# HG changeset patch -- Bitbucket.org # Project galaxy-dist # URL http://bitbucket.org/galaxy/galaxy-dist/overview # User Nate Coraor <nate@bx.psu.edu> # Date 1277738970 14400 # Node ID 980a38b7f8748e5a852ff06d9cdf59be810f97f7 # Parent 89fbba1fc87e5dc59e449bab7a38addd24493337 Bugfix: Allow administrators to create users when use_remote_user is enabled. --- a/lib/galaxy/web/framework/middleware/remoteuser.py +++ b/lib/galaxy/web/framework/middleware/remoteuser.py @@ -50,11 +50,12 @@ UCSC_ARCHAEA_SERVERS = ( ) class RemoteUser( object ): - def __init__( self, app, maildomain=None, ucsc_display_sites=[] ): + def __init__( self, app, maildomain=None, ucsc_display_sites=[], admin_users=[] ): self.app = app self.maildomain = maildomain self.allow_ucsc_main = False self.allow_ucsc_archaea = False + self.admin_users = admin_users if 'main' in ucsc_display_sites or 'test' in ucsc_display_sites: self.allow_ucsc_main = True if 'archaea' in ucsc_display_sites: @@ -76,14 +77,7 @@ class RemoteUser( object ): # un-authenticated. Any other possible values need to go here as well. if environ.has_key( 'HTTP_REMOTE_USER' ) and environ[ 'HTTP_REMOTE_USER' ] != '(null)': path_info = environ.get('PATH_INFO', '') - if path_info.startswith( '/user' ): - title = "Access to Galaxy user controls is disabled" - message = """ - User controls are disabled when Galaxy is configured - for external authentication. - """ - return self.error( start_response, title, message ) - elif not environ[ 'HTTP_REMOTE_USER' ].count( '@' ): + if not environ[ 'HTTP_REMOTE_USER' ].count( '@' ): if self.maildomain is not None: environ[ 'HTTP_REMOTE_USER' ] += '@' + self.maildomain else: @@ -99,6 +93,15 @@ class RemoteUser( object ): before you may access Galaxy. """ return self.error( start_response, title, message ) + if path_info.startswith( '/user/create' ) and environ[ 'HTTP_REMOTE_USER' ] in self.admin_users: + pass # admins can create users + elif path_info.startswith( '/user' ): + title = "Access to Galaxy user controls is disabled" + message = """ + User controls are disabled when Galaxy is configured + for external authentication. + """ + return self.error( start_response, title, message ) return self.app( environ, start_response ) else: title = "Access to Galaxy is denied" --- a/lib/galaxy/web/buildapp.py +++ b/lib/galaxy/web/buildapp.py @@ -139,7 +139,9 @@ def wrap_in_middleware( app, global_conf # upstream server if asbool(conf.get( 'use_remote_user', False )): from galaxy.web.framework.middleware.remoteuser import RemoteUser - app = RemoteUser( app, maildomain=conf.get( 'remote_user_maildomain', None ), ucsc_display_sites=conf.get( 'ucsc_display_sites', [] ) ) + app = RemoteUser( app, maildomain=conf.get( 'remote_user_maildomain', None ), + ucsc_display_sites=conf.get( 'ucsc_display_sites', [] ), + admin_users=conf.get( 'admin_users', '' ).split( ',' ) ) log.debug( "Enabling 'remote user' middleware" ) # The recursive middleware allows for including requests in other # requests or forwarding of requests, all on the server side.