# HG changeset patch -- Bitbucket.org # Project galaxy-dist # URL http://bitbucket.org/galaxy/galaxy-dist/overview # User Greg Von Kuster <greg@bx.psu.edu> # Date 1289522279 18000 # Node ID ff7327f2946e9121139cefbf4a45dba2791b7162 # Parent f2383b761f4e05442fd5ba6b1cde517732aa2c03 When generating the list of target libraries for transferring sample datasets, use all libraries accessible to the request's user rather than all libraries for which that user has LIBRARY_ADD permission. --- a/lib/galaxy/model/__init__.py +++ b/lib/galaxy/model/__init__.py @@ -53,6 +53,8 @@ class User( object ): roles.append( role ) return roles def accessible_libraries( self, trans, actions ): + # TODO: eliminate this method - instead use + # trans.app.security_agent.get_accessible_libraries(). # Get all permitted libraries for this user all_libraries = trans.sa_session.query( trans.app.model.Library ) \ .filter( trans.app.model.Library.table.c.deleted == False ) \ --- a/lib/galaxy/web/controllers/requests_common.py +++ b/lib/galaxy/web/controllers/requests_common.py @@ -2,6 +2,7 @@ from galaxy.web.base.controller import * from galaxy.web.framework.helpers import time_ago, iff, grids from galaxy.model.orm import * from galaxy import model, util +from galaxy.util.odict import odict from galaxy.web.form_builder import * import logging, os, csv @@ -413,8 +414,7 @@ class RequestsCommon( BaseController, Us cntrller=cntrller, id=request_id, editing_samples=editing_samples ) ) - # Get all libraries for which the current user has permission to add items. - libraries = request.user.accessible_libraries( trans, [ trans.app.security_agent.permitted_actions.LIBRARY_ADD ] ) + libraries = self.__get_accessible_libraries( trans, request.user ) # Build a list of sample widgets (based on the attributes of each sample) for display. displayable_sample_widgets = self.__get_sample_widgets( trans, request, request.samples, **kwd ) encoded_selected_sample_ids = self.__get_encoded_selected_sample_ids( trans, request, **kwd ) @@ -815,8 +815,7 @@ class RequestsCommon( BaseController, Us else: sample_index = len( displayable_sample_widgets ) if params.get( 'add_sample_button', False ): - # Get all libraries for which the current user has permission to add items - libraries = request.user.accessible_libraries( trans, [ trans.app.security_agent.permitted_actions.LIBRARY_ADD ] ) + libraries = self.__get_accessible_libraries( trans, request.user ) num_samples_to_add = int( params.get( 'num_sample_to_copy', 1 ) ) # See if the user has selected a sample to copy. copy_sample_index = int( params.get( 'copy_sample_index', -1 ) ) @@ -1186,9 +1185,9 @@ class RequestsCommon( BaseController, Us # the first time a bar code was added to the sample, so change it's state # to the next associated SampleState. if sample.state.id == request.type.states[0].id: - event = trans.app.model.SampleEvent(sample, - request.type.states[1], - 'Bar code associated with the sample' ) + event = trans.model.SampleEvent( sample, + request.type.states[1], + 'Bar code associated with the sample' ) trans.sa_session.add( event ) trans.sa_session.flush() sample.bar_code = bar_code @@ -1216,6 +1215,19 @@ class RequestsCommon( BaseController, Us folder = None return library, folder # ===== Methods for handling form definition widgets ===== + def __get_accessible_libraries( self, trans, user ): + # Return a dictionary whose keys are libraries that user can + # access and whose values are empty string ''. This is because + # methods expect the dictionary instead of a simple list because + # this method replaces the deprecated model.User.accessible_libraries() + # method. TODO: fix methods that call this method to expect the list + # returne dby trans.app.securoty_agent.get_accessible_libraries() and + # then eliminate this method. + accessible_libraries = trans.app.security_agent.get_accessible_libraries( trans, user ) + accessible_libraries_dict = odict() + for library in accessible_libraries: + accessible_libraries_dict[ library ] = '' + return accessible_libraries_dict def __get_request_widgets( self, trans, id ): """Get the widgets for the request""" request = trans.sa_session.query( trans.model.Request ).get( id ) @@ -1263,8 +1275,7 @@ class RequestsCommon( BaseController, Us # Build the list of widgets which will be used to render each sample row on the request page if not request: return sample_widgets - # Get the list of libraries for which the current user has permission to add items. - libraries = request.user.accessible_libraries( trans, [ trans.app.security_agent.permitted_actions.LIBRARY_ADD ] ) + libraries = self.__get_accessible_libraries( trans, request.user ) # Build the list if sample widgets, populating the values from kwd. for index, sample in enumerate( samples ): id_index = index + 1 --- a/lib/galaxy/webapps/community/__init__.py +++ b/lib/galaxy/webapps/community/__init__.py @@ -1,3 +1,3 @@ -"""The Galaxy Reports application.""" +"""The Galaxy Tool Shed application.""" from galaxy.web.framework import expose, url_for --- a/lib/galaxy/security/__init__.py +++ b/lib/galaxy/security/__init__.py @@ -74,6 +74,8 @@ class RBACAgent: raise "Unimplemented Method" def make_library_public( self, library ): raise "Unimplemented Method" + def get_accessible_libraries( self, trans, user ): + raise "Unimplemented Method" def folder_is_public( self, library ): raise "Unimplemented Method" def make_folder_public( self, folder, count=0 ): @@ -244,6 +246,26 @@ class GalaxyRBACAgent( RBACAgent ): return self.allow_action( roles, self.permitted_actions.DATASET_MANAGE_PERMISSIONS, dataset ) def can_access_library( self, roles, library ): return self.library_is_public( library ) or self.allow_action( roles, self.permitted_actions.LIBRARY_ACCESS, library ) + def get_accessible_libraries( self, trans, user ): + """Return all data libraries that user can access""" + accessible_libraries = [] + current_user_role_ids = [ role.id for role in user.all_roles() ] + library_access_action = self.permitted_actions.LIBRARY_ACCESS.action + restricted_library_ids = [ lp.library_id for lp in trans.sa_session.query( trans.model.LibraryPermissions ) \ + .filter( trans.model.LibraryPermissions.table.c.action == library_access_action ) \ + .distinct() ] + accessible_restricted_library_ids = [ lp.library_id for lp in trans.sa_session.query( trans.model.LibraryPermissions ) \ + .filter( and_( trans.model.LibraryPermissions.table.c.action == library_access_action, + trans.model.LibraryPermissions.table.c.role_id.in_( current_user_role_ids ) ) ) ] + # Filter to get libraries accessible by the current user. Get both + # public libraries and restricted libraries accessible by the current user. + for library in trans.sa_session.query( trans.model.Library ) \ + .filter( and_( trans.model.Library.table.c.deleted == False, + ( or_( not_( trans.model.Library.table.c.id.in_( restricted_library_ids ) ), + trans.model.Library.table.c.id.in_( accessible_restricted_library_ids ) ) ) ) ) \ + .order_by( trans.app.model.Library.name ): + accessible_libraries.append( library ) + return accessible_libraries def can_access_library_item( self, roles, item, user ): if type( item ) == self.model.Library: return self.can_access_library( roles, item )