1 new commit in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/9452c068ec99/
Changeset: 9452c068ec99
User: jmchilton
Date: 2014-05-19 18:51:07
Summary: Rework, improve validation of dataset creation requests.
Being more thorough fixes some potential security problems and will allow some performance optimizations I'm planning.
Affected #: 2 files
diff -r c4404368f34df8089812f14dff298092e3ba7a81 -r 9452c068ec99c52c66dcb2bbb208787f8d379d22 lib/galaxy/dataset_collections/__init__.py
--- a/lib/galaxy/dataset_collections/__init__.py
+++ b/lib/galaxy/dataset_collections/__init__.py
@@ -1,6 +1,8 @@
from .registry import DatasetCollectionTypesRegistry
from .matching import MatchingCollections
from .type_description import CollectionTypeDescriptionFactory
+from .util import validate_input_element_identifiers
+
from galaxy import model
from galaxy.exceptions import MessageException
@@ -53,6 +55,8 @@
):
"""
"""
+ if element_identifiers:
+ validate_input_element_identifiers( element_identifiers )
dataset_collection = self.__create_dataset_collection(
trans=trans,
collection_type=collection_type,
@@ -99,6 +103,8 @@
if not collection_type:
raise RequestParameterInvalidException( ERROR_NO_COLLECTION_TYPE )
collection_type_description = self.collection_type_descriptions.for_collection_type( collection_type )
+ # If we have elements, this is an internal request, don't need to load
+ # objects from identifiers.
if elements is None:
if collection_type_description.has_subcollections( ):
# Nested collection - recursively create collections and update identifiers.
@@ -186,8 +192,6 @@
# element identifier is a dict with src new_collection...
collection_type = element_identifier.get( "collection_type", None )
- if not collection_type:
- raise RequestParameterInvalidException( "No collection_type define for nested collection." )
collection = self.__create_dataset_collection(
trans=trans,
collection_type=collection_type,
@@ -202,10 +206,6 @@
def __load_elements( self, trans, element_identifiers ):
elements = odict.odict()
for element_identifier in element_identifiers:
- if "name" not in element_identifier:
- raise RequestParameterInvalidException(
- "Cannot load invalid dataset identifier - missing name - %s" % element_identifier
- )
elements[ element_identifier[ "name" ] ] = self.__load_element( trans, element_identifier )
return elements
@@ -234,8 +234,6 @@
element = self.__get_history_collection_instance( trans, encoded_id ).collection
# TODO: ldca.
elif src_type == "dc":
- # TODO: Force only used internally during nested creation so no
- # need to recheck security.
element = self.get_dataset_collection( trans, encoded_id )
else:
raise RequestParameterInvalidException( "Unknown src_type parameter supplied '%s'." % src_type )
diff -r c4404368f34df8089812f14dff298092e3ba7a81 -r 9452c068ec99c52c66dcb2bbb208787f8d379d22 lib/galaxy/dataset_collections/util.py
--- a/lib/galaxy/dataset_collections/util.py
+++ b/lib/galaxy/dataset_collections/util.py
@@ -2,6 +2,11 @@
from galaxy import web
from galaxy import model
+ERROR_MESSAGE_UNKNOWN_SRC = "Unknown dataset source (src) %s."
+ERROR_MESSAGE_NO_NESTED_IDENTIFIERS = "Dataset source new_collection requires nested element_identifiers for new collection."
+ERROR_MESSAGE_NO_NAME = "Cannot load invalid dataset identifier - missing name - %s"
+ERROR_MESSAGE_NO_COLLECTION_TYPE = "No collection_type define for nested collection %s."
+
def api_payload_to_create_params( payload ):
"""
@@ -22,6 +27,28 @@
return params
+def validate_input_element_identifiers( element_identifiers ):
+ """ Scan through the list of element identifiers supplied by the API consumer
+ and verify the structure is valid.
+ """
+ for element_identifier in element_identifiers:
+ if "name" not in element_identifier:
+ message = ERROR_MESSAGE_NO_NAME % element_identifier
+ raise exceptions.RequestParameterInvalidException( message )
+ src = element_identifier.get( "src", "hda" )
+ if src not in [ "hda", "hdca", "ldda", "new_collection" ]:
+ message = ERROR_MESSAGE_UNKNOWN_SRC % src
+ raise exceptions.RequestParameterInvalidException( message )
+ if src == "new_collection":
+ if "element_identifiers" not in element_identifier:
+ message = ERROR_MESSAGE_NO_NESTED_IDENTIFIERS
+ raise exceptions.RequestParameterInvalidException( ERROR_MESSAGE_NO_NESTED_IDENTIFIERS )
+ if "collection_type" not in element_identifier:
+ message = ERROR_MESSAGE_NO_COLLECTION_TYPE % element_identifier
+ raise exceptions.RequestParameterInvalidException( message )
+ validate_input_element_identifiers( element_identifier[ "element_identifiers" ] )
+
+
def dictify_dataset_collection_instance( dataset_colleciton_instance, parent, security, view="element" ):
dict_value = dataset_colleciton_instance.to_dict( view=view )
encoded_id = security.encode_id( dataset_colleciton_instance.id )
Repository URL: https://bitbucket.org/galaxy/galaxy-central/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
1 new commit in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/42ced7ee518c/
Changeset: 42ced7ee518c
User: dan
Date: 2014-05-19 16:17:36
Summary: Fixes for genomespace exporter recieving UnvalidatedValue objects.
Affected #: 1 file
diff -r 5bf39d99f7892bd8d9733f5efd68a8bb356c7bd9 -r 42ced7ee518c0035dba9514b255ca1dbb8dd4c1a tools/genomespace/genomespace_exporter.py
--- a/tools/genomespace/genomespace_exporter.py
+++ b/tools/genomespace/genomespace_exporter.py
@@ -120,7 +120,13 @@
def galaxy_code_get_genomespace_folders( genomespace_site='prod', trans=None, value=None, base_url=None, **kwd ):
if value:
- value = value[0]#single select, only 1 value
+ if isinstance( value, list ):
+ value = value[0] #single select, only 1 value
+ elif not isinstance( value, basestring ):
+ #unvalidated value
+ value = value.value
+ if isinstance( value, list ):
+ value = value[0] #single select, only 1 value
def recurse_directory_dict( url_opener, cur_options, url ):
cur_directory = urllib2.Request( url, headers = { 'Content-Type': 'application/json', 'Accept': 'application/json, text/plain' } )
cur_directory.get_method = lambda: 'GET'
Repository URL: https://bitbucket.org/galaxy/galaxy-central/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.