1 new changeset in galaxy-central: http://bitbucket.org/galaxy/galaxy-central/changeset/3297ec86d657/ changeset: 3297ec86d657 branches: user: greg date: 2011-06-01 21:20:43 summary: Several data library bug fixes: - Determiining if an accessible dataset exists somewhere in the data library hierarchy now works all the time ( I believe ). It used to work most of the time, but under corner conditions, it would break. - When importing dataset from a history into a data library, the dataset permissions are now correctly applied to the library dataset. The DATASET_MANAGE_PERMISSIONS permission is a spoecial case in that if it exists on the dataset, the LIBRARY_MANAGE permission must be applied to the library dataset. - Fix for message display and db flushing when importing library dataset into a history. - Do not render the folder pop-up menu option for selecting library dataset to import into histories if the folder does not contain any accessible library datasets. affected #: 3 files (2.6 KB) --- a/lib/galaxy/security/__init__.py Wed Jun 01 15:12:12 2011 -0400 +++ b/lib/galaxy/security/__init__.py Wed Jun 01 15:20:43 2011 -0400 @@ -287,8 +287,12 @@ if self.can_access_library_item( roles, library_dataset, user ): return True if search_downward: - for folder in folder.active_folders: - return self.has_accessible_library_datasets( trans, folder, user, roles, search_downward=search_downward ) + return self.__active_folders_have_accessible_library_datasets( trans, folder, user, roles ) + return False + def __active_folders_have_accessible_library_datasets( self, trans, folder, user, roles ): + for active_folder in folder.active_folders: + if self.has_accessible_library_datasets( trans, active_folder, user, roles ): + return True return False def can_access_library_item( self, roles, item, user ): if type( item ) == self.model.Library: --- a/lib/galaxy/web/controllers/library_common.py Wed Jun 01 15:12:12 2011 -0400 +++ b/lib/galaxy/web/controllers/library_common.py Wed Jun 01 15:20:43 2011 -0400 @@ -11,6 +11,7 @@ from galaxy.web.form_builder import AddressField, CheckboxField, SelectField, TextArea, TextField, WorkflowField, WorkflowMappingField, HistoryField import logging, tempfile, zipfile, tarfile, os, sys, operator from galaxy.eggs import require +from galaxy.security import Action # Whoosh is compatible with Python 2.5+ Try to import Whoosh and set flag to indicate whether tool search is enabled. try: require( "Whoosh" ) @@ -829,7 +830,7 @@ **kwd ) if created_outputs_dict: if cntrller == 'api': - # created_outputs_dict can only ever be a string if cntrller == 'api' + # created_outputs_dict can be a string only if cntrller == 'api' if type( created_outputs_dict ) == str: return 400, created_outputs_dict return 200, created_outputs_dict @@ -1211,6 +1212,27 @@ # LDDA and LibraryDataset. trans.app.security_agent.copy_library_permissions( folder, ldda ) trans.app.security_agent.copy_library_permissions( folder, ldda.library_dataset ) + # Make sure to apply any defined dataset permissions, allowing the permissions inherited from the folder to + # over-ride the same permissions on the dataset, if they exist. + dataset_permissions_dict = trans.app.security_agent.get_permissions( hda.dataset ) + current_library_dataset_actions = [ permission.action for permission in ldda.library_dataset.actions ] + # The DATASET_MANAGE_PERMISSIONS permission on a dataset is a special case because if + # it exists, then we need to apply the LIBRARY_MANAGE permission to the library dataset. + dataset_manage_permissions_action = trans.app.security_agent.get_action( 'DATASET_MANAGE_PERMISSIONS' ).action + flush_needed = False + for action, roles in dataset_permissions_dict.items(): + if isinstance( action, Action ): + action = action.action + if action == dataset_manage_permissions_action: + # Apply the LIBRARY_MANAGE permission to the library dataset. + action = trans.app.security_agent.get_action( 'LIBRARY_MANAGE' ).action + # Allow the permissions inherited from the folder to over-ride the same permissions on the dataset. + if action not in current_library_dataset_actions: + for ldp in [ trans.model.LibraryDatasetPermissions( action, ldda.library_dataset, role ) for role in roles ]: + trans.sa_session.add( ldp ) + flush_needed = True + if flush_needed: + trans.sa_session.flush() # Permissions must be the same on the LibraryDatasetDatasetAssociation and the associated LibraryDataset trans.app.security_agent.copy_library_permissions( ldda.library_dataset, ldda ) if created_ldda_ids: @@ -1605,7 +1627,7 @@ valid_lddas = [] invalid_lddas = [] for ldda in lddas: - if trans.app.security_agent.can_manage_library_item( current_user_roles, ldda ): + if is_admin or trans.app.security_agent.can_manage_library_item( current_user_roles, ldda ): valid_lddas.append( ldda ) valid_ldda_ids.append( ldda.id ) else: @@ -1634,7 +1656,7 @@ valid_lddas = [] invalid_lddas = [] for ldda in lddas: - if trans.app.security_agent.can_modify_library_item( current_user_roles, ldda ): + if is_admin or trans.app.security_agent.can_modify_library_item( current_user_roles, ldda ): valid_lddas.append( ldda ) else: invalid_lddas.append( ldda ) @@ -1859,6 +1881,7 @@ if len( target_histories ) != len( target_history_ids ): message += "You do not have permission to add datasets to %i requested histories. " % ( len( target_history_ids ) - len( target_histories ) ) status = 'error' + flush_needed = False for ldda in map( trans.sa_session.query( trans.app.model.LibraryDatasetDatasetAssociation ).get, ldda_ids ): if ldda is None: message += "You tried to import a dataset that does not exist. " @@ -1875,15 +1898,18 @@ else: for target_history in target_histories: hda = ldda.to_history_dataset_association( target_history=target_history, add_to_history=True ) - trans.sa_session.flush() - hist_names_str = ", ".join( [ target_history.name for target_history in target_histories ] ) - num_source = len( ldda_ids ) - invalid_datasets - num_target = len( target_histories ) - message = "%i %s imported into %i %s: %s" % ( num_source, - inflector.cond_plural( num_source, "dataset" ), - num_target, - inflector.cond_plural( num_target, "history" ), - hist_names_str ) + if not flush_needed: + flush_needed = True + if flush_needed: + trans.sa_session.flush() + hist_names_str = ", ".join( [ target_history.name for target_history in target_histories ] ) + num_source = len( ldda_ids ) - invalid_datasets + num_target = len( target_histories ) + message += "%i %s imported into %i %s: %s" % ( num_source, + inflector.cond_plural( num_source, "dataset" ), + num_target, + inflector.cond_plural( num_target, "history" ), + hist_names_str ) trans.sa_session.refresh( current_history ) current_user_roles = trans.get_current_user_roles() source_lddas = [] --- a/templates/library/common/browse_library.mako Wed Jun 01 15:12:12 2011 -0400 +++ b/templates/library/common/browse_library.mako Wed Jun 01 15:20:43 2011 -0400 @@ -314,6 +314,7 @@ from galaxy.web.controllers.library_common import active_folders, active_folders_and_library_datasets, activatable_folders_and_library_datasets, branch_deleted is_admin = trans.user_is_admin() and cntrller == 'library_admin' + has_accessible_library_datasets = trans.app.security_agent.has_accessible_library_datasets( trans, folder, trans.user, current_user_roles, search_downward=False ) if root_folder: pad = folder_pad @@ -380,7 +381,7 @@ <a class="action-button" href="${h.url_for( controller='library_common', action='create_folder', cntrller=cntrller, parent_id=trans.security.encode_id( folder.id ), library_id=trans.security.encode_id( library.id ), use_panels=use_panels, show_deleted=show_deleted )}">Add sub-folder</a> %endif %if not branch_deleted( folder ): - %if self.has_accessible_datasets: + %if has_accessible_library_datasets: <a class="action-button" href="${h.url_for( controller='library_common', action='import_datasets_to_histories', cntrller=cntrller, library_id=trans.security.encode_id( library.id ), folder_id=trans.security.encode_id( folder.id ), use_panels=use_panels, show_deleted=show_deleted )}">Select datasets for import into selected histories</a> %endif %if can_modify: @@ -488,6 +489,7 @@ form_type = trans.model.FormDefinition.types.LIBRARY_INFO_TEMPLATE self.has_accessible_datasets = trans.app.security_agent.has_accessible_library_datasets( trans, library.root_folder, trans.user, current_user_roles ) + root_folder_has_accessible_library_datasets = trans.app.security_agent.has_accessible_library_datasets( trans, library.root_folder, trans.user, current_user_roles, search_downward=False ) has_accessible_folders = is_admin or trans.app.security_agent.has_accessible_folders( trans, library.root_folder, trans.user, current_user_roles ) tracked_datasets = {} @@ -500,7 +502,7 @@ def __str__( self ): return str( self.count ) %> - + <h2>Data Library “${library.name}”</h2><ul class="manage-table-actions"> @@ -534,7 +536,7 @@ %endif <a class="action-button" href="${h.url_for( controller='library_common', action='library_permissions', cntrller=cntrller, id=trans.security.encode_id( library.id ), use_panels=use_panels, show_deleted=show_deleted )}">Edit permissions</a> %endif - %if self.has_accessible_datasets: + %if root_folder_has_accessible_library_datasets: <a class="action-button" href="${h.url_for( controller='library_common', action='import_datasets_to_histories', cntrller=cntrller, library_id=trans.security.encode_id( library.id ), folder_id=trans.security.encode_id( library.root_folder.id ), use_panels=use_panels, show_deleted=show_deleted )}">Select datasets for import into selected histories</a> %endif %elif can_modify and not library.purged: Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.