback/33045/
File "/mnt/data/OMERO.venv/web_venv3/lib64/python3.6/site-packages/omero_api_IAdmin_ice.py", line 2655, in getEventContext
return _M_omero.api.IAdmin._op_getEventContext.invoke(self, ((), _ctx))
omero.SecurityViolation: exception ::omero::SecurityViolation
{
serverStackTrace = ome.conditions.SecurityViolation: User 3663 is not a member of group 53 and cannot login
at ome.security.basic.BasicSecuritySystem.loadEventContext(BasicSecuritySystem.java:514)unknown = ome.conditions.SecurityViolation: User 3303 is not a member of group 53 and cannot loginhttps://www.openmicroscopy.org/qa2/qa/feedback/40290/
Traceback (most recent call last):
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/core/handlers/exception.py", line 41, in inner
response = get_response(request)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/core/handlers/base.py", line 187, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/core/handlers/base.py", line 185, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/decorators.py", line 538, in wrapped
retval = f(request, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/decorators.py", line 597, in wrapper
context = f(request, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webclient/views.py", line 560, in load_template
return _load_template(request=request, menu=menu, conn=conn, url=url, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webclient/views.py", line 480, in _load_template
active_group = request.session.get("active_group") or conn.getEventContext().groupId
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 2323, in getEventContext
self._ctx = self._proxies['admin'].getEventContext()
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 4796, in __call__
return self.handle_exception(e, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webclient/webclient_gateway.py", line 2222, in handle_exception
super(OmeroWebSafeCallWrapper, self).handle_exception(e, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 4793, in __call__
return self.f(*args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero_api_IAdmin_ice.py", line 2655, in getEventContext
return _M_omero.api.IAdmin._op_getEventContext.invoke(self, ((), _ctx))
omero.SecurityViolation: exception ::omero::SecurityViolation
{
serverStackTrace = ome.conditions.SecurityViolation: User 7161 is not a member of group 3 and cannot loginhttps://www.openmicroscopy.org/qa2/qa/feedback/40300/
Traceback (most recent call last):
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/core/handlers/exception.py", line 47, in inner
response = get_response(request)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/core/handlers/base.py", line 181, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/decorators.py", line 538, in wrapped
retval = f(request, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/decorators.py", line 597, in wrapper
context = f(request, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webclient/views.py", line 577, in load_template
return _load_template(request=request, menu=menu, conn=conn, url=url, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webclient/views.py", line 497, in _load_template
leaders, members = conn.getObject("ExperimenterGroup", active_group).groupSummary()
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 3271, in getObject
result = self.getQueryService().findByQuery(
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 5102, in __getattr__
obj = self._obj or self._getObj()
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 5033, in _getObj
self._obj = self._create_func()
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 5009, in cf
obj = getattr(self._conn.c.sf, self._func_str)()
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero_API_ice.py", line 758, in getQueryService
return _M_omero.api.ServiceFactory._op_getQueryService.invoke(self, ((), _ctx))
Ice.UnknownException: exception ::Ice::UnknownException
{
unknown = ome.conditions.SecurityViolation: User 102 is not a member of group 53 and cannot login
at ome.security.basic.BasicSecuritySystem.loadEventContext(BasicSecuritySystem.java:514)File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webclient/views.py", line 560, in load_template
return _load_template(request=request, menu=menu, conn=conn, url=url, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webclient/views.py", line 480, in _load_template
active_group = request.session.get("active_group") or conn.getEventContext().groupId
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 2323, in getEventContext
self._ctx = self._proxies['admin'].getEventContext()
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 4796, in __call__
return self.handle_exception(e, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webclient/webclient_gateway.py", line 2222, in handle_exception
super(OmeroWebSafeCallWrapper, self).handle_exception(e, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 4793, in __call__
return self.f(*args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero_api_IAdmin_ice.py", line 2655, in getEventContext
return _M_omero.api.IAdmin._op_getEventContext.invoke(self, ((), _ctx))
omero.SecurityViolation: exception ::omero::SecurityViolation
{
serverStackTrace = ome.conditions.SecurityViolation: User 7704 is not a member of group 3 and cannot loginWeb 5.24.0
Traceback (most recent call last):
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/django/core/handlers/exception.py", line 55, in inner
response = get_response(request)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/django/core/handlers/base.py", line 197, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omeroweb/decorators.py", line 538, in wrapped
retval = f(request, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omeroweb/decorators.py", line 597, in wrapper
context = f(request, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omeroweb/webclient/views.py", line 591, in group_user_content
myGroups = list(conn.getGroupsMemberOf())
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omero/gateway/__init__.py", line 2953, in getGroupsMemberOf
for g in self.getObjects("ExperimenterGroup",
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omero/gateway/__init__.py", line 3306, in getObjects
result = qs.findAllByQuery(query, params, self.SERVICE_OPTS)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omero/gateway/__init__.py", line 5102, in __getattr__
obj = self._obj or self._getObj()
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omero/gateway/__init__.py", line 5033, in _getObj
self._obj = self._create_func()
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omero/gateway/__init__.py", line 5009, in cf
obj = getattr(self._conn.c.sf, self._func_str)()
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omero_API_ice.py", line 758, in getQueryService
return _M_omero.api.ServiceFactory._op_getQueryService.invoke(self, ((), _ctx))
Ice.UnknownException: exception ::Ice::UnknownException
{
unknown = ome.conditions.SecurityViolation: User 2 is not a member of group 0 and cannot login
at ome.security.basic.BasicSecuritySystem.loadEventContext(BasicSecuritySystem.java:514)File "/mnt/data/OMERO.venv/web_venv3/lib64/python3.6/site-packages/omeroweb/webclient/views.py", line 578, in load_template
return _load_template(request=request, menu=menu, conn=conn, url=url, **kwargs)
File "/mnt/data/OMERO.venv/web_venv3/lib64/python3.6/site-packages/omeroweb/webclient/views.py", line 496, in _load_template
active_group = request.session.get("active_group") or conn.getEventContext().groupId
File "/mnt/data/OMERO.venv/web_venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 2323, in getEventContext
self._ctx = self._proxies['admin'].getEventContext()
File "/mnt/data/OMERO.venv/web_venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 4859, in __call__
return self.handle_exception(e, *args, **kwargs)
File "/mnt/data/OMERO.venv/web_venv3/lib64/python3.6/site-packages/omeroweb/webclient/webclient_gateway.py", line 2123, in handle_exception
super(OmeroWebSafeCallWrapper, self).handle_exception(e, *args, **kwargs)
File "/mnt/data/OMERO.venv/web_venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 4856, in __call__
return self.f(*args, **kwargs)
File "/mnt/data/OMERO.venv/web_venv3/lib64/python3.6/site-packages/omero_api_IAdmin_ice.py", line 2655, in getEventContext
return _M_omero.api.IAdmin._op_getEventContext.invoke(self, ((), _ctx))
omero.SecurityViolation: exception ::omero::SecurityViolation
{
serverStackTrace = ome.conditions.SecurityViolation: User 4103 is not a member of group 53 and cannot loginhttps://www.openmicroscopy.org/qa2/qa/feedback/41634/
Traceback (most recent call last):
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/core/handlers/exception.py", line 41, in inner
response = get_response(request)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/core/handlers/base.py", line 187, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/django/core/handlers/base.py", line 185, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/decorators.py", line 538, in wrapped
retval = f(request, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/decorators.py", line 597, in wrapper
context = f(request, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webclient/views.py", line 560, in load_template
return _load_template(request=request, menu=menu, conn=conn, url=url, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webclient/views.py", line 480, in _load_template
active_group = request.session.get("active_group") or conn.getEventContext().groupId
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 2323, in getEventContext
self._ctx = self._proxies['admin'].getEventContext()
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 4796, in __call__
return self.handle_exception(e, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webclient/webclient_gateway.py", line 2222, in handle_exception
super(OmeroWebSafeCallWrapper, self).handle_exception(e, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 4793, in __call__
return self.f(*args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.6/site-packages/omero_api_IAdmin_ice.py", line 2655, in getEventContext
return _M_omero.api.IAdmin._op_getEventContext.invoke(self, ((), _ctx))
omero.SecurityViolation: exception ::omero::SecurityViolation
{
serverStackTrace = ome.conditions.SecurityViolation: User 8053 is not a member of group 3 and cannot loginhttps://www.openmicroscopy.org/qa2/qa/feedback/41658/
File "/luci/data0/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webclient/views.py", line 577, in load_template
return _load_template(request=request, menu=menu, conn=conn, url=url, **kwargs)
File "/luci/data0/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webclient/views.py", line 497, in _load_template
leaders, members = conn.getObject("ExperimenterGroup", active_group).groupSummary()
File "/luci/data0/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 3271, in getObject
result = self.getQueryService().findByQuery(
File "/luci/data0/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 5102, in __getattr__
obj = self._obj or self._getObj()
File "/luci/data0/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 5033, in _getObj
self._obj = self._create_func()
File "/luci/data0/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 5009, in cf
obj = getattr(self._conn.c.sf, self._func_str)()
File "/luci/data0/omero/web/venv3/lib64/python3.6/site-packages/omero_API_ice.py", line 758, in getQueryService
return _M_omero.api.ServiceFactory._op_getQueryService.invoke(self, ((), _ctx))
Ice.UnknownException: exception ::Ice::UnknownException
{
unknown = ome.conditions.SecurityViolation: User 3410 is not a member of group 204 and cannot loginhttps://www.openmicroscopy.org/qa2/qa/feedback/41700/
File "/luci/data0/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webclient/views.py", line 577, in load_template
return _load_template(request=request, menu=menu, conn=conn, url=url, **kwargs)
File "/luci/data0/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webclient/views.py", line 495, in _load_template
active_group = request.session.get("active_group") or conn.getEventContext().groupId
File "/luci/data0/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 2323, in getEventContext
self._ctx = self._proxies['admin'].getEventContext()
File "/luci/data0/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 4859, in __call__
return self.handle_exception(e, *args, **kwargs)
File "/luci/data0/omero/web/venv3/lib64/python3.6/site-packages/omeroweb/webclient/webclient_gateway.py", line 2123, in handle_exception
super(OmeroWebSafeCallWrapper, self).handle_exception(e, *args, **kwargs)
File "/luci/data0/omero/web/venv3/lib64/python3.6/site-packages/omero/gateway/__init__.py", line 4856, in __call__
return self.f(*args, **kwargs)
File "/luci/data0/omero/web/venv3/lib64/python3.6/site-packages/omero_api_IAdmin_ice.py", line 2655, in getEventContext
return _M_omero.api.IAdmin._op_getEventContext.invoke(self, ((), _ctx))
omero.SecurityViolation: exception ::omero::SecurityViolation
{
serverStackTrace = ome.conditions.SecurityViolation: User 862 is not a member of group 3 and cannot loginhttps://www.openmicroscopy.org/qa2/qa/feedback/41740/ - with contact details
Traceback (most recent call last):
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/django/core/handlers/exception.py", line 55, in inner
response = get_response(request)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/django/core/handlers/base.py", line 197, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omeroweb/decorators.py", line 538, in wrapped
retval = f(request, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omeroweb/decorators.py", line 597, in wrapper
context = f(request, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omeroweb/webclient/views.py", line 572, in load_template
return _load_template(request=request, menu=menu, conn=conn, url=url, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omeroweb/webclient/views.py", line 490, in _load_template
active_group = request.session.get("active_group") or conn.getEventContext().groupId
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omero/gateway/__init__.py", line 2326, in getEventContext
self._ctx = self._proxies['admin'].getEventContext()
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omero/gateway/__init__.py", line 4862, in __call__
return self.handle_exception(e, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omeroweb/webclient/webclient_gateway.py", line 2106, in handle_exception
super(OmeroWebSafeCallWrapper, self).handle_exception(e, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omero/gateway/__init__.py", line 4859, in __call__
return self.f(*args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omero_api_IAdmin_ice.py", line 2655, in getEventContext
return _M_omero.api.IAdmin._op_getEventContext.invoke(self, ((), _ctx))
omero.SecurityViolation: exception ::omero::SecurityViolation
{
serverStackTrace = ome.conditions.SecurityViolation: User 1254 is not a member of group 154 and cannot login
at ome.security.basic.BasicSecuritySystem.loadEventContext(BasicSecuritySystem.java:514)https://www.openmicroscopy.org/qa2/qa/feedback/41742/
Traceback (most recent call last):
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/django/core/handlers/exception.py", line 55, in inner
response = get_response(request)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/django/core/handlers/base.py", line 197, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omeroweb/decorators.py", line 538, in wrapped
retval = f(request, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omeroweb/decorators.py", line 597, in wrapper
context = f(request, *args, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omeroweb/webclient/views.py", line 572, in load_template
return _load_template(request=request, menu=menu, conn=conn, url=url, **kwargs)
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omeroweb/webclient/views.py", line 492, in _load_template
leaders, members = conn.getObject("ExperimenterGroup", active_group).groupSummary()
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omero/gateway/__init__.py", line 3274, in getObject
result = self.getQueryService().findByQuery(
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omero/gateway/__init__.py", line 5105, in __getattr__
obj = self._obj or self._getObj()
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omero/gateway/__init__.py", line 5036, in _getObj
self._obj = self._create_func()
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omero/gateway/__init__.py", line 5012, in cf
obj = getattr(self._conn.c.sf, self._func_str)()
File "/opt/omero/web/venv3/lib64/python3.9/site-packages/omero_API_ice.py", line 758, in getQueryService
return _M_omero.api.ServiceFactory._op_getQueryService.invoke(self, ((), _ctx))
Ice.UnknownException: exception ::Ice::UnknownException
{
unknown = ome.conditions.SecurityViolation: User 4259 is not a member of group 53 and cannot login
at ome.security.basic.BasicSecuritySystem.loadEventContext(BasicSecuritySystem.java:514)
See https://www.openmicroscopy.org/qa2/qa/feedback/29697/
Similar issue to previous "public user workflow crash" (https://github.com/ome/omero-web/pull/154) but this is with
load_template()rather than populating jsTree.In that case, we avoid the SecurityViolation by checking the group in the URL query string. But in the examples below, the failure is coming from
admin.getEventContext().From https://www.openmicroscopy.org/qa2/qa/feedback/30611/
There is no "active_group" in the Django session, so where is the group ID coming from in
User 114 is not a member of group 3 and cannot login? I don't know if this is a public group or not.Trying to reproduce, using steps on #154 above, but can't get the exceptions below: