Problems w/ ability of "public" user to download image data

A few months ago we interacted for OMERO workshop for INDEPTH. I manage the FSU-OMERO for the group and we recently made our client “public” using the instructions.

The website is omero.bio.fsu.edu. I have added the “public” user (Real Public) to the group for INDEPTH images for public, but that user can NOT download the files.

Can you advise how to configure such the public user will be able to download (not just view) while maintaining security of the web site.

Hi,
I think you need to update the public url filter, which you’ve probably got configured as described in our docs:

bin/omero config set omero.web.public.url_filter '^/(webadmin/myphoto/|webclient/(?!(script_ui|ome_tiff|figure_script))|webgateway/(?!(archived_files|download_as))|iviewer|api)'

This is blocking URLs to download the ‘archived_files’ (original data for an image) and is also blocking the ‘download_as’ (png, jpeg etc). To enable these, you can remove them from the regex:

bin/omero config set omero.web.public.url_filter '^/(webadmin/myphoto/|webclient/(?!(script_ui|ome_tiff|figure_script))|webgateway|iviewer|api)'

A few other points:

I noticed that when you first visit https://omero.bio.fsu.edu/ you don’t see any data listed (since the default webclient behaviour is to show data that belongs to the logged-in user, and the public user doesn’t own any data).

You can fix this using the login_redirect config as described at

https://docs.openmicroscopy.org/omero/5.5.1/sysadmins/customization.html#login-redirection

which sets the query_string to ?experimenter=-1 (all user’s data).

omero config set omero.web.login_redirect '{"redirect": ["webindex"], "viewname": "load_template", "args":["userdata"], "query_string": "experimenter=-1"}'

I also noticed that one of your public groups (“INDEPTH PUBLIC DATA…”) has read-annotate permissions so the public user appears to have the ability to add Annotations (Comments, Tags etc). In practice, they can’t add them because the public user is blocked from sending POST requests (omero.web.public.get_only is True by default) but the UI is misleading since it allows you to click [+] to add annotations and then fails if you try.

Hope that helps.
Will.