Public Repository:
permissions, deployment
and customization
10th Annual OME Meeting
Paris 2015
Ola Tarkowska, Will Moore
OMERO & repositories
Presentation Outline
- Groups & Permissions
- User authentication
- Publishing data
- Customizing repository
OMERO & Repository Mode
Private User Repository
- You always retain ownership of your data.
- No limitations on the operations on your own data.
- Restricted access to the data based on permissions.
Public & Controlled Repository
- Data can be owner agnostic.
- Limited operations on the data.
- Public access to the raw data.
Examples
Public repositories:
Controlled repositories:
Public data in OMERO
Deployment
Groups & Permissions
- Private
(rw----) - Read-Only
(rwr---) - Read-Write
(rwrw--)
Public User
- Public visitors are logged-in as a specified public user
- Visitors are able to access data available to public user
- Functionality exposed can be controlled by url filters
$ bin/omero config set omero.web.public.enabled True
$ bin/omero config set omero.web.public.server_id 1
$ bin/omero config set omero.web.public.user '<username>'
$ bin/omero config set omero.web.public.password '*****'
$ bin/omero config set omero.web.public.url_filter '^/webgateway'
$ bin/omero config set omero.web.public.url_filter '^/webgateway/(?!archived_files|download_as)'
$ bin/omero config set omero.web.public.url_filter '^/(?!webadmin|webclient/(action|logout|annotate_(file|tags|comment|rating|map)|script_ui|ome_tiff|figure_script)|webgateway/(archived_files|download_as))'
Accessing Public data
Moving data to public space
LINK https://...
https://omero/webgateway/image_detail/12345/
https://omero/webgateway/render_thumbnail/12345/W/H/
Embedding </ >
ExampleHTML page
<link href="https://omero/static/omeroweb.viewer.min.css" type="text/css" rel="stylesheet">
<script src="https://omero/static/omeroweb.viewer.min.js" type="text/javascript">
<style type="text/css">
.viewport {
height: 500px;
width: 500px;
}
</style>
<javascript type="text/javascript">
/* Prepare the viewport */
viewport = $.WeblitzViewport($("#viewport"), "http://omero/webgateway/", {
'mediaroot': "http://omero/static/"
});
/* Load the selected image into the viewport */
viewport.load(IMAGE_ID);
});
</javascript>
<body>
<div id="viewport" class="viewport"></div>
</body>OMERO.web
Custom application
Customization
Index page
$ bin/omero config set omero.web.index_template 'mytemplate/test.html'
$ bin/omero config set omero.web.template_dirs '/your/path/to/templates/'
Login screen
$ bin/omero config set omero.web.login_logo 'http://www.url/to/image.png'
Login redirection
$ bin/omero config set omero.web.login_redirect
'{"redirect": ["webindex"], "viewname": "load_template",
"args":["userdata"], "query_string": "experimenter=-1"}'
Post login page
$ bin/omero config set omero.web.login_redirect
'{"redirect": ["webindex"], "viewname": "webindex_custom"}'
Override existing view
@never_cache
@login_required()
@render_response()
def custom_index(request, conn=None, **kwargs):
context = {"version": omero_version}
active_group = request.session.get('active_group') or conn.getEventContext().groupId
group = conn.getObject("ExperimenterGroup", active_group)
leaders, members = group.groupSummary()
leaders.sort(key=lambda x: x.getOmeName() and x.getOmeName().lower())
context["courses"] = leaders
context['template'] = 'virtualmicroscope/start.html'
return context
omeroweb.webstart.views.custom_index = custom_index
Top links menu
$ bin/omero config append omero.web.ui.top_links
'["Figure", "webfigure"]'
$ bin/omero config set omero.web.ui.top_links
'["GRE", "http://lifesci.dundee.ac.uk/gre"]'
Group and Users
in dropdown menu
$ bin/omero config set omero.client.ui.menu.dropdown.leaders "Owners"
$ bin/omero config set omero.client.ui.menu.dropdown.colleagues.enabled true
$ bin/omero config set omero.client.ui.menu.dropdown.colleagues "Members"
$ bin/omero config set omero.client.ui.menu.dropdown.colleagues.enabled true
$ bin/omero config set omero.client.ui.menu.dropdown.all "All Members"
$ bin/omero config set omero.client.ui.menu.dropdown.colleagues.enabled true
Orphaned container
$ bin/omero config set omero.client.ui.tree.orphans.name "Orphaned images"
Disabling scripts
$ bin/omero config append omero.client.scripts_to_ignore "/my_scripts/script.py"
Download restriction
$ bin/omero config set omero.policy.binary_access "+read,+write,+image"
Webstart restriction
$ bin/omero config set omero.web.webstart_admins_only true
Email notification
Configuration
$ bin/omero config set omero.mail.config true
$ bin/omero config set omero.mail.from "sysadmin@localhost.domain"
$ bin/omero config set omero.mail.host "localhost"
$ bin/omero config set omero.mail.port 465
$ bin/omero config set omero.mail.username
$ bin/omero config set omero.mail.password
$ bin/omero config set omero.mail.smtp.starttls.enable true
LDAP authentication
Configuration
$ bin/omero config set omero.ldap.config True
$ bin/omero config set omero.ldap.urls "ldaps://ldap:636"
$ bin/omero config set omero.ldap.username "cn=ldapuser,ou=Lab,o=College"
$ bin/omero config set omero.ldap.password "***"
$ bin/omero config set omero.ldap.base "o=College"
$ bin/omero config set omero.security.ignore_case True
Mapping groups and users
$ bin/omero config set omero.ldap.group_mapping "name=cn"
$ bin/omero config set omero.ldap.user_mapping "omeName=cn,firstName=givenName
,lastName=sn,email=mail"
$ bin/omero config set omero.ldap.group_filter "(&(objectClass=groupOfUniqueNames)
(cn=repository))"
$ bin/omero config set omero.ldap.user_filter "(memberOf=cn=repository,ou=Lab
,o=College)"
$ bin/omero config set omero.ldap.new_user_group ":query:(uniqueMember=@{dn})"
$ bin/omero config set omero.ldap.new_user_group "Virtual Microscope"
LDAP & Command line
$ bin/omero ldap getdn --user-name atarkowska
Using session 425b795b-1c7b-49c0-bd47-587252001744 (root@localhost:4064). Idle timeout: 60.0 min. Current group: system
atarkowska: cn=ATarkowska,ou=Lab,o=College
$ bin/omero ldap create wmoore
Using session 425b795b-1c7b-49c0-bd47-587252001744 (root@localhost:4064). Idle timeout: 60.0 min. Current group: system
Added user wmoore (id=1352) with DN=cn=wmoore,ou=Lab,o=College
$ bin/omero ldap list
Using session 425b795b-1c7b-49c0-bd47-587252001744 (root@localhost:4064). Idle timeout: 60.0 min. Current group: system
| Id | OmeName | DN
---+------+------------+---------------------------------
0 | 52 | atarkowska | cn=atarkowska,ou=Lab,o=College
1 | 1352 | wmoore | cn=wmoore,ou=Lab,o=College
OMERO session key-based authentication
https://omero/webgateway/img_detail/IMAGE_ID/ ?server=SERVER_ID&bsession=OMERO_SESSION_KEY$ $ bin/omero login
Previously logged in to localhost:4064 as root
Server: [localhost:4064]
Username: [test-user]
Password:
Created session 531389ec-300e-4a01-9bdf-90e9f3869473 (test-user@localhost:4064). Idle timeout: 60.0 min. Current group: read-only
$ bin/omero sessions list
Server | User | Group | Session | Active | Started
-----------+------+-----------------+--------------------------------------+-----------+--------------------------
localhost | test | read-only | 531389ec-300e-4a01-9bdf-90e9f3869473 | Logged in | Fri May 01 14:55:25 2015
localhost | root | system | 1f800a16-1dc2-407a-8a85-fb44005306be | True | Fri May 01 14:55:18 2015
(2 rows)
Future work
- Integration with 3rd party systems
- OMERO Single Sign On authentication
- Web URL filters improvement
- Embedding
- Complex JavaScript and JSON API
- Complex usage of ROIs and annotations.
Thank you
- Prof. Jason Swedlow
- OME team
