Opened 15 years ago
Last modified 10 years ago
#186 new defect
Mess with Protection levels
| Reported by: | fog | Owned by: | westram |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | global | Version: | arb-4+older |
| Keywords: | security | Cc: |
Description (last modified by westram)
- Delete sequences with S3 in ali_16S/data is possible in 'Search and Query' with own Protection level 0
- Protection level selector in Import Mask has no effect - sequences are always imported with protection level 0
- Sequences with higher protection levels are overwritten by importer
- Protection level in 'Create new Database' has always S4 in XY/data
Change History (10)
comment:1 Changed 15 years ago by westram
- Component changed from !NoIdea to globally
- see also #32 and #34
comment:2 Changed 15 years ago by westram
- Keywords RC 1 removed
- Owner changed from devel to westram
- Status changed from new to assigned
- Version changed from SVN to RC1
comment:3 Changed 15 years ago by westram
- Keywords security added
comment:4 Changed 15 years ago by westram
- Description modified (diff)
comment:5 in reply to: ↑ description Changed 15 years ago by westram
Replying to fog:
- Sequences with higher protection levels are overwritten by importer
What would you prefere to happen here? Another "Are you sure?" question?
- Protection level in 'Create new Database' has always S4 in XY/data
Do you mean "regardless of level selected in importer"?
comment:6 follow-up: ↓ 7 Changed 15 years ago by westram
- + 4.: protection level selected in import window shall be used
comment:7 in reply to: ↑ 6 Changed 15 years ago by westram
[After hours of code inspection]
- The protection level which can be selected in import window is the "Default write protection" (see "Sequence/Alignment? admin") and it is currently only used when creating a new alignment (aka 'Import sequences to new database')
- If importing into an existing alignment, the protection toggle defaults to the protection level of the currently selected alignment and sets the "Default write protection" of the alignment in the temporary database.
During following (automatic) merge it does not overwrite the value already existing in the destination
(would be wrong) - so it has no effect.
The protection handling for sequence data is incomplete:
- The "Default write protection" is currently only used to set the delete-protection of the species (this has no real effect, cause deleting complete species is intentionally easy).
- There was some commented-out code setting the write protection (here), but activating that code would always set the protection of all data existing in the alignment (done by GBT_check_alignment).
Needed changes:
- When importing sequence data use "Default write protection" (of the current alignment), which is either the default of the newly created alignment or the level selected for this import into existing alignment.
- Afterwards, when auto-merging, copy over all protection levels to main
Check:
- What happens when calling external aligner?
comment:8 Changed 15 years ago by westram
- Priority changed from critical to major
- 2. + 4. are fixed by [6077]
comment:9 Changed 15 years ago by westram
- Status changed from assigned to new
comment:10 Changed 10 years ago by westram
- Version changed from RC1 to oldVersion
Note: See
TracTickets for help on using
tickets.
