Public Repository:

permissions, deployment
and customization

10th Annual OME Meeting

2-3 June 2015, Paris

Ola Tarkowska, Will Moore

OMERO & repositories

Presentation Outline

  • Groups & Permissions
  • User authentication
  • Publishing data
  • Customizing repository

OMERO & Repository Mode


Lab/Institution User Repository

  • You always retain ownership of your data.
  • No limitations on the operations on your own data.
  • Permissions - Private or restricted access to your data.

National/Worldwide Repository

  • Public or Controlled access to the all raw data.
  • Restrict operations on the data.
  • Data can be owner agnostic.

Public data in OMERO

Examples

Public repositories:

Controlled repositories:

Deployment

Groups & Permissions


  • Private
    (rw----)
  • Read-Only
    (rwr---)
  • Read-Write
    (rwrw--)

Public User

  • Public visitors are logged-in as a specified public user
  • Visitors are able to access data available to public user
  • Functionality exposed can be controlled by url filters
$ bin/omero config set omero.web.public.enabled True
$ bin/omero config set omero.web.public.server_id 1
$ bin/omero config set omero.web.public.user '<username>'
$ bin/omero config set omero.web.public.password '*****'
$ bin/omero config set omero.web.public.url_filter '^/webgateway'

$ bin/omero config set omero.web.public.url_filter '^/webgateway/(?!archived_files|download_as)'
$ bin/omero config set omero.web.public.url_filter '^/(?!webadmin|webclient/(action|logout|annotate_(file|tags|comment|rating|map)|script_ui|ome_tiff|figure_script)|webgateway/(archived_files|download_as))'
Public Data Documentation

Accessing Public data

Moving data to public space

LINK https://...

https://omero/webgateway/img_detail/12345/

https://omero/webgateway/render_thumbnail/12345/W/H/

Embedding </ >

Example

HTML page

<link href="https://omero/static/omeroweb.viewer.min.css" type="text/css" rel="stylesheet">
<script src="https://omero/static/omeroweb.viewer.min.js" type="text/javascript">
<style type="text/css">
.viewport {
    height: 500px;
    width: 500px;
}
</style>
<javascript type="text/javascript">
    /* Prepare the viewport */
    viewport = $.WeblitzViewport($("#viewport"), "http://omero/webgateway/", {
        'mediaroot': "http://omero/static/"
    });
    /* Load the selected image into the viewport */
    viewport.load(IMAGE_ID);
});
</javascript>
<body>
    <div id="viewport" class="viewport"></div>
</body>
Example

OMERO.web

Custom application

Customization

Index page

$ bin/omero config set omero.web.index_template 'mytemplate/test.html'
$ bin/omero config set omero.web.template_dirs '/your/path/to/templates/'

Login screen

$ bin/omero config set omero.web.login_logo 'http://www.url/to/image.png'

Login redirection

$ bin/omero config set omero.web.login_redirect 
                '{"redirect": ["webindex"], "viewname": "load_template", 
                "args":["userdata"], "query_string": "experimenter=-1"}'

Post login page

$ bin/omero config set omero.web.login_redirect 
        '{"redirect": ["webindex"], "viewname": "webindex_custom"}'

Override existing view

@never_cache
@login_required()
@render_response()
def custom_index(request, conn=None, **kwargs):
    context = {"version": omero_version}
    active_group = request.session.get('active_group') or conn.getEventContext().groupId
    group = conn.getObject("ExperimenterGroup", active_group)
    leaders, members = group.groupSummary()
    leaders.sort(key=lambda x: x.getOmeName() and x.getOmeName().lower())
    context["courses"]  = leaders
    context['template'] = 'virtualmicroscope/start.html'
    return context

omeroweb.webstart.views.custom_index = custom_index

Top links menu

$ bin/omero config append omero.web.ui.top_links 
                '["Figure", "webfigure"]'
$ bin/omero config append omero.web.ui.top_links 
                '["GRE", "http://lifesci.dundee.ac.uk/gre"]'

Group and Users
in dropdown menu

$ bin/omero config set omero.client.ui.menu.dropdown.leaders "Owners"
$ bin/omero config set omero.client.ui.menu.dropdown.colleagues.enabled true
$ bin/omero config set omero.client.ui.menu.dropdown.colleagues "Members"
$ bin/omero config set omero.client.ui.menu.dropdown.colleagues.enabled true
$ bin/omero config set omero.client.ui.menu.dropdown.all "All Members"
$ bin/omero config set omero.client.ui.menu.dropdown.colleagues.enabled true

Orphaned container

$ bin/omero config set omero.client.ui.tree.orphans.name "Orphaned images"

Disabling scripts

$ bin/omero config append omero.client.scripts_to_ignore "/my_scripts/script.py"

Download restriction

$ bin/omero config set omero.policy.binary_access "+read,+write,+image"

Webstart restriction

$ bin/omero config set omero.web.webstart_admins_only true

Email notification

Configuration

$ bin/omero config set omero.mail.config true
$ bin/omero config set omero.mail.from "sysadmin@localhost.domain"
$ bin/omero config set omero.mail.host "localhost"
$ bin/omero config set omero.mail.port 465
$ bin/omero config set omero.mail.username
$ bin/omero config set omero.mail.password
$ bin/omero config set omero.mail.smtp.starttls.enable true

LDAP authentication

Configuration

$ bin/omero config set omero.ldap.config True
$ bin/omero config set omero.ldap.urls "ldaps://ldap:636"
$ bin/omero config set omero.ldap.username "cn=ldapuser,ou=Lab,o=College"
$ bin/omero config set omero.ldap.password "***"
$ bin/omero config set omero.ldap.base "o=College"

$ bin/omero config set omero.security.ignore_case True

Mapping groups and users

$ bin/omero config set omero.ldap.group_mapping "name=cn"
$ bin/omero config set omero.ldap.user_mapping "omeName=cn,firstName=givenName
                                                          ,lastName=sn,email=mail"

$ bin/omero config set omero.ldap.group_filter "(&(objectClass=groupOfUniqueNames)
                                                  (cn=repository))"

$ bin/omero config set omero.ldap.user_filter "(memberOf=cn=repository,ou=Lab
                                                                      ,o=College)"

$ bin/omero config set omero.ldap.new_user_group ":query:(uniqueMember=@{dn})"

$ bin/omero config set omero.ldap.new_user_group "Virtual Microscope"
LDAP documentation

LDAP & Command line

$ bin/omero ldap getdn --user-name atarkowska
Using session 425b795b-1c7b-49c0-bd47-587252001744 (root@localhost:4064). Idle timeout: 60.0 min. Current group: system
atarkowska: cn=ATarkowska,ou=Lab,o=College

$ bin/omero ldap create wmoore
Using session 425b795b-1c7b-49c0-bd47-587252001744 (root@localhost:4064). Idle timeout: 60.0 min. Current group: system
Added user wmoore (id=1352) with DN=cn=wmoore,ou=Lab,o=College

$ bin/omero ldap list
Using session 425b795b-1c7b-49c0-bd47-587252001744 (root@localhost:4064). Idle timeout: 60.0 min. Current group: system
   | Id   | OmeName    | DN                              
---+------+------------+---------------------------------
 0 | 52   | atarkowska | cn=atarkowska,ou=Lab,o=College 
 1 | 1352 | wmoore     | cn=wmoore,ou=Lab,o=College 
Command Line Interface documentation

OMERO session key-based authentication

https://omero/webgateway/img_detail/IMAGE_ID/ ?server=SERVER_ID&bsession=OMERO_SESSION_KEY
$ $ bin/omero login
Previously logged in to localhost:4064 as root
Server: [localhost:4064]
Username: [test-user]
Password:
Created session 531389ec-300e-4a01-9bdf-90e9f3869473 (test-user@localhost:4064). Idle timeout: 60.0 min. Current group: read-only

$ bin/omero sessions list
 Server    | User | Group           | Session                              | Active    | Started
-----------+------+-----------------+--------------------------------------+-----------+--------------------------
 localhost | test | read-only       | 531389ec-300e-4a01-9bdf-90e9f3869473 | Logged in | Fri May 01 14:55:25 2015
 localhost | root | system          | 1f800a16-1dc2-407a-8a85-fb44005306be | True      | Fri May 01 14:55:18 2015
(2 rows)
Server-side Session documentation

Performance and Caching

Maximum number of clients
worker_processes * worker_connections
# worker_processes = 2 * Number of CPUs
# worker_connections maximum number of simultaneous connections

Cache URLs:

Future work

  • Improving caching support.
  • Integration with 3rd party systems:
    • OMERO Single Sign On authentication
  • Web URL filters improvement.
  • Embedding:
    • Complex JavaScript and JSON API
  • Complex usage of ROIs and annotations.

Thank you

  • Prof. Jason Swedlow
  • OME team


Questions ?