details: http://www.bx.psu.edu/hg/galaxy/rev/d6fddb034db7 changeset: 3675:d6fddb034db7 user: Greg Von Kuster <greg@bx.psu.edu> date: Wed Apr 21 11:35:21 2010 -0400 description: Enable the the grid helper and base grid templates to be used across webapps. Decouple the base controller from the model, controllers that subclass from the base contrller must now import a model. Eliminate the base controller from the community now that the base contrller can be used across webapps. Add a new admin controller grid to the community space. Move the Admin controller to ~/base/controller.py and subclass the 2 admin controller grids ( galaxy and community ) from it. Add the group components to the community. diffstat: community_wsgi.ini.sample | 3 + lib/galaxy/web/base/controller.py | 1195 +++++++++- lib/galaxy/web/controllers/admin.py | 900 +------- lib/galaxy/web/controllers/dataset.py | 6 +- lib/galaxy/web/controllers/forms.py | 2 +- lib/galaxy/web/controllers/history.py | 10 +- lib/galaxy/web/controllers/library_admin.py | 2 +- lib/galaxy/web/controllers/page.py | 15 +- lib/galaxy/web/controllers/requests.py | 2 +- lib/galaxy/web/controllers/requests_admin.py | 2 +- lib/galaxy/web/controllers/root.py | 6 +- lib/galaxy/web/controllers/tag.py | 2 +- lib/galaxy/web/controllers/tracks.py | 1 + lib/galaxy/web/controllers/user.py | 5 +- lib/galaxy/web/controllers/visualization.py | 3 +- lib/galaxy/web/controllers/workflow.py | 15 +- lib/galaxy/web/framework/helpers/grids.py | 21 +- lib/galaxy/webapps/community/base/controller.py | 24 - lib/galaxy/webapps/community/buildapp.py | 6 +- lib/galaxy/webapps/community/config.py | 7 +- lib/galaxy/webapps/community/controllers/admin.py | 285 ++ lib/galaxy/webapps/community/controllers/tool_browser.py | 2 +- lib/galaxy/webapps/community/model/__init__.py | 23 +- lib/galaxy/webapps/community/model/mapping.py | 48 +- lib/galaxy/webapps/community/model/migrate/versions/0001_initial_tables.py | 29 +- lib/galaxy/webapps/community/security/__init__.py | 50 +- templates/admin/dataset_security/group/group.mako | 1 + templates/admin/dataset_security/group/group_create.mako | 1 + templates/admin/dataset_security/group/group_rename.mako | 1 + templates/admin/dataset_security/role/role.mako | 1 + templates/admin/dataset_security/role/role_create.mako | 1 + templates/admin/dataset_security/role/role_rename.mako | 1 + templates/admin/index.mako | 145 - templates/admin/user/reset_password.mako | 1 + templates/admin/user/user.mako | 1 + templates/grid_base.mako | 26 +- templates/user/info.mako | 4 +- templates/webapps/community/admin/index.mako | 93 + templates/webapps/community/base_panels.mako | 2 +- templates/webapps/galaxy/admin/index.mako | 139 + test/base/twilltestcase.py | 12 +- 41 files changed, 1930 insertions(+), 1163 deletions(-) diffs (truncated from 4111 to 3000 lines): diff -r 076f572d7c9d -r d6fddb034db7 community_wsgi.ini.sample --- a/community_wsgi.ini.sample Wed Apr 21 10:41:30 2010 -0400 +++ b/community_wsgi.ini.sample Wed Apr 21 11:35:21 2010 -0400 @@ -46,6 +46,9 @@ # NEVER enable this on a public site (even test or QA) # use_interactive = true +# this should be a comma-separated list of valid Galaxy users +#admin_users = user1@example.org,user2@example.org + # Force everyone to log in (disable anonymous access) require_login = False diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/web/base/controller.py --- a/lib/galaxy/web/base/controller.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/web/base/controller.py Wed Apr 21 11:35:21 2010 -0400 @@ -1,11 +1,9 @@ """ Contains functionality needed in every web interface """ - -import os, time, logging, re - -# Pieces of Galaxy to make global in every controller -from galaxy import config, tools, web, model, util +import os, time, logging, re, string, sys +from datetime import datetime, timedelta +from galaxy import config, tools, web, util from galaxy.web import error, form, url_for from galaxy.model.orm import * from galaxy.workflow.modules import * @@ -24,27 +22,28 @@ """ Base class for Galaxy web application controllers. """ - def __init__( self, app ): """Initialize an interface for application 'app'""" self.app = app - def get_toolbox(self): """Returns the application toolbox""" return self.app.toolbox - - def get_class( self, class_name ): + def get_class( self, trans, class_name ): """ Returns the class object that a string denotes. Without this method, we'd have to do eval(<class_name>). """ if class_name == 'History': - item_class = model.History + item_class = trans.model.History elif class_name == 'HistoryDatasetAssociation': - item_class = model.HistoryDatasetAssociation + item_class = trans.model.HistoryDatasetAssociation elif class_name == 'Page': - item_class = model.Page + item_class = trans.model.Page elif class_name == 'StoredWorkflow': - item_class = model.StoredWorkflow + item_class = trans.model.StoredWorkflow elif class_name == 'Visualization': - item_class = model.Visualization + item_class = trans.model.Visualization + elif class_name == 'Tool': + # TODO: Nate, this one should be changed to whatever you end up calling + # the pointer to the tool archive. + item_class = trans.model.Tool else: item_class = None return item_class @@ -53,62 +52,56 @@ class UsesAnnotations: """ Mixin for getting and setting item annotations. """ - def get_item_annotation_str( self, db_session, user, item ): + def get_item_annotation_str( self, trans, user, item ): """ Returns a user's annotation string for an item. """ - annotation_obj = self.get_item_annotation_obj( db_session, user, item ) + annotation_obj = self.get_item_annotation_obj( trans, user, item ) if annotation_obj: return annotation_obj.annotation return None - - def get_item_annotation_obj( self, db_session, user, item ): + def get_item_annotation_obj( self, trans, user, item ): """ Returns a user's annotation object for an item. """ # Get annotation association. try: - annotation_assoc_class = eval( "model.%sAnnotationAssociation" % item.__class__.__name__ ) + annotation_assoc_class = eval( "trans.model.%sAnnotationAssociation" % item.__class__.__name__ ) except: # Item doesn't have an annotation association class and cannot be annotated. return False - # Get annotation association object. - annotation_assoc = db_session.query( annotation_assoc_class ).filter_by( user=user ) - if item.__class__ == model.History: + annotation_assoc = trans.sa_session.query( annotation_assoc_class ).filter_by( user=user ) + if item.__class__ == trans.model.History: annotation_assoc = annotation_assoc.filter_by( history=item ) - elif item.__class__ == model.HistoryDatasetAssociation: + elif item.__class__ == trans.model.HistoryDatasetAssociation: annotation_assoc = annotation_assoc.filter_by( hda=item ) - elif item.__class__ == model.StoredWorkflow: + elif item.__class__ == trans.model.StoredWorkflow: annotation_assoc = annotation_assoc.filter_by( stored_workflow=item ) - elif item.__class__ == model.WorkflowStep: + elif item.__class__ == trans.model.WorkflowStep: annotation_assoc = annotation_assoc.filter_by( workflow_step=item ) - elif item.__class__ == model.Page: + elif item.__class__ == trans.model.Page: annotation_assoc = annotation_assoc.filter_by( page=item ) - elif item.__class__ == model.Visualization: + elif item.__class__ == trans.model.Visualization: annotation_assoc = annotation_assoc.filter_by( visualization=item ) return annotation_assoc.first() - def add_item_annotation( self, trans, item, annotation ): """ Add or update an item's annotation; a user can only have a single annotation for an item. """ - # Get/create annotation association object. - annotation_assoc = self.get_item_annotation_obj( trans.sa_session, trans.get_user(), item ) + annotation_assoc = self.get_item_annotation_obj( trans, trans.user, item ) if not annotation_assoc: # Create association. # TODO: we could replace this eval() with a long if/else stmt, but this is more general without sacrificing try: - annotation_assoc_class = eval( "model.%sAnnotationAssociation" % item.__class__.__name__ ) + annotation_assoc_class = eval( "trans.model.%sAnnotationAssociation" % item.__class__.__name__ ) except: # Item doesn't have an annotation association class and cannot be annotated. return False annotation_assoc = annotation_assoc_class() item.annotations.append( annotation_assoc ) annotation_assoc.user = trans.get_user() - # Set annotation. annotation_assoc.annotation = annotation return True class SharableItemSecurity: """ Mixin for handling security for sharable items. """ - def security_check( self, user, item, check_ownership=False, check_accessible=False ): """ Security checks for an item: checks if (a) user owns item or (b) item is accessible to user. """ if check_ownership: @@ -125,7 +118,6 @@ class UsesHistoryDatasetAssociation: """ Mixin for controllers that use HistoryDatasetAssociation objects. """ - def get_dataset( self, trans, dataset_id, check_ownership=True, check_accessible=False ): """ Get an HDA object by id. """ # DEPRECATION: We still support unencoded ids for backward compatibility @@ -133,7 +125,7 @@ dataset_id = int( dataset_id ) except ValueError: dataset_id = trans.security.decode_id( dataset_id ) - data = trans.sa_session.query( model.HistoryDatasetAssociation ).get( dataset_id ) + data = trans.sa_session.query( trans.model.HistoryDatasetAssociation ).get( dataset_id ) if not data: raise paste.httpexceptions.HTTPRequestRangeNotSatisfiable( "Invalid dataset id: %s." % str( dataset_id ) ) if check_ownership: @@ -151,7 +143,6 @@ else: error( "You are not allowed to access this dataset" ) return data - def get_data( self, dataset, preview=True ): """ Gets a dataset's data. """ # Get data from file, truncating if necessary. @@ -169,12 +160,11 @@ class UsesVisualization( SharableItemSecurity ): """ Mixin for controllers that use Visualization objects. """ - def get_visualization( self, trans, id, check_ownership=True, check_accessible=False ): """ Get a Visualization from the database by id, verifying ownership. """ # Load workflow from database id = trans.security.decode_id( id ) - visualization = trans.sa_session.query( model.Visualization ).get( id ) + visualization = trans.sa_session.query( trans.model.Visualization ).get( id ) if not visualization: error( "Visualization not found" ) else: @@ -182,17 +172,15 @@ class UsesStoredWorkflow( SharableItemSecurity ): """ Mixin for controllers that use StoredWorkflow objects. """ - def get_stored_workflow( self, trans, id, check_ownership=True, check_accessible=False ): """ Get a StoredWorkflow from the database by id, verifying ownership. """ # Load workflow from database id = trans.security.decode_id( id ) - stored = trans.sa_session.query( model.StoredWorkflow ).get( id ) + stored = trans.sa_session.query( trans.model.StoredWorkflow ).get( id ) if not stored: error( "Workflow not found" ) else: return self.security_check( trans.get_user(), stored, check_ownership, check_accessible ) - def get_stored_workflow_steps( self, trans, stored_workflow ): """ Restores states for a stored workflow's steps. """ for step in stored_workflow.latest_workflow.steps: @@ -217,32 +205,29 @@ class UsesHistory( SharableItemSecurity ): """ Mixin for controllers that use History objects. """ - def get_history( self, trans, id, check_ownership=True, check_accessible=False ): """Get a History from the database by id, verifying ownership.""" # Load history from database id = trans.security.decode_id( id ) - history = trans.sa_session.query( model.History ).get( id ) + history = trans.sa_session.query( trans.model.History ).get( id ) if not history: err+msg( "History not found" ) else: return self.security_check( trans.get_user(), history, check_ownership, check_accessible ) - def get_history_datasets( self, trans, history, show_deleted=False ): """ Returns history's datasets. """ - query = trans.sa_session.query( model.HistoryDatasetAssociation ) \ - .filter( model.HistoryDatasetAssociation.history == history ) \ + query = trans.sa_session.query( trans.model.HistoryDatasetAssociation ) \ + .filter( trans.model.HistoryDatasetAssociation.history == history ) \ .options( eagerload( "children" ) ) \ - .join( "dataset" ).filter( model.Dataset.purged == False ) \ + .join( "dataset" ).filter( trans.model.Dataset.purged == False ) \ .options( eagerload_all( "dataset.actions" ) ) \ - .order_by( model.HistoryDatasetAssociation.hid ) + .order_by( trans.model.HistoryDatasetAssociation.hid ) if not show_deleted: - query = query.filter( model.HistoryDatasetAssociation.deleted == False ) + query = query.filter( trans.model.HistoryDatasetAssociation.deleted == False ) return query.all() class Sharable: """ Mixin for a controller that manages an item that can be shared. """ - # Implemented methods. @web.expose @web.require_login( "share Galaxy items" ) @@ -251,52 +236,42 @@ trans.get_user().username = username trans.sa_session.flush return self.sharing( trans, id, **kwargs ) - # Abstract methods. - @web.expose @web.require_login( "modify Galaxy items" ) def set_slug_async( self, trans, id, new_slug ): """ Set item slug asynchronously. """ - pass - + pass @web.expose @web.require_login( "share Galaxy items" ) def sharing( self, trans, id, **kwargs ): """ Handle item sharing. """ pass - @web.expose @web.require_login( "share Galaxy items" ) def share( self, trans, id=None, email="", **kwd ): """ Handle sharing an item with a particular user. """ pass - @web.expose def display_by_username_and_slug( self, trans, username, slug ): """ Display item by username and slug. """ pass - @web.expose @web.json @web.require_login( "get item name and link" ) def get_name_and_link_async( self, trans, id=None ): """ Returns item's name and link. """ pass - @web.expose @web.require_login("get item content asynchronously") def get_item_content_async( self, trans, id ): """ Returns item content in HTML format. """ pass - # Helper methods. - def _make_item_accessible( self, sa_session, item ): """ Makes item accessible--viewable and importable--and sets item's slug. Does not flush/commit changes, however. Item must have name, user, importable, and slug attributes. """ item.importable = True self.create_item_slug( sa_session, item ) - def create_item_slug( self, sa_session, item ): """ Create item slug. Slug is unique among user's importable items for item's class. Returns true if item's slug was set; false otherwise. """ if item.slug is None or item.slug == "": @@ -312,7 +287,6 @@ # Remove trailing '-'. if slug_base.endswith('-'): slug_base = slug_base[:-1] - # Make sure that slug is not taken; if it is, add a number to it. slug = slug_base count = 1 @@ -322,12 +296,1103 @@ count += 1 item.slug = slug return True - return False """ Deprecated: `BaseController` used to be available under the name `Root` """ +class ControllerUnavailable( Exception ): + pass -class ControllerUnavailable( Exception ): - pass \ No newline at end of file +class Admin(): + # Override these + user_list_grid = None + role_list_grid = None + group_list_grid = None + + @web.expose + @web.require_admin + def index( self, trans, **kwd ): + webapp = kwd.get( 'webapp', 'galaxy' ) + params = util.Params( kwd ) + message = util.restore_text( params.get( 'message', '' ) ) + status = params.get( 'status', 'done' ) + if webapp == 'galaxy': + return trans.fill_template( '/webapps/galaxy/admin/index.mako', + webapp=webapp, + message=message, + status=status ) + else: + return trans.fill_template( '/webapps/community/admin/index.mako', + webapp=webapp, + message=message, + status=status ) + @web.expose + @web.require_admin + def center( self, trans, **kwd ): + return trans.fill_template( '/admin/center.mako' ) + @web.expose + @web.require_admin + def reload_tool( self, trans, **kwd ): + params = util.Params( kwd ) + message = util.restore_text( params.get( 'message', '' ) ) + status = params.get( 'status', 'done' ) + return trans.fill_template( '/admin/reload_tool.mako', + toolbox=self.app.toolbox, + message=message, + status=status ) + @web.expose + @web.require_admin + def tool_reload( self, trans, tool_version=None, **kwd ): + params = util.Params( kwd ) + tool_id = params.tool_id + self.app.toolbox.reload( tool_id ) + message = 'Reloaded tool: ' + tool_id + return trans.fill_template( '/admin/reload_tool.mako', + toolbox=self.app.toolbox, + message=message, + status='done' ) + + # Galaxy Role Stuff + @web.expose + @web.require_admin + def roles( self, trans, **kwargs ): + if 'operation' in kwargs: + operation = kwargs['operation'].lower() + if operation == "roles": + return self.role( trans, **kwargs ) + if operation == "create": + return self.create_role( trans, **kwargs ) + if operation == "delete": + return self.mark_role_deleted( trans, **kwargs ) + if operation == "undelete": + return self.undelete_role( trans, **kwargs ) + if operation == "purge": + return self.purge_role( trans, **kwargs ) + if operation == "manage users and groups": + return self.manage_users_and_groups_for_role( trans, **kwargs ) + if operation == "rename": + return self.rename_role( trans, **kwargs ) + # Render the list view + return self.role_list_grid( trans, **kwargs ) + @web.expose + @web.require_admin + def create_role( self, trans, **kwd ): + params = util.Params( kwd ) + webapp = params.get( 'webapp', 'galaxy' ) + message = util.restore_text( params.get( 'message', '' ) ) + status = params.get( 'status', 'done' ) + if params.get( 'create_role_button', False ): + name = util.restore_text( params.name ) + description = util.restore_text( params.description ) + in_users = util.listify( params.get( 'in_users', [] ) ) + in_groups = util.listify( params.get( 'in_groups', [] ) ) + create_group_for_role = params.get( 'create_group_for_role', 'no' ) + if not name or not description: + message = "Enter a valid name and a description" + elif trans.sa_session.query( trans.app.model.Role ).filter( trans.app.model.Role.table.c.name==name ).first(): + message = "A role with that name already exists" + else: + # Create the role + role = trans.app.model.Role( name=name, description=description, type=trans.app.model.Role.types.ADMIN ) + trans.sa_session.add( role ) + # Create the UserRoleAssociations + for user in [ trans.sa_session.query( trans.app.model.User ).get( x ) for x in in_users ]: + ura = trans.app.model.UserRoleAssociation( user, role ) + trans.sa_session.add( ura ) + # Create the GroupRoleAssociations + for group in [ trans.sa_session.query( trans.app.model.Group ).get( x ) for x in in_groups ]: + gra = trans.app.model.GroupRoleAssociation( group, role ) + trans.sa_session.add( gra ) + if create_group_for_role == 'yes': + # Create the group + group = trans.app.model.Group( name=name ) + trans.sa_session.add( group ) + message = "Group '%s' has been created, and role '%s' has been created with %d associated users and %d associated groups" % \ + ( group.name, role.name, len( in_users ), len( in_groups ) ) + else: + message = "Role '%s' has been created with %d associated users and %d associated groups" % ( role.name, len( in_users ), len( in_groups ) ) + trans.sa_session.flush() + trans.response.send_redirect( web.url_for( controller='admin', + action='roles', + webapp=webapp, + message=util.sanitize_text( message ), + status='done' ) ) + trans.response.send_redirect( web.url_for( controller='admin', + action='create_role', + webapp=webapp, + message=util.sanitize_text( message ), + status='error' ) ) + out_users = [] + for user in trans.sa_session.query( trans.app.model.User ) \ + .filter( trans.app.model.User.table.c.deleted==False ) \ + .order_by( trans.app.model.User.table.c.email ): + out_users.append( ( user.id, user.email ) ) + out_groups = [] + for group in trans.sa_session.query( trans.app.model.Group ) \ + .filter( trans.app.model.Group.table.c.deleted==False ) \ + .order_by( trans.app.model.Group.table.c.name ): + out_groups.append( ( group.id, group.name ) ) + return trans.fill_template( '/admin/dataset_security/role/role_create.mako', + in_users=[], + out_users=out_users, + in_groups=[], + out_groups=out_groups, + webapp=webapp, + message=message, + status=status ) + @web.expose + @web.require_admin + def rename_role( self, trans, **kwd ): + params = util.Params( kwd ) + webapp = params.get( 'webapp', 'galaxy' ) + message = util.restore_text( params.get( 'message', '' ) ) + status = params.get( 'status', 'done' ) + id = params.get( 'id', None ) + if not id: + message = "No role ids received for renaming" + trans.response.send_redirect( web.url_for( controller='admin', + action='roles', + webapp=webapp, + message=message, + status='error' ) ) + role = get_role( trans, id ) + if params.get( 'rename_role_button', False ): + old_name = role.name + new_name = util.restore_text( params.name ) + new_description = util.restore_text( params.description ) + if not new_name: + message = 'Enter a valid name' + status='error' + elif trans.sa_session.query( trans.app.model.Role ).filter( trans.app.model.Role.table.c.name==new_name ).first(): + message = 'A role with that name already exists' + status = 'error' + else: + role.name = new_name + role.description = new_description + trans.sa_session.add( role ) + trans.sa_session.flush() + message = "Role '%s' has been renamed to '%s'" % ( old_name, new_name ) + return trans.response.send_redirect( web.url_for( controller='admin', + action='roles', + webapp=webapp, + message=util.sanitize_text( message ), + status='done' ) ) + return trans.fill_template( '/admin/dataset_security/role/role_rename.mako', + role=role, + webapp=webapp, + message=message, + status=status ) + @web.expose + @web.require_admin + def manage_users_and_groups_for_role( self, trans, **kwd ): + params = util.Params( kwd ) + webapp = params.get( 'webapp', 'galaxy' ) + message = util.restore_text( params.get( 'message', '' ) ) + status = params.get( 'status', 'done' ) + id = params.get( 'id', None ) + if not id: + message = "No role ids received for managing users and groups" + trans.response.send_redirect( web.url_for( controller='admin', + action='roles', + webapp=webapp, + message=message, + status='error' ) ) + role = get_role( trans, id ) + if params.get( 'role_members_edit_button', False ): + in_users = [ trans.sa_session.query( trans.app.model.User ).get( x ) for x in util.listify( params.in_users ) ] + for ura in role.users: + user = trans.sa_session.query( trans.app.model.User ).get( ura.user_id ) + if user not in in_users: + # Delete DefaultUserPermissions for previously associated users that have been removed from the role + for dup in user.default_permissions: + if role == dup.role: + trans.sa_session.delete( dup ) + # Delete DefaultHistoryPermissions for previously associated users that have been removed from the role + for history in user.histories: + for dhp in history.default_permissions: + if role == dhp.role: + trans.sa_session.delete( dhp ) + trans.sa_session.flush() + in_groups = [ trans.sa_session.query( trans.app.model.Group ).get( x ) for x in util.listify( params.in_groups ) ] + trans.app.security_agent.set_entity_role_associations( roles=[ role ], users=in_users, groups=in_groups ) + trans.sa_session.refresh( role ) + message = "Role '%s' has been updated with %d associated users and %d associated groups" % ( role.name, len( in_users ), len( in_groups ) ) + trans.response.send_redirect( web.url_for( controller='admin', + action='roles', + webapp=webapp, + message=util.sanitize_text( message ), + status=status ) ) + in_users = [] + out_users = [] + in_groups = [] + out_groups = [] + for user in trans.sa_session.query( trans.app.model.User ) \ + .filter( trans.app.model.User.table.c.deleted==False ) \ + .order_by( trans.app.model.User.table.c.email ): + if user in [ x.user for x in role.users ]: + in_users.append( ( user.id, user.email ) ) + else: + out_users.append( ( user.id, user.email ) ) + for group in trans.sa_session.query( trans.app.model.Group ) \ + .filter( trans.app.model.Group.table.c.deleted==False ) \ + .order_by( trans.app.model.Group.table.c.name ): + if group in [ x.group for x in role.groups ]: + in_groups.append( ( group.id, group.name ) ) + else: + out_groups.append( ( group.id, group.name ) ) + library_dataset_actions = {} + if webapp == 'galaxy': + # Build a list of tuples that are LibraryDatasetDatasetAssociationss followed by a list of actions + # whose DatasetPermissions is associated with the Role + # [ ( LibraryDatasetDatasetAssociation [ action, action ] ) ] + for dp in role.dataset_actions: + for ldda in trans.sa_session.query( trans.app.model.LibraryDatasetDatasetAssociation ) \ + .filter( trans.app.model.LibraryDatasetDatasetAssociation.dataset_id==dp.dataset_id ): + root_found = False + folder_path = '' + folder = ldda.library_dataset.folder + while not root_found: + folder_path = '%s / %s' % ( folder.name, folder_path ) + if not folder.parent: + root_found = True + else: + folder = folder.parent + folder_path = '%s %s' % ( folder_path, ldda.name ) + library = trans.sa_session.query( trans.app.model.Library ) \ + .filter( trans.app.model.Library.table.c.root_folder_id == folder.id ) \ + .first() + if library not in library_dataset_actions: + library_dataset_actions[ library ] = {} + try: + library_dataset_actions[ library ][ folder_path ].append( dp.action ) + except: + library_dataset_actions[ library ][ folder_path ] = [ dp.action ] + return trans.fill_template( '/admin/dataset_security/role/role.mako', + role=role, + in_users=in_users, + out_users=out_users, + in_groups=in_groups, + out_groups=out_groups, + library_dataset_actions=library_dataset_actions, + webapp=webapp, + message=message, + status=status ) + @web.expose + @web.require_admin + def mark_role_deleted( self, trans, **kwd ): + params = util.Params( kwd ) + webapp = params.get( 'webapp', 'galaxy' ) + id = kwd.get( 'id', None ) + if not id: + message = "No role ids received for deleting" + trans.response.send_redirect( web.url_for( controller='admin', + action='roles', + webapp=webapp, + message=message, + status='error' ) ) + ids = util.listify( id ) + message = "Deleted %d roles: " % len( ids ) + for role_id in ids: + role = get_role( trans, role_id ) + role.deleted = True + trans.sa_session.add( role ) + trans.sa_session.flush() + message += " %s " % role.name + trans.response.send_redirect( web.url_for( controller='admin', + action='roles', + webapp=webapp, + message=util.sanitize_text( message ), + status='done' ) ) + @web.expose + @web.require_admin + def undelete_role( self, trans, **kwd ): + params = util.Params( kwd ) + webapp = params.get( 'webapp', 'galaxy' ) + id = kwd.get( 'id', None ) + if not id: + message = "No role ids received for undeleting" + trans.response.send_redirect( web.url_for( controller='admin', + action='roles', + webapp=webapp, + message=message, + status='error' ) ) + ids = util.listify( id ) + count = 0 + undeleted_roles = "" + for role_id in ids: + role = get_role( trans, role_id ) + if not role.deleted: + message = "Role '%s' has not been deleted, so it cannot be undeleted." % role.name + trans.response.send_redirect( web.url_for( controller='admin', + action='roles', + webapp=webapp, + message=util.sanitize_text( message ), + status='error' ) ) + role.deleted = False + trans.sa_session.add( role ) + trans.sa_session.flush() + count += 1 + undeleted_roles += " %s" % role.name + message = "Undeleted %d roles: %s" % ( count, undeleted_roles ) + trans.response.send_redirect( web.url_for( controller='admin', + action='roles', + webapp=webapp, + message=util.sanitize_text( message ), + status='done' ) ) + @web.expose + @web.require_admin + def purge_role( self, trans, **kwd ): + # This method should only be called for a Role that has previously been deleted. + # Purging a deleted Role deletes all of the following from the database: + # - UserRoleAssociations where role_id == Role.id + # - DefaultUserPermissions where role_id == Role.id + # - DefaultHistoryPermissions where role_id == Role.id + # - GroupRoleAssociations where role_id == Role.id + # - DatasetPermissionss where role_id == Role.id + params = util.Params( kwd ) + webapp = params.get( 'webapp', 'galaxy' ) + id = kwd.get( 'id', None ) + if not id: + message = "No role ids received for purging" + trans.response.send_redirect( web.url_for( controller='admin', + action='roles', + webapp=webapp, + message=util.sanitize_text( message ), + status='error' ) ) + ids = util.listify( id ) + message = "Purged %d roles: " % len( ids ) + for role_id in ids: + role = get_role( trans, role_id ) + if not role.deleted: + message = "Role '%s' has not been deleted, so it cannot be purged." % role.name + trans.response.send_redirect( web.url_for( controller='admin', + action='roles', + webapp=webapp, + message=util.sanitize_text( message ), + status='error' ) ) + # Delete UserRoleAssociations + for ura in role.users: + user = trans.sa_session.query( trans.app.model.User ).get( ura.user_id ) + # Delete DefaultUserPermissions for associated users + for dup in user.default_permissions: + if role == dup.role: + trans.sa_session.delete( dup ) + # Delete DefaultHistoryPermissions for associated users + for history in user.histories: + for dhp in history.default_permissions: + if role == dhp.role: + trans.sa_session.delete( dhp ) + trans.sa_session.delete( ura ) + # Delete GroupRoleAssociations + for gra in role.groups: + trans.sa_session.delete( gra ) + # Delete DatasetPermissionss + for dp in role.dataset_actions: + trans.sa_session.delete( dp ) + trans.sa_session.flush() + message += " %s " % role.name + trans.response.send_redirect( web.url_for( controller='admin', + action='roles', + webapp=webapp, + message=util.sanitize_text( message ), + status='done' ) ) + + # Galaxy Group Stuff + @web.expose + @web.require_admin + def groups( self, trans, **kwargs ): + if 'operation' in kwargs: + operation = kwargs['operation'].lower() + if operation == "groups": + return self.group( trans, **kwargs ) + if operation == "create": + return self.create_group( trans, **kwargs ) + if operation == "delete": + return self.mark_group_deleted( trans, **kwargs ) + if operation == "undelete": + return self.undelete_group( trans, **kwargs ) + if operation == "purge": + return self.purge_group( trans, **kwargs ) + if operation == "manage users and roles": + return self.manage_users_and_roles_for_group( trans, **kwargs ) + if operation == "rename": + return self.rename_group( trans, **kwargs ) + # Render the list view + return self.group_list_grid( trans, **kwargs ) + @web.expose + @web.require_admin + def rename_group( self, trans, **kwd ): + params = util.Params( kwd ) + webapp = params.get( 'webapp', 'galaxy' ) + message = util.restore_text( params.get( 'message', '' ) ) + status = params.get( 'status', 'done' ) + id = params.get( 'id', None ) + if not id: + message = "No group ids received for renaming" + trans.response.send_redirect( web.url_for( controller='admin', + action='groups', + webapp=webapp, + message=message, + status='error' ) ) + group = get_group( trans, id ) + if params.get( 'rename_group_button', False ): + old_name = group.name + new_name = util.restore_text( params.name ) + if not new_name: + message = 'Enter a valid name' + status = 'error' + elif trans.sa_session.query( trans.app.model.Group ).filter( trans.app.model.Group.table.c.name==new_name ).first(): + message = 'A group with that name already exists' + status = 'error' + else: + group.name = new_name + trans.sa_session.add( group ) + trans.sa_session.flush() + message = "Group '%s' has been renamed to '%s'" % ( old_name, new_name ) + return trans.response.send_redirect( web.url_for( controller='admin', + action='groups', + webapp=webapp, + message=util.sanitize_text( message ), + status='done' ) ) + return trans.fill_template( '/admin/dataset_security/group/group_rename.mako', + group=group, + webapp=webapp, + message=message, + status=status ) + @web.expose + @web.require_admin + def manage_users_and_roles_for_group( self, trans, **kwd ): + params = util.Params( kwd ) + webapp = params.get( 'webapp', 'galaxy' ) + message = util.restore_text( params.get( 'message', '' ) ) + status = params.get( 'status', 'done' ) + group = get_group( trans, params.id ) + if params.get( 'group_roles_users_edit_button', False ): + in_roles = [ trans.sa_session.query( trans.app.model.Role ).get( x ) for x in util.listify( params.in_roles ) ] + in_users = [ trans.sa_session.query( trans.app.model.User ).get( x ) for x in util.listify( params.in_users ) ] + trans.app.security_agent.set_entity_group_associations( groups=[ group ], roles=in_roles, users=in_users ) + trans.sa_session.refresh( group ) + message += "Group '%s' has been updated with %d associated roles and %d associated users" % ( group.name, len( in_roles ), len( in_users ) ) + trans.response.send_redirect( web.url_for( controller='admin', + action='groups', + webapp=webapp, + message=util.sanitize_text( message ), + status=status ) ) + in_roles = [] + out_roles = [] + in_users = [] + out_users = [] + for role in trans.sa_session.query(trans.app.model.Role ) \ + .filter( trans.app.model.Role.table.c.deleted==False ) \ + .order_by( trans.app.model.Role.table.c.name ): + if role in [ x.role for x in group.roles ]: + in_roles.append( ( role.id, role.name ) ) + else: + out_roles.append( ( role.id, role.name ) ) + for user in trans.sa_session.query( trans.app.model.User ) \ + .filter( trans.app.model.User.table.c.deleted==False ) \ + .order_by( trans.app.model.User.table.c.email ): + if user in [ x.user for x in group.users ]: + in_users.append( ( user.id, user.email ) ) + else: + out_users.append( ( user.id, user.email ) ) + message += 'Group %s is currently associated with %d roles and %d users' % ( group.name, len( in_roles ), len( in_users ) ) + return trans.fill_template( '/admin/dataset_security/group/group.mako', + group=group, + in_roles=in_roles, + out_roles=out_roles, + in_users=in_users, + out_users=out_users, + webapp=webapp, + message=message, + status=status ) + @web.expose + @web.require_admin + def create_group( self, trans, **kwd ): + params = util.Params( kwd ) + webapp = params.get( 'webapp', 'galaxy' ) + message = util.restore_text( params.get( 'message', '' ) ) + status = params.get( 'status', 'done' ) + if params.get( 'create_group_button', False ): + name = util.restore_text( params.name ) + in_users = util.listify( params.get( 'in_users', [] ) ) + in_roles = util.listify( params.get( 'in_roles', [] ) ) + if not name: + message = "Enter a valid name" + elif trans.sa_session.query( trans.app.model.Group ).filter( trans.app.model.Group.table.c.name==name ).first(): + message = "A group with that name already exists" + else: + # Create the group + group = trans.app.model.Group( name=name ) + trans.sa_session.add( group ) + trans.sa_session.flush() + # Create the UserRoleAssociations + for user in [ trans.sa_session.query( trans.app.model.User ).get( x ) for x in in_users ]: + uga = trans.app.model.UserGroupAssociation( user, group ) + trans.sa_session.add( uga ) + trans.sa_session.flush() + # Create the GroupRoleAssociations + for role in [ trans.sa_session.query( trans.app.model.Role ).get( x ) for x in in_roles ]: + gra = trans.app.model.GroupRoleAssociation( group, role ) + trans.sa_session.add( gra ) + trans.sa_session.flush() + message = "Group '%s' has been created with %d associated users and %d associated roles" % ( name, len( in_users ), len( in_roles ) ) + trans.response.send_redirect( web.url_for( controller='admin', + action='groups', + webapp=webapp, + message=util.sanitize_text( message ), + status='done' ) ) + trans.response.send_redirect( web.url_for( controller='admin', + action='create_group', + webapp=webapp, + message=util.sanitize_text( message ), + status='error' ) ) + out_users = [] + for user in trans.sa_session.query( trans.app.model.User ) \ + .filter( trans.app.model.User.table.c.deleted==False ) \ + .order_by( trans.app.model.User.table.c.email ): + out_users.append( ( user.id, user.email ) ) + out_roles = [] + for role in trans.sa_session.query( trans.app.model.Role ) \ + .filter( trans.app.model.Role.table.c.deleted==False ) \ + .order_by( trans.app.model.Role.table.c.name ): + out_roles.append( ( role.id, role.name ) ) + return trans.fill_template( '/admin/dataset_security/group/group_create.mako', + in_users=[], + out_users=out_users, + in_roles=[], + out_roles=out_roles, + webapp=webapp, + message=message, + status=status ) + @web.expose + @web.require_admin + def mark_group_deleted( self, trans, **kwd ): + params = util.Params( kwd ) + webapp = params.get( 'webapp', 'galaxy' ) + id = params.get( 'id', None ) + if not id: + message = "No group ids received for marking deleted" + trans.response.send_redirect( web.url_for( controller='admin', + action='groups', + webapp=webapp, + message=message, + status='error' ) ) + ids = util.listify( id ) + message = "Deleted %d groups: " % len( ids ) + for group_id in ids: + group = get_group( trans, group_id ) + group.deleted = True + trans.sa_session.add( group ) + trans.sa_session.flush() + message += " %s " % group.name + trans.response.send_redirect( web.url_for( controller='admin', + action='groups', + webapp=webapp, + message=util.sanitize_text( message ), + status='done' ) ) + @web.expose + @web.require_admin + def undelete_group( self, trans, **kwd ): + params = util.Params( kwd ) + webapp = params.get( 'webapp', 'galaxy' ) + id = kwd.get( 'id', None ) + if not id: + message = "No group ids received for undeleting" + trans.response.send_redirect( web.url_for( controller='admin', + action='groups', + webapp=webapp, + message=message, + status='error' ) ) + ids = util.listify( id ) + count = 0 + undeleted_groups = "" + for group_id in ids: + group = get_group( trans, group_id ) + if not group.deleted: + message = "Group '%s' has not been deleted, so it cannot be undeleted." % group.name + trans.response.send_redirect( web.url_for( controller='admin', + action='groups', + webapp=webapp, + message=util.sanitize_text( message ), + status='error' ) ) + group.deleted = False + trans.sa_session.add( group ) + trans.sa_session.flush() + count += 1 + undeleted_groups += " %s" % group.name + message = "Undeleted %d groups: %s" % ( count, undeleted_groups ) + trans.response.send_redirect( web.url_for( controller='admin', + action='groups', + webapp=webapp, + message=util.sanitize_text( message ), + status='done' ) ) + @web.expose + @web.require_admin + def purge_group( self, trans, **kwd ): + # This method should only be called for a Group that has previously been deleted. + # Purging a deleted Group simply deletes all UserGroupAssociations and GroupRoleAssociations. + params = util.Params( kwd ) + webapp = params.get( 'webapp', 'galaxy' ) + id = kwd.get( 'id', None ) + if not id: + message = "No group ids received for purging" + trans.response.send_redirect( web.url_for( controller='admin', + action='groups', + webapp=webapp, + message=util.sanitize_text( message ), + status='error' ) ) + ids = util.listify( id ) + message = "Purged %d groups: " % len( ids ) + for group_id in ids: + group = get_group( trans, group_id ) + if not group.deleted: + # We should never reach here, but just in case there is a bug somewhere... + message = "Group '%s' has not been deleted, so it cannot be purged." % group.name + trans.response.send_redirect( web.url_for( controller='admin', + action='groups', + webapp=webapp, + message=util.sanitize_text( message ), + status='error' ) ) + # Delete UserGroupAssociations + for uga in group.users: + trans.sa_session.delete( uga ) + # Delete GroupRoleAssociations + for gra in group.roles: + trans.sa_session.delete( gra ) + trans.sa_session.flush() + message += " %s " % group.name + trans.response.send_redirect( web.url_for( controller='admin', + action='groups', + webapp=webapp, + message=util.sanitize_text( message ), + status='done' ) ) + + # Galaxy User Stuff + @web.expose + @web.require_admin + def create_new_user( self, trans, **kwargs ): + webapp = kwargs.get( 'webapp', 'galaxy' ) + return trans.response.send_redirect( web.url_for( controller='user', + action='create', + webapp=webapp, + admin_view=True ) ) + @web.expose + @web.require_admin + def reset_user_password( self, trans, **kwd ): + webapp = kwd.get( 'webapp', 'galaxy' ) + id = kwd.get( 'id', None ) + if not id: + message = "No user ids received for resetting passwords" + trans.response.send_redirect( web.url_for( controller='admin', + action='users', + webapp=webapp, + message=message, + status='error' ) ) + ids = util.listify( id ) + if 'reset_user_password_button' in kwd: + message = '' + status = '' + for user_id in ids: + user = get_user( trans, user_id ) + password = kwd.get( 'password', None ) + confirm = kwd.get( 'confirm' , None ) + if len( password ) < 6: + message = "Please use a password of at least 6 characters" + status = 'error' + break + elif password != confirm: + message = "Passwords do not match" + status = 'error' + break + else: + user.set_password_cleartext( password ) + trans.sa_session.add( user ) + trans.sa_session.flush() + if not message and not status: + message = "Passwords reset for %d users" % len( ids ) + status = 'done' + trans.response.send_redirect( web.url_for( controller='admin', + action='users', + webapp=webapp, + message=util.sanitize_text( message ), + status=status ) ) + users = [ get_user( trans, user_id ) for user_id in ids ] + if len( ids ) > 1: + id=','.join( id ) + return trans.fill_template( '/admin/user/reset_password.mako', + id=id, + users=users, + password='', + confirm='', + webapp=webapp ) + @web.expose + @web.require_admin + def mark_user_deleted( self, trans, **kwd ): + webapp = kwd.get( 'webapp', 'galaxy' ) + id = kwd.get( 'id', None ) + if not id: + message = "No user ids received for deleting" + trans.response.send_redirect( web.url_for( controller='admin', + action='users', + webapp=webapp, + message=message, + status='error' ) ) + ids = util.listify( id ) + message = "Deleted %d users: " % len( ids ) + for user_id in ids: + user = get_user( trans, user_id ) + user.deleted = True + trans.sa_session.add( user ) + trans.sa_session.flush() + message += " %s " % user.email + trans.response.send_redirect( web.url_for( controller='admin', + action='users', + webapp=webapp, + message=util.sanitize_text( message ), + status='done' ) ) + @web.expose + @web.require_admin + def undelete_user( self, trans, **kwd ): + webapp = kwd.get( 'webapp', 'galaxy' ) + id = kwd.get( 'id', None ) + if not id: + message = "No user ids received for undeleting" + trans.response.send_redirect( web.url_for( controller='admin', + action='users', + webapp=webapp, + message=message, + status='error' ) ) + ids = util.listify( id ) + count = 0 + undeleted_users = "" + for user_id in ids: + user = get_user( trans, user_id ) + if not user.deleted: + message = "User '%s' has not been deleted, so it cannot be undeleted." % user.email + trans.response.send_redirect( web.url_for( controller='admin', + action='users', + webapp=webapp, + message=util.sanitize_text( message ), + status='error' ) ) + user.deleted = False + trans.sa_session.add( user ) + trans.sa_session.flush() + count += 1 + undeleted_users += " %s" % user.email + message = "Undeleted %d users: %s" % ( count, undeleted_users ) + trans.response.send_redirect( web.url_for( controller='admin', + action='users', + webapp=webapp, + message=util.sanitize_text( message ), + status='done' ) ) + @web.expose + @web.require_admin + def purge_user( self, trans, **kwd ): + # This method should only be called for a User that has previously been deleted. + # We keep the User in the database ( marked as purged ), and stuff associated + # with the user's private role in case we want the ability to unpurge the user + # some time in the future. + # Purging a deleted User deletes all of the following: + # - History where user_id = User.id + # - HistoryDatasetAssociation where history_id = History.id + # - Dataset where HistoryDatasetAssociation.dataset_id = Dataset.id + # - UserGroupAssociation where user_id == User.id + # - UserRoleAssociation where user_id == User.id EXCEPT FOR THE PRIVATE ROLE + # Purging Histories and Datasets must be handled via the cleanup_datasets.py script + webapp = kwd.get( 'webapp', 'galaxy' ) + id = kwd.get( 'id', None ) + if not id: + message = "No user ids received for purging" + trans.response.send_redirect( web.url_for( controller='admin', + action='users', + webapp=webapp, + message=util.sanitize_text( message ), + status='error' ) ) + ids = util.listify( id ) + message = "Purged %d users: " % len( ids ) + for user_id in ids: + user = get_user( trans, user_id ) + if not user.deleted: + # We should never reach here, but just in case there is a bug somewhere... + message = "User '%s' has not been deleted, so it cannot be purged." % user.email + trans.response.send_redirect( web.url_for( controller='admin', + action='users', + webapp=webapp, + message=util.sanitize_text( message ), + status='error' ) ) + private_role = trans.app.security_agent.get_private_user_role( user ) + # Delete History + for h in user.active_histories: + trans.sa_session.refresh( h ) + for hda in h.active_datasets: + # Delete HistoryDatasetAssociation + d = trans.sa_session.query( trans.app.model.Dataset ).get( hda.dataset_id ) + # Delete Dataset + if not d.deleted: + d.deleted = True + trans.sa_session.add( d ) + hda.deleted = True + trans.sa_session.add( hda ) + h.deleted = True + trans.sa_session.add( h ) + # Delete UserGroupAssociations + for uga in user.groups: + trans.sa_session.delete( uga ) + # Delete UserRoleAssociations EXCEPT FOR THE PRIVATE ROLE + for ura in user.roles: + if ura.role_id != private_role.id: + trans.sa_session.delete( ura ) + # Purge the user + user.purged = True + trans.sa_session.add( user ) + trans.sa_session.flush() + message += "%s " % user.email + trans.response.send_redirect( web.url_for( controller='admin', + action='users', + webapp=webapp, + message=util.sanitize_text( message ), + status='done' ) ) + @web.expose + @web.require_admin + def users( self, trans, **kwargs ): + if 'operation' in kwargs: + operation = kwargs['operation'].lower() + if operation == "roles": + return self.user( trans, **kwargs ) + if operation == "reset password": + return self.reset_user_password( trans, **kwargs ) + if operation == "delete": + return self.mark_user_deleted( trans, **kwargs ) + if operation == "undelete": + return self.undelete_user( trans, **kwargs ) + if operation == "purge": + return self.purge_user( trans, **kwargs ) + if operation == "create": + return self.create_new_user( trans, **kwargs ) + if operation == "information": + return self.user_info( trans, **kwargs ) + if operation == "manage roles and groups": + return self.manage_roles_and_groups_for_user( trans, **kwargs ) + # Render the list view + return self.user_list_grid( trans, **kwargs ) + @web.expose + @web.require_admin + def user_info( self, trans, **kwd ): + ''' + This method displays the user information page which consists of login + information, public username, reset password & other user information + obtained during registration + ''' + webapp = kwd.get( 'webapp', 'galaxy' ) + user_id = kwd.get( 'id', None ) + if not user_id: + message += "Invalid user id (%s) received" % str( user_id ) + trans.response.send_redirect( web.url_for( controller='admin', + action='users', + webapp=webapp, + message=util.sanitize_text( message ), + status='error' ) ) + user = get_user( trans, user_id ) + return trans.response.send_redirect( web.url_for( controller='user', + action='show_info', + user_id=user.id, + admin_view=True, + **kwd ) ) + @web.expose + @web.require_admin + def name_autocomplete_data( self, trans, q=None, limit=None, timestamp=None ): + """Return autocomplete data for user emails""" + ac_data = "" + for user in trans.sa_session.query( User ).filter_by( deleted=False ).filter( func.lower( User.email ).like( q.lower() + "%" ) ): + ac_data = ac_data + user.email + "\n" + return ac_data + @web.expose + @web.require_admin + def manage_roles_and_groups_for_user( self, trans, **kwd ): + webapp = kwd.get( 'webapp', 'galaxy' ) + user_id = kwd.get( 'id', None ) + message = '' + status = '' + if not user_id: + message += "Invalid user id (%s) received" % str( user_id ) + trans.response.send_redirect( web.url_for( controller='admin', + action='users', + webapp=webapp, + message=util.sanitize_text( message ), + status='error' ) ) + user = get_user( trans, user_id ) + private_role = trans.app.security_agent.get_private_user_role( user ) + if kwd.get( 'user_roles_groups_edit_button', False ): + # Make sure the user is not dis-associating himself from his private role + out_roles = kwd.get( 'out_roles', [] ) + if out_roles: + out_roles = [ trans.sa_session.query( trans.app.model.Role ).get( x ) for x in util.listify( out_roles ) ] + if private_role in out_roles: + message += "You cannot eliminate a user's private role association. " + status = 'error' + in_roles = kwd.get( 'in_roles', [] ) + if in_roles: + in_roles = [ trans.sa_session.query( trans.app.model.Role ).get( x ) for x in util.listify( in_roles ) ] + out_groups = kwd.get( 'out_groups', [] ) + if out_groups: + out_groups = [ trans.sa_session.query( trans.app.model.Group ).get( x ) for x in util.listify( out_groups ) ] + in_groups = kwd.get( 'in_groups', [] ) + if in_groups: + in_groups = [ trans.sa_session.query( trans.app.model.Group ).get( x ) for x in util.listify( in_groups ) ] + if in_roles: + trans.app.security_agent.set_entity_user_associations( users=[ user ], roles=in_roles, groups=in_groups ) + trans.sa_session.refresh( user ) + message += "User '%s' has been updated with %d associated roles and %d associated groups (private roles are not displayed)" % \ + ( user.email, len( in_roles ), len( in_groups ) ) + trans.response.send_redirect( web.url_for( controller='admin', + action='users', + webapp=webapp, + message=util.sanitize_text( message ), + status='done' ) ) + in_roles = [] + out_roles = [] + in_groups = [] + out_groups = [] + for role in trans.sa_session.query( trans.app.model.Role ).filter( trans.app.model.Role.table.c.deleted==False ) \ + .order_by( trans.app.model.Role.table.c.name ): + if role in [ x.role for x in user.roles ]: + in_roles.append( ( role.id, role.name ) ) + elif role.type != trans.app.model.Role.types.PRIVATE: + # There is a 1 to 1 mapping between a user and a PRIVATE role, so private roles should + # not be listed in the roles form fields, except for the currently selected user's private + # role, which should always be in in_roles. The check above is added as an additional + # precaution, since for a period of time we were including private roles in the form fields. + out_roles.append( ( role.id, role.name ) ) + for group in trans.sa_session.query( trans.app.model.Group ).filter( trans.app.model.Group.table.c.deleted==False ) \ + .order_by( trans.app.model.Group.table.c.name ): + if group in [ x.group for x in user.groups ]: + in_groups.append( ( group.id, group.name ) ) + else: + out_groups.append( ( group.id, group.name ) ) + message += "User '%s' is currently associated with %d roles and is a member of %d groups" % \ + ( user.email, len( in_roles ), len( in_groups ) ) + if not status: + status = 'done' + return trans.fill_template( '/admin/user/user.mako', + user=user, + in_roles=in_roles, + out_roles=out_roles, + in_groups=in_groups, + out_groups=out_groups, + webapp=webapp, + message=message, + status=status ) + @web.expose + @web.require_admin + def memdump( self, trans, ids = 'None', sorts = 'None', pages = 'None', new_id = None, new_sort = None, **kwd ): + if self.app.memdump is None: + return trans.show_error_message( "Memdump is not enabled (set <code>use_memdump = True</code> in universe_wsgi.ini)" ) + heap = self.app.memdump.get() + p = util.Params( kwd ) + msg = None + if p.dump: + heap = self.app.memdump.get( update = True ) + msg = "Heap dump complete" + elif p.setref: + self.app.memdump.setref() + msg = "Reference point set (dump to see delta from this point)" + ids = ids.split( ',' ) + sorts = sorts.split( ',' ) + if new_id is not None: + ids.append( new_id ) + sorts.append( 'None' ) + elif new_sort is not None: + sorts[-1] = new_sort + breadcrumb = "<a href='%s' class='breadcrumb'>heap</a>" % web.url_for() + # new lists so we can assemble breadcrumb links + new_ids = [] + new_sorts = [] + for id, sort in zip( ids, sorts ): + new_ids.append( id ) + if id != 'None': + breadcrumb += "<a href='%s' class='breadcrumb'>[%s]</a>" % ( web.url_for( ids=','.join( new_ids ), sorts=','.join( new_sorts ) ), id ) + heap = heap[int(id)] + new_sorts.append( sort ) + if sort != 'None': + breadcrumb += "<a href='%s' class='breadcrumb'>.by('%s')</a>" % ( web.url_for( ids=','.join( new_ids ), sorts=','.join( new_sorts ) ), sort ) + heap = heap.by( sort ) + ids = ','.join( new_ids ) + sorts = ','.join( new_sorts ) + if p.theone: + breadcrumb += ".theone" + heap = heap.theone + return trans.fill_template( '/admin/memdump.mako', heap = heap, ids = ids, sorts = sorts, breadcrumb = breadcrumb, msg = msg ) + + @web.expose + @web.require_admin + def jobs( self, trans, stop = [], stop_msg = None, cutoff = 180, **kwd ): + deleted = [] + msg = None + status = None + job_ids = util.listify( stop ) + if job_ids and stop_msg in [ None, '' ]: + msg = 'Please enter an error message to display to the user describing why the job was terminated' + status = 'error' + elif job_ids: + if stop_msg[-1] not in string.punctuation: + stop_msg += '.' + for job_id in job_ids: + trans.app.job_manager.job_stop_queue.put( job_id, error_msg="This job was stopped by an administrator: %s For more information or help" % stop_msg ) + deleted.append( str( job_id ) ) + if deleted: + msg = 'Queued job' + if len( deleted ) > 1: + msg += 's' + msg += ' for deletion: ' + msg += ', '.join( deleted ) + status = 'done' + cutoff_time = datetime.utcnow() - timedelta( seconds=int( cutoff ) ) + jobs = trans.sa_session.query( trans.app.model.Job ) \ + .filter( and_( trans.app.model.Job.table.c.update_time < cutoff_time, + or_( trans.app.model.Job.state == trans.app.model.Job.states.NEW, + trans.app.model.Job.state == trans.app.model.Job.states.QUEUED, + trans.app.model.Job.state == trans.app.model.Job.states.RUNNING, + trans.app.model.Job.state == trans.app.model.Job.states.UPLOAD ) ) ) \ + .order_by( trans.app.model.Job.table.c.update_time.desc() ) + last_updated = {} + for job in jobs: + delta = datetime.utcnow() - job.update_time + if delta > timedelta( minutes=60 ): + last_updated[job.id] = '%s hours' % int( delta.seconds / 60 / 60 ) + else: + last_updated[job.id] = '%s minutes' % int( delta.seconds / 60 ) + return trans.fill_template( '/admin/jobs.mako', + jobs = jobs, + last_updated = last_updated, + cutoff = cutoff, + msg = msg, + status = status ) + +## ---- Utility methods ------------------------------------------------------- + +def get_user( trans, id ): + """Get a User from the database by id.""" + # Load user from database + id = trans.security.decode_id( id ) + user = trans.sa_session.query( trans.model.User ).get( id ) + if not user: + return trans.show_error_message( "User not found for id (%s)" % str( id ) ) + return user +def get_role( trans, id ): + """Get a Role from the database by id.""" + # Load user from database + id = trans.security.decode_id( id ) + role = trans.sa_session.query( trans.model.Role ).get( id ) + if not role: + return trans.show_error_message( "Role not found for id (%s)" % str( id ) ) + return role +def get_group( trans, id ): + """Get a Group from the database by id.""" + # Load user from database + id = trans.security.decode_id( id ) + group = trans.sa_session.query( trans.model.Group ).get( id ) + if not group: + return trans.show_error_message( "Group not found for id (%s)" % str( id ) ) + return group diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/web/controllers/admin.py --- a/lib/galaxy/web/controllers/admin.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/web/controllers/admin.py Wed Apr 21 11:35:21 2010 -0400 @@ -1,16 +1,10 @@ -import string, sys -from datetime import datetime, timedelta -from galaxy import util, datatypes from galaxy.web.base.controller import * -from galaxy.util.odict import odict +from galaxy import model from galaxy.model.orm import * from galaxy.web.framework.helpers import time_ago, iff, grids import logging log = logging.getLogger( __name__ ) -# States for passing messages -SUCCESS, INFO, WARNING, ERROR = "done", "info", "warning", "error" - class UserListGrid( grids.Grid ): class EmailColumn( grids.TextColumn ): def get_value( self, trans, grid, user ): @@ -49,6 +43,7 @@ return 'never' # Grid definition + webapp = "galaxy" title = "Users" model_class = model.User template='/admin/user/grid.mako' @@ -57,7 +52,7 @@ EmailColumn( "Email", key="email", model_class=model.User, - link=( lambda item: dict( operation="information", id=item.id ) ), + link=( lambda item: dict( operation="information", id=item.id, webapp="galaxy" ) ), attach_popup=True, filterable="advanced" ), UserNameColumn( "User Name", @@ -79,11 +74,18 @@ visible=False, filterable="standard" ) ) global_actions = [ - grids.GridAction( "Create new user", dict( controller='admin', action='users', operation='create' ) ) + grids.GridAction( "Create new user", dict( controller='admin', action='users', operation='create', webapp="galaxy" ) ) ] operations = [ - grids.GridOperation( "Manage Roles and Groups", condition=( lambda item: not item.deleted ), allow_multiple=False ), - grids.GridOperation( "Reset Password", condition=( lambda item: not item.deleted ), allow_multiple=True, allow_popup=False ) + grids.GridOperation( "Manage Roles and Groups", + condition=( lambda item: not item.deleted ), + allow_multiple=False, + url_args=dict( webapp="galaxy", action="manage_roles_and_groups_for_user" ) ), + grids.GridOperation( "Reset Password", + condition=( lambda item: not item.deleted ), + allow_multiple=True, + allow_popup=False, + url_args=dict( webapp="galaxy", action="reset_user_password" ) ) ] #TODO: enhance to account for trans.app.config.allow_user_deletion here so that we can eliminate these operations if # the setting is False @@ -96,7 +98,6 @@ grids.GridColumnFilter( "Purged", args=dict( purged=True ) ), grids.GridColumnFilter( "All", args=dict( deleted='All' ) ) ] - default_filter = dict( email="All", username="All", deleted="False", purged="False" ) num_rows_per_page = 50 preserve_state = False use_paging = True @@ -134,6 +135,7 @@ return 0 # Grid definition + webapp = "galaxy" title = "Roles" model_class = model.Role template='/admin/dataset_security/role/grid.mako' @@ -141,7 +143,7 @@ columns = [ NameColumn( "Name", key="name", - link=( lambda item: dict( operation="Manage users and groups", id=item.id ) ), + link=( lambda item: dict( operation="Manage users and groups", id=item.id, webapp="galaxy" ) ), model_class=model.Role, attach_popup=True, filterable="advanced" ), @@ -169,16 +171,27 @@ global_actions = [ grids.GridAction( "Add new role", dict( controller='admin', action='roles', operation='create' ) ) ] - operations = [ grids.GridOperation( "Rename", condition=( lambda item: not item.deleted ), allow_multiple=False ), - grids.GridOperation( "Delete", condition=( lambda item: not item.deleted ), allow_multiple=True ), - grids.GridOperation( "Undelete", condition=( lambda item: item.deleted ), allow_multiple=True ), - grids.GridOperation( "Purge", condition=( lambda item: item.deleted ), allow_multiple=True ) ] + operations = [ grids.GridOperation( "Rename", + condition=( lambda item: not item.deleted ), + allow_multiple=False, + url_args=dict( webapp="galaxy", action="rename_role" ) ), + grids.GridOperation( "Delete", + condition=( lambda item: not item.deleted ), + allow_multiple=True, + url_args=dict( webapp="galaxy", action="mark_role_deleted" ) ), + grids.GridOperation( "Undelete", + condition=( lambda item: item.deleted ), + allow_multiple=True, + url_args=dict( webapp="galaxy", action="undelete_role" ) ), + grids.GridOperation( "Purge", + condition=( lambda item: item.deleted ), + allow_multiple=True, + url_args=dict( webapp="galaxy", action="purge_role" ) ) ] standard_filters = [ grids.GridColumnFilter( "Active", args=dict( deleted=False ) ), grids.GridColumnFilter( "Deleted", args=dict( deleted=True ) ), grids.GridColumnFilter( "All", args=dict( deleted='All' ) ) ] - default_filter = dict( name="All", deleted="False", description="All", type="All" ) num_rows_per_page = 50 preserve_state = False use_paging = True @@ -210,6 +223,7 @@ return 0 # Grid definition + webapp = "galaxy" title = "Groups" model_class = model.Group template='/admin/dataset_security/group/grid.mako' @@ -217,7 +231,7 @@ columns = [ NameColumn( "Name", key="name", - link=( lambda item: dict( operation="Manage users and roles", id=item.id ) ), + link=( lambda item: dict( operation="Manage users and roles", id=item.id, webapp="galaxy" ) ), model_class=model.Group, attach_popup=True, filterable="advanced" ), @@ -233,18 +247,29 @@ visible=False, filterable="standard" ) ) global_actions = [ - grids.GridAction( "Add new group", dict( controller='admin', action='groups', operation='create' ) ) + grids.GridAction( "Add new group", dict( controller='admin', action='groups', operation='create', webapp="galaxy" ) ) ] - operations = [ grids.GridOperation( "Rename", condition=( lambda item: not item.deleted ), allow_multiple=False ), - grids.GridOperation( "Delete", condition=( lambda item: not item.deleted ), allow_multiple=True ), - grids.GridOperation( "Undelete", condition=( lambda item: item.deleted ), allow_multiple=True ), - grids.GridOperation( "Purge", condition=( lambda item: item.deleted ), allow_multiple=True ) ] + operations = [ grids.GridOperation( "Rename", + condition=( lambda item: not item.deleted ), + allow_multiple=False, + url_args=dict( webapp="galaxy", action="rename_group" ) ), + grids.GridOperation( "Delete", + condition=( lambda item: not item.deleted ), + allow_multiple=True, + url_args=dict( webapp="galaxy", action="mark_group_deleted" ) ), + grids.GridOperation( "Undelete", + condition=( lambda item: item.deleted ), + allow_multiple=True, + url_args=dict( webapp="galaxy", action="undelete_group" ) ), + grids.GridOperation( "Purge", + condition=( lambda item: item.deleted ), + allow_multiple=True, + url_args=dict( webapp="galaxy", action="purge_group" ) ) ] standard_filters = [ grids.GridColumnFilter( "Active", args=dict( deleted=False ) ), grids.GridColumnFilter( "Deleted", args=dict( deleted=True ) ), grids.GridColumnFilter( "All", args=dict( deleted='All' ) ) ] - default_filter = dict( name="All", deleted="False" ) num_rows_per_page = 50 preserve_state = False use_paging = True @@ -253,831 +278,8 @@ def build_initial_query( self, session ): return session.query( self.model_class ) -class Admin( BaseController ): +class AdminGalaxy( BaseController, Admin ): user_list_grid = UserListGrid() role_list_grid = RoleListGrid() group_list_grid = GroupListGrid() - - @web.expose - @web.require_admin - def index( self, trans, **kwd ): - params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) - status = params.get( 'status', 'done' ) - return trans.fill_template( '/admin/index.mako', message=message, status=status ) - @web.expose - @web.require_admin - def center( self, trans, **kwd ): - return trans.fill_template( '/admin/center.mako' ) - @web.expose - @web.require_admin - def reload_tool( self, trans, **kwd ): - params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) - status = params.get( 'status', 'done' ) - return trans.fill_template( '/admin/reload_tool.mako', toolbox=self.app.toolbox, message=message, status=status ) - @web.expose - @web.require_admin - def tool_reload( self, trans, tool_version=None, **kwd ): - params = util.Params( kwd ) - tool_id = params.tool_id - self.app.toolbox.reload( tool_id ) - message = 'Reloaded tool: ' + tool_id - return trans.fill_template( '/admin/reload_tool.mako', toolbox=self.app.toolbox, message=message, status='done' ) - - # Galaxy Role Stuff - @web.expose - @web.require_admin - def roles( self, trans, **kwargs ): - if 'operation' in kwargs: - operation = kwargs['operation'].lower() - if operation == "roles": - return self.role( trans, **kwargs ) - if operation == "create": - return self.create_role( trans, **kwargs ) - if operation == "delete": - return self.mark_role_deleted( trans, **kwargs ) - if operation == "undelete": - return self.undelete_role( trans, **kwargs ) - if operation == "purge": - return self.purge_role( trans, **kwargs ) - if operation == "manage users and groups": - return self.manage_users_and_groups_for_role( trans, **kwargs ) - if operation == "rename": - return self.rename_role( trans, **kwargs ) - # Render the list view - return self.role_list_grid( trans, **kwargs ) - @web.expose - @web.require_admin - def create_role( self, trans, **kwd ): - params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) - status = params.get( 'status', 'done' ) - if params.get( 'create_role_button', False ): - name = util.restore_text( params.name ) - description = util.restore_text( params.description ) - in_users = util.listify( params.get( 'in_users', [] ) ) - in_groups = util.listify( params.get( 'in_groups', [] ) ) - create_group_for_role = params.get( 'create_group_for_role', 'no' ) - if not name or not description: - message = "Enter a valid name and a description" - elif trans.sa_session.query( trans.app.model.Role ).filter( trans.app.model.Role.table.c.name==name ).first(): - message = "A role with that name already exists" - else: - # Create the role - role = trans.app.model.Role( name=name, description=description, type=trans.app.model.Role.types.ADMIN ) - trans.sa_session.add( role ) - # Create the UserRoleAssociations - for user in [ trans.sa_session.query( trans.app.model.User ).get( x ) for x in in_users ]: - ura = trans.app.model.UserRoleAssociation( user, role ) - trans.sa_session.add( ura ) - # Create the GroupRoleAssociations - for group in [ trans.sa_session.query( trans.app.model.Group ).get( x ) for x in in_groups ]: - gra = trans.app.model.GroupRoleAssociation( group, role ) - trans.sa_session.add( gra ) - if create_group_for_role == 'yes': - # Create the group - group = trans.app.model.Group( name=name ) - trans.sa_session.add( group ) - message = "Group '%s' has been created, and role '%s' has been created with %d associated users and %d associated groups" % \ - ( group.name, role.name, len( in_users ), len( in_groups ) ) - else: - message = "Role '%s' has been created with %d associated users and %d associated groups" % ( role.name, len( in_users ), len( in_groups ) ) - trans.sa_session.flush() - trans.response.send_redirect( web.url_for( controller='admin', action='roles', message=util.sanitize_text( message ), status='done' ) ) - trans.response.send_redirect( web.url_for( controller='admin', action='create_role', message=util.sanitize_text( message ), status='error' ) ) - out_users = [] - for user in trans.sa_session.query( trans.app.model.User ) \ - .filter( trans.app.model.User.table.c.deleted==False ) \ - .order_by( trans.app.model.User.table.c.email ): - out_users.append( ( user.id, user.email ) ) - out_groups = [] - for group in trans.sa_session.query( trans.app.model.Group ) \ - .filter( trans.app.model.Group.table.c.deleted==False ) \ - .order_by( trans.app.model.Group.table.c.name ): - out_groups.append( ( group.id, group.name ) ) - return trans.fill_template( '/admin/dataset_security/role/role_create.mako', - in_users=[], - out_users=out_users, - in_groups=[], - out_groups=out_groups, - message=message, - status=status ) - @web.expose - @web.require_admin - def rename_role( self, trans, **kwd ): - params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) - status = params.get( 'status', 'done' ) - role = get_role( trans, params.id ) - if params.get( 'rename_role_button', False ): - old_name = role.name - new_name = util.restore_text( params.name ) - new_description = util.restore_text( params.description ) - if not new_name: - message = 'Enter a valid name' - return trans.fill_template( '/admin/dataset_security/role/role_rename.mako', role=role, message=message, status='error' ) - elif trans.sa_session.query( trans.app.model.Role ).filter( trans.app.model.Role.table.c.name==new_name ).first(): - message = 'A role with that name already exists' - return trans.fill_template( '/admin/dataset_security/role/role_rename.mako', role=role, message=message, status='error' ) - else: - role.name = new_name - role.description = new_description - trans.sa_session.add( role ) - trans.sa_session.flush() - message = "Role '%s' has been renamed to '%s'" % ( old_name, new_name ) - return trans.response.send_redirect( web.url_for( action='roles', message=util.sanitize_text( message ), status='done' ) ) - return trans.fill_template( '/admin/dataset_security/role/role_rename.mako', role=role, message=message, status=status ) - @web.expose - @web.require_admin - def manage_users_and_groups_for_role( self, trans, **kwd ): - params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) - status = params.get( 'status', 'done' ) - role = get_role( trans, params.id ) - if params.get( 'role_members_edit_button', False ): - in_users = [ trans.sa_session.query( trans.app.model.User ).get( x ) for x in util.listify( params.in_users ) ] - for ura in role.users: - user = trans.sa_session.query( trans.app.model.User ).get( ura.user_id ) - if user not in in_users: - # Delete DefaultUserPermissions for previously associated users that have been removed from the role - for dup in user.default_permissions: - if role == dup.role: - trans.sa_session.delete( dup ) - # Delete DefaultHistoryPermissions for previously associated users that have been removed from the role - for history in user.histories: - for dhp in history.default_permissions: - if role == dhp.role: - trans.sa_session.delete( dhp ) - trans.sa_session.flush() - in_groups = [ trans.sa_session.query( trans.app.model.Group ).get( x ) for x in util.listify( params.in_groups ) ] - trans.app.security_agent.set_entity_role_associations( roles=[ role ], users=in_users, groups=in_groups ) - trans.sa_session.refresh( role ) - message = "Role '%s' has been updated with %d associated users and %d associated groups" % ( role.name, len( in_users ), len( in_groups ) ) - trans.response.send_redirect( web.url_for( action='roles', message=util.sanitize_text( message ), status=status ) ) - in_users = [] - out_users = [] - in_groups = [] - out_groups = [] - for user in trans.sa_session.query( trans.app.model.User ) \ - .filter( trans.app.model.User.table.c.deleted==False ) \ - .order_by( trans.app.model.User.table.c.email ): - if user in [ x.user for x in role.users ]: - in_users.append( ( user.id, user.email ) ) - else: - out_users.append( ( user.id, user.email ) ) - for group in trans.sa_session.query( trans.app.model.Group ) \ - .filter( trans.app.model.Group.table.c.deleted==False ) \ - .order_by( trans.app.model.Group.table.c.name ): - if group in [ x.group for x in role.groups ]: - in_groups.append( ( group.id, group.name ) ) - else: - out_groups.append( ( group.id, group.name ) ) - # Build a list of tuples that are LibraryDatasetDatasetAssociationss followed by a list of actions - # whose DatasetPermissions is associated with the Role - # [ ( LibraryDatasetDatasetAssociation [ action, action ] ) ] - library_dataset_actions = {} - for dp in role.dataset_actions: - for ldda in trans.sa_session.query( trans.app.model.LibraryDatasetDatasetAssociation ) \ - .filter( trans.app.model.LibraryDatasetDatasetAssociation.dataset_id==dp.dataset_id ): - root_found = False - folder_path = '' - folder = ldda.library_dataset.folder - while not root_found: - folder_path = '%s / %s' % ( folder.name, folder_path ) - if not folder.parent: - root_found = True - else: - folder = folder.parent - folder_path = '%s %s' % ( folder_path, ldda.name ) - library = trans.sa_session.query( trans.app.model.Library ) \ - .filter( trans.app.model.Library.table.c.root_folder_id == folder.id ) \ - .first() - if library not in library_dataset_actions: - library_dataset_actions[ library ] = {} - try: - library_dataset_actions[ library ][ folder_path ].append( dp.action ) - except: - library_dataset_actions[ library ][ folder_path ] = [ dp.action ] - return trans.fill_template( '/admin/dataset_security/role/role.mako', - role=role, - in_users=in_users, - out_users=out_users, - in_groups=in_groups, - out_groups=out_groups, - library_dataset_actions=library_dataset_actions, - message=message, - status=status ) - @web.expose - @web.require_admin - def mark_role_deleted( self, trans, **kwd ): - params = util.Params( kwd ) - role = get_role( trans, params.id ) - role.deleted = True - trans.sa_session.add( role ) - trans.sa_session.flush() - message = "Role '%s' has been marked as deleted." % role.name - trans.response.send_redirect( web.url_for( action='roles', message=util.sanitize_text( message ), status='done' ) ) - @web.expose - @web.require_admin - def undelete_role( self, trans, **kwd ): - params = util.Params( kwd ) - role = get_role( trans, params.id ) - role.deleted = False - trans.sa_session.add( role ) - trans.sa_session.flush() - message = "Role '%s' has been marked as not deleted." % role.name - trans.response.send_redirect( web.url_for( action='roles', message=util.sanitize_text( message ), status='done' ) ) - @web.expose - @web.require_admin - def purge_role( self, trans, **kwd ): - # This method should only be called for a Role that has previously been deleted. - # Purging a deleted Role deletes all of the following from the database: - # - UserRoleAssociations where role_id == Role.id - # - DefaultUserPermissions where role_id == Role.id - # - DefaultHistoryPermissions where role_id == Role.id - # - GroupRoleAssociations where role_id == Role.id - # - DatasetPermissionss where role_id == Role.id - params = util.Params( kwd ) - role = get_role( trans, params.id ) - if not role.deleted: - message = "Role '%s' has not been deleted, so it cannot be purged." % role.name - trans.response.send_redirect( web.url_for( action='roles', message=util.sanitize_text( message ), status='error' ) ) - # Delete UserRoleAssociations - for ura in role.users: - user = trans.sa_session.query( trans.app.model.User ).get( ura.user_id ) - # Delete DefaultUserPermissions for associated users - for dup in user.default_permissions: - if role == dup.role: - trans.sa_session.delete( dup ) - # Delete DefaultHistoryPermissions for associated users - for history in user.histories: - for dhp in history.default_permissions: - if role == dhp.role: - trans.sa_session.delete( dhp ) - trans.sa_session.delete( ura ) - # Delete GroupRoleAssociations - for gra in role.groups: - trans.sa_session.delete( gra ) - # Delete DatasetPermissionss - for dp in role.dataset_actions: - trans.sa_session.delete( dp ) - trans.sa_session.flush() - message = "The following have been purged from the database for role '%s': " % role.name - message += "DefaultUserPermissions, DefaultHistoryPermissions, UserRoleAssociations, GroupRoleAssociations, DatasetPermissionss." - trans.response.send_redirect( web.url_for( action='roles', message=util.sanitize_text( message ), status='done' ) ) - - # Galaxy Group Stuff - @web.expose - @web.require_admin - def groups( self, trans, **kwargs ): - if 'operation' in kwargs: - operation = kwargs['operation'].lower() - if operation == "groups": - return self.group( trans, **kwargs ) - if operation == "create": - return self.create_group( trans, **kwargs ) - if operation == "delete": - return self.mark_group_deleted( trans, **kwargs ) - if operation == "undelete": - return self.undelete_group( trans, **kwargs ) - if operation == "purge": - return self.purge_group( trans, **kwargs ) - if operation == "manage users and roles": - return self.manage_users_and_roles_for_group( trans, **kwargs ) - if operation == "rename": - return self.rename_group( trans, **kwargs ) - # Render the list view - return self.group_list_grid( trans, **kwargs ) - @web.expose - @web.require_admin - def rename_group( self, trans, **kwd ): - params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) - status = params.get( 'status', 'done' ) - group = get_group( trans, params.id ) - if params.get( 'rename_group_button', False ): - old_name = group.name - new_name = util.restore_text( params.name ) - if not new_name: - message = 'Enter a valid name' - return trans.fill_template( '/admin/dataset_security/group/group_rename.mako', group=group, message=message, status='error' ) - elif trans.sa_session.query( trans.app.model.Group ).filter( trans.app.model.Group.table.c.name==new_name ).first(): - message = 'A group with that name already exists' - return trans.fill_template( '/admin/dataset_security/group/group_rename.mako', group=group, message=message, status='error' ) - else: - group.name = new_name - trans.sa_session.add( group ) - trans.sa_session.flush() - message = "Group '%s' has been renamed to '%s'" % ( old_name, new_name ) - return trans.response.send_redirect( web.url_for( action='groups', message=util.sanitize_text( message ), status='done' ) ) - return trans.fill_template( '/admin/dataset_security/group/group_rename.mako', group=group, message=message, status=status ) - @web.expose - @web.require_admin - def manage_users_and_roles_for_group( self, trans, **kwd ): - params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) - status = params.get( 'status', 'done' ) - group = get_group( trans, params.id ) - if params.get( 'group_roles_users_edit_button', False ): - in_roles = [ trans.sa_session.query( trans.app.model.Role ).get( x ) for x in util.listify( params.in_roles ) ] - in_users = [ trans.sa_session.query( trans.app.model.User ).get( x ) for x in util.listify( params.in_users ) ] - trans.app.security_agent.set_entity_group_associations( groups=[ group ], roles=in_roles, users=in_users ) - trans.sa_session.refresh( group ) - message += "Group '%s' has been updated with %d associated roles and %d associated users" % ( group.name, len( in_roles ), len( in_users ) ) - trans.response.send_redirect( web.url_for( action='groups', message=util.sanitize_text( message ), status=status ) ) - in_roles = [] - out_roles = [] - in_users = [] - out_users = [] - for role in trans.sa_session.query(trans.app.model.Role ) \ - .filter( trans.app.model.Role.table.c.deleted==False ) \ - .order_by( trans.app.model.Role.table.c.name ): - if role in [ x.role for x in group.roles ]: - in_roles.append( ( role.id, role.name ) ) - else: - out_roles.append( ( role.id, role.name ) ) - for user in trans.sa_session.query( trans.app.model.User ) \ - .filter( trans.app.model.User.table.c.deleted==False ) \ - .order_by( trans.app.model.User.table.c.email ): - if user in [ x.user for x in group.users ]: - in_users.append( ( user.id, user.email ) ) - else: - out_users.append( ( user.id, user.email ) ) - message += 'Group %s is currently associated with %d roles and %d users' % ( group.name, len( in_roles ), len( in_users ) ) - return trans.fill_template( '/admin/dataset_security/group/group.mako', - group=group, - in_roles=in_roles, - out_roles=out_roles, - in_users=in_users, - out_users=out_users, - message=message, - status=status ) - @web.expose - @web.require_admin - def create_group( self, trans, **kwd ): - params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) - status = params.get( 'status', 'done' ) - if params.get( 'create_group_button', False ): - name = util.restore_text( params.name ) - in_users = util.listify( params.get( 'in_users', [] ) ) - in_roles = util.listify( params.get( 'in_roles', [] ) ) - if not name: - message = "Enter a valid name" - elif trans.sa_session.query( trans.app.model.Group ).filter( trans.app.model.Group.table.c.name==name ).first(): - message = "A group with that name already exists" - else: - # Create the group - group = trans.app.model.Group( name=name ) - trans.sa_session.add( group ) - trans.sa_session.flush() - # Create the UserRoleAssociations - for user in [ trans.sa_session.query( trans.app.model.User ).get( x ) for x in in_users ]: - uga = trans.app.model.UserGroupAssociation( user, group ) - trans.sa_session.add( uga ) - trans.sa_session.flush() - # Create the GroupRoleAssociations - for role in [ trans.sa_session.query( trans.app.model.Role ).get( x ) for x in in_roles ]: - gra = trans.app.model.GroupRoleAssociation( group, role ) - trans.sa_session.add( gra ) - trans.sa_session.flush() - message = "Group '%s' has been created with %d associated users and %d associated roles" % ( name, len( in_users ), len( in_roles ) ) - trans.response.send_redirect( web.url_for( controller='admin', action='groups', message=util.sanitize_text( message ), status='done' ) ) - trans.response.send_redirect( web.url_for( controller='admin', action='create_group', message=util.sanitize_text( message ), status='error' ) ) - out_users = [] - for user in trans.sa_session.query( trans.app.model.User ) \ - .filter( trans.app.model.User.table.c.deleted==False ) \ - .order_by( trans.app.model.User.table.c.email ): - out_users.append( ( user.id, user.email ) ) - out_roles = [] - for role in trans.sa_session.query( trans.app.model.Role ) \ - .filter( trans.app.model.Role.table.c.deleted==False ) \ - .order_by( trans.app.model.Role.table.c.name ): - out_roles.append( ( role.id, role.name ) ) - return trans.fill_template( '/admin/dataset_security/group/group_create.mako', - in_users=[], - out_users=out_users, - in_roles=[], - out_roles=out_roles, - message=message, - status=status ) - @web.expose - @web.require_admin - def mark_group_deleted( self, trans, **kwd ): - params = util.Params( kwd ) - group = get_group( trans, params.id ) - group.deleted = True - trans.sa_session.add( group ) - trans.sa_session.flush() - message = "Group '%s' has been marked as deleted." % group.name - trans.response.send_redirect( web.url_for( action='groups', message=util.sanitize_text( message ), status='done' ) ) - @web.expose - @web.require_admin - def undelete_group( self, trans, **kwd ): - params = util.Params( kwd ) - group = get_group( trans, params.id ) - group.deleted = False - trans.sa_session.add( group ) - trans.sa_session.flush() - message = "Group '%s' has been marked as not deleted." % group.name - trans.response.send_redirect( web.url_for( action='groups', message=util.sanitize_text( message ), status='done' ) ) - @web.expose - @web.require_admin - def purge_group( self, trans, **kwd ): - # This method should only be called for a Group that has previously been deleted. - # Purging a deleted Group simply deletes all UserGroupAssociations and GroupRoleAssociations. - params = util.Params( kwd ) - group = get_group( trans, params.id ) - if not group.deleted: - # We should never reach here, but just in case there is a bug somewhere... - message = "Group '%s' has not been deleted, so it cannot be purged." % group.name - trans.response.send_redirect( web.url_for( action='groups', message=util.sanitize_text( message ), status='error' ) ) - # Delete UserGroupAssociations - for uga in group.users: - trans.sa_session.delete( uga ) - # Delete GroupRoleAssociations - for gra in group.roles: - trans.sa_session.delete( gra ) - trans.sa_session.flush() - message = "The following have been purged from the database for group '%s': UserGroupAssociations, GroupRoleAssociations." % group.name - trans.response.send_redirect( web.url_for( action='groups', message=util.sanitize_text( message ), status='done' ) ) - - # Galaxy User Stuff - @web.expose - @web.require_admin - def create_new_user( self, trans, **kwargs ): - return trans.response.send_redirect( web.url_for( controller='user', - action='create', - admin_view=True ) ) - @web.expose - @web.require_admin - def reset_user_password( self, trans, **kwd ): - id = kwd.get( 'id', None ) - if not id: - message = "No user ids received for resetting passwords" - trans.response.send_redirect( web.url_for( action='users', message=message, status='error' ) ) - ids = util.listify( id ) - if 'reset_user_password_button' in kwd: - message = '' - status = '' - for user_id in ids: - user = get_user( trans, user_id ) - password = kwd.get( 'password', None ) - confirm = kwd.get( 'confirm' , None ) - if len( password ) < 6: - message = "Please use a password of at least 6 characters" - status = 'error' - break - elif password != confirm: - message = "Passwords do not match" - status = 'error' - break - else: - user.set_password_cleartext( password ) - trans.sa_session.add( user ) - trans.sa_session.flush() - if not message and not status: - message = "Passwords reset for %d users" % len( ids ) - status = 'done' - trans.response.send_redirect( web.url_for( action='users', - message=util.sanitize_text( message ), - status=status ) ) - users = [ get_user( trans, user_id ) for user_id in ids ] - if len( ids ) > 1: - id=','.join( id ) - return trans.fill_template( '/admin/user/reset_password.mako', - id=id, - users=users, - password='', - confirm='' ) - @web.expose - @web.require_admin - def mark_user_deleted( self, trans, **kwd ): - id = kwd.get( 'id', None ) - if not id: - message = "No user ids received for deleting" - trans.response.send_redirect( web.url_for( action='users', message=message, status='error' ) ) - ids = util.listify( id ) - message = "Deleted %d users: " % len( ids ) - for user_id in ids: - user = get_user( trans, user_id ) - user.deleted = True - trans.sa_session.add( user ) - trans.sa_session.flush() - message += " %s " % user.email - trans.response.send_redirect( web.url_for( action='users', message=util.sanitize_text( message ), status='done' ) ) - @web.expose - @web.require_admin - def undelete_user( self, trans, **kwd ): - id = kwd.get( 'id', None ) - if not id: - message = "No user ids received for undeleting" - trans.response.send_redirect( web.url_for( action='users', message=message, status='error' ) ) - ids = util.listify( id ) - count = 0 - undeleted_users = "" - for user_id in ids: - user = get_user( trans, user_id ) - if user.deleted: - user.deleted = False - trans.sa_session.add( user ) - trans.sa_session.flush() - count += 1 - undeleted_users += " %s" % user.email - message = "Undeleted %d users: %s" % ( count, undeleted_users ) - trans.response.send_redirect( web.url_for( action='users', - message=util.sanitize_text( message ), - status='done' ) ) - @web.expose - @web.require_admin - def purge_user( self, trans, **kwd ): - # This method should only be called for a User that has previously been deleted. - # We keep the User in the database ( marked as purged ), and stuff associated - # with the user's private role in case we want the ability to unpurge the user - # some time in the future. - # Purging a deleted User deletes all of the following: - # - History where user_id = User.id - # - HistoryDatasetAssociation where history_id = History.id - # - Dataset where HistoryDatasetAssociation.dataset_id = Dataset.id - # - UserGroupAssociation where user_id == User.id - # - UserRoleAssociation where user_id == User.id EXCEPT FOR THE PRIVATE ROLE - # Purging Histories and Datasets must be handled via the cleanup_datasets.py script - id = kwd.get( 'id', None ) - if not id: - message = "No user ids received for purging" - trans.response.send_redirect( web.url_for( action='users', - message=util.sanitize_text( message ), - status='error' ) ) - ids = util.listify( id ) - message = "Purged %d users: " % len( ids ) - for user_id in ids: - user = get_user( trans, user_id ) - if not user.deleted: - # We should never reach here, but just in case there is a bug somewhere... - message = "User '%s' has not been deleted, so it cannot be purged." % user.email - trans.response.send_redirect( web.url_for( action='users', - message=util.sanitize_text( message ), - status='error' ) ) - private_role = trans.app.security_agent.get_private_user_role( user ) - # Delete History - for h in user.active_histories: - trans.sa_session.refresh( h ) - for hda in h.active_datasets: - # Delete HistoryDatasetAssociation - d = trans.sa_session.query( trans.app.model.Dataset ).get( hda.dataset_id ) - # Delete Dataset - if not d.deleted: - d.deleted = True - trans.sa_session.add( d ) - hda.deleted = True - trans.sa_session.add( hda ) - h.deleted = True - trans.sa_session.add( h ) - # Delete UserGroupAssociations - for uga in user.groups: - trans.sa_session.delete( uga ) - # Delete UserRoleAssociations EXCEPT FOR THE PRIVATE ROLE - for ura in user.roles: - if ura.role_id != private_role.id: - trans.sa_session.delete( ura ) - # Purge the user - user.purged = True - trans.sa_session.add( user ) - trans.sa_session.flush() - message += "%s " % user.email - trans.response.send_redirect( web.url_for( controller='admin', - action='users', - message=util.sanitize_text( message ), - status='done' ) ) - @web.expose - @web.require_admin - def users( self, trans, **kwargs ): - if 'operation' in kwargs: - operation = kwargs['operation'].lower() - if operation == "roles": - return self.user( trans, **kwargs ) - if operation == "reset password": - return self.reset_user_password( trans, **kwargs ) - if operation == "delete": - return self.mark_user_deleted( trans, **kwargs ) - if operation == "undelete": - return self.undelete_user( trans, **kwargs ) - if operation == "purge": - return self.purge_user( trans, **kwargs ) - if operation == "create": - return self.create_new_user( trans, **kwargs ) - if operation == "information": - return self.user_info( trans, **kwargs ) - if operation == "manage roles and groups": - return self.manage_roles_and_groups_for_user( trans, **kwargs ) - # Render the list view - return self.user_list_grid( trans, **kwargs ) - @web.expose - @web.require_admin - def user_info( self, trans, **kwd ): - ''' - This method displays the user information page which consists of login - information, public username, reset password & other user information - obtained during registration - ''' - user_id = kwd.get( 'id', None ) - if not user_id: - message += "Invalid user id (%s) received" % str( user_id ) - trans.response.send_redirect( web.url_for( controller='admin', - action='users', - message=util.sanitize_text( message ), - status='error' ) ) - user = get_user( trans, user_id ) - return trans.response.send_redirect( web.url_for( controller='user', - action='show_info', - user_id=user.id, - admin_view=True, - **kwd ) ) - @web.expose - @web.require_admin - def name_autocomplete_data( self, trans, q=None, limit=None, timestamp=None ): - """Return autocomplete data for user emails""" - ac_data = "" - for user in trans.sa_session.query( User ).filter_by( deleted=False ).filter( func.lower( User.email ).like( q.lower() + "%" ) ): - ac_data = ac_data + user.email + "\n" - return ac_data - @web.expose - @web.require_admin - def manage_roles_and_groups_for_user( self, trans, **kwd ): - user_id = kwd.get( 'id', None ) - message = '' - status = '' - if not user_id: - message += "Invalid user id (%s) received" % str( user_id ) - trans.response.send_redirect( web.url_for( controller='admin', - action='users', - message=util.sanitize_text( message ), - status='error' ) ) - user = get_user( trans, user_id ) - private_role = trans.app.security_agent.get_private_user_role( user ) - if kwd.get( 'user_roles_groups_edit_button', False ): - # Make sure the user is not dis-associating himself from his private role - out_roles = kwd.get( 'out_roles', [] ) - if out_roles: - out_roles = [ trans.sa_session.query( trans.app.model.Role ).get( x ) for x in util.listify( out_roles ) ] - if private_role in out_roles: - message += "You cannot eliminate a user's private role association. " - status = 'error' - in_roles = kwd.get( 'in_roles', [] ) - if in_roles: - in_roles = [ trans.sa_session.query( trans.app.model.Role ).get( x ) for x in util.listify( in_roles ) ] - out_groups = kwd.get( 'out_groups', [] ) - if out_groups: - out_groups = [ trans.sa_session.query( trans.app.model.Group ).get( x ) for x in util.listify( out_groups ) ] - in_groups = kwd.get( 'in_groups', [] ) - if in_groups: - in_groups = [ trans.sa_session.query( trans.app.model.Group ).get( x ) for x in util.listify( in_groups ) ] - if in_roles: - trans.app.security_agent.set_entity_user_associations( users=[ user ], roles=in_roles, groups=in_groups ) - trans.sa_session.refresh( user ) - message += "User '%s' has been updated with %d associated roles and %d associated groups (private roles are not displayed)" % \ - ( user.email, len( in_roles ), len( in_groups ) ) - trans.response.send_redirect( web.url_for( action='users', - message=util.sanitize_text( message ), - status='done' ) ) - in_roles = [] - out_roles = [] - in_groups = [] - out_groups = [] - for role in trans.sa_session.query( trans.app.model.Role ).filter( trans.app.model.Role.table.c.deleted==False ) \ - .order_by( trans.app.model.Role.table.c.name ): - if role in [ x.role for x in user.roles ]: - in_roles.append( ( role.id, role.name ) ) - elif role.type != trans.app.model.Role.types.PRIVATE: - # There is a 1 to 1 mapping between a user and a PRIVATE role, so private roles should - # not be listed in the roles form fields, except for the currently selected user's private - # role, which should always be in in_roles. The check above is added as an additional - # precaution, since for a period of time we were including private roles in the form fields. - out_roles.append( ( role.id, role.name ) ) - for group in trans.sa_session.query( trans.app.model.Group ).filter( trans.app.model.Group.table.c.deleted==False ) \ - .order_by( trans.app.model.Group.table.c.name ): - if group in [ x.group for x in user.groups ]: - in_groups.append( ( group.id, group.name ) ) - else: - out_groups.append( ( group.id, group.name ) ) - message += "User '%s' is currently associated with %d roles and is a member of %d groups" % \ - ( user.email, len( in_roles ), len( in_groups ) ) - if not status: - status = 'done' - return trans.fill_template( '/admin/user/user.mako', - user=user, - in_roles=in_roles, - out_roles=out_roles, - in_groups=in_groups, - out_groups=out_groups, - message=message, - status=status ) - @web.expose - @web.require_admin - def memdump( self, trans, ids = 'None', sorts = 'None', pages = 'None', new_id = None, new_sort = None, **kwd ): - if self.app.memdump is None: - return trans.show_error_message( "Memdump is not enabled (set <code>use_memdump = True</code> in universe_wsgi.ini)" ) - heap = self.app.memdump.get() - p = util.Params( kwd ) - msg = None - if p.dump: - heap = self.app.memdump.get( update = True ) - msg = "Heap dump complete" - elif p.setref: - self.app.memdump.setref() - msg = "Reference point set (dump to see delta from this point)" - ids = ids.split( ',' ) - sorts = sorts.split( ',' ) - if new_id is not None: - ids.append( new_id ) - sorts.append( 'None' ) - elif new_sort is not None: - sorts[-1] = new_sort - breadcrumb = "<a href='%s' class='breadcrumb'>heap</a>" % web.url_for() - # new lists so we can assemble breadcrumb links - new_ids = [] - new_sorts = [] - for id, sort in zip( ids, sorts ): - new_ids.append( id ) - if id != 'None': - breadcrumb += "<a href='%s' class='breadcrumb'>[%s]</a>" % ( web.url_for( ids=','.join( new_ids ), sorts=','.join( new_sorts ) ), id ) - heap = heap[int(id)] - new_sorts.append( sort ) - if sort != 'None': - breadcrumb += "<a href='%s' class='breadcrumb'>.by('%s')</a>" % ( web.url_for( ids=','.join( new_ids ), sorts=','.join( new_sorts ) ), sort ) - heap = heap.by( sort ) - ids = ','.join( new_ids ) - sorts = ','.join( new_sorts ) - if p.theone: - breadcrumb += ".theone" - heap = heap.theone - return trans.fill_template( '/admin/memdump.mako', heap = heap, ids = ids, sorts = sorts, breadcrumb = breadcrumb, msg = msg ) - - @web.expose - @web.require_admin - def jobs( self, trans, stop = [], stop_msg = None, cutoff = 180, **kwd ): - deleted = [] - msg = None - status = None - job_ids = util.listify( stop ) - if job_ids and stop_msg in [ None, '' ]: - msg = 'Please enter an error message to display to the user describing why the job was terminated' - status = 'error' - elif job_ids: - if stop_msg[-1] not in string.punctuation: - stop_msg += '.' - for job_id in job_ids: - trans.app.job_manager.job_stop_queue.put( job_id, error_msg="This job was stopped by an administrator: %s For more information or help" % stop_msg ) - deleted.append( str( job_id ) ) - if deleted: - msg = 'Queued job' - if len( deleted ) > 1: - msg += 's' - msg += ' for deletion: ' - msg += ', '.join( deleted ) - status = 'done' - cutoff_time = datetime.utcnow() - timedelta( seconds=int( cutoff ) ) - jobs = trans.sa_session.query( trans.app.model.Job ) \ - .filter( and_( trans.app.model.Job.table.c.update_time < cutoff_time, - or_( trans.app.model.Job.state == trans.app.model.Job.states.NEW, - trans.app.model.Job.state == trans.app.model.Job.states.QUEUED, - trans.app.model.Job.state == trans.app.model.Job.states.RUNNING, - trans.app.model.Job.state == trans.app.model.Job.states.UPLOAD ) ) ) \ - .order_by( trans.app.model.Job.table.c.update_time.desc() ) - last_updated = {} - for job in jobs: - delta = datetime.utcnow() - job.update_time - if delta > timedelta( minutes=60 ): - last_updated[job.id] = '%s hours' % int( delta.seconds / 60 / 60 ) - else: - last_updated[job.id] = '%s minutes' % int( delta.seconds / 60 ) - return trans.fill_template( '/admin/jobs.mako', jobs = jobs, last_updated = last_updated, cutoff = cutoff, msg = msg, status = status ) - -## ---- Utility methods ------------------------------------------------------- - -def get_user( trans, id ): - """Get a User from the database by id.""" - # Load user from database - id = trans.security.decode_id( id ) - user = trans.sa_session.query( model.User ).get( id ) - if not user: - return trans.show_error_message( "User not found for id (%s)" % str( id ) ) - return user -def get_role( trans, id ): - """Get a Role from the database by id.""" - # Load user from database - id = trans.security.decode_id( id ) - role = trans.sa_session.query( model.Role ).get( id ) - if not role: - return trans.show_error_message( "Role not found for id (%s)" % str( id ) ) - return role -def get_group( trans, id ): - """Get a Group from the database by id.""" - # Load user from database - id = trans.security.decode_id( id ) - group = trans.sa_session.query( model.Group ).get( id ) - if not group: - return trans.show_error_message( "Group not found for id (%s)" % str( id ) ) - return group diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/web/controllers/dataset.py --- a/lib/galaxy/web/controllers/dataset.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/web/controllers/dataset.py Wed Apr 21 11:35:21 2010 -0400 @@ -468,7 +468,7 @@ dataset = self.get_dataset( trans, slug, False, True ) if dataset: truncated, dataset_data = self.get_data( dataset, preview ) - dataset.annotation = self.get_item_annotation_str( trans.sa_session, dataset.history.user, dataset ) + dataset.annotation = self.get_item_annotation_str( trans, dataset.history.user, dataset ) return trans.fill_template_mako( "/dataset/display.mako", item=dataset, item_data=dataset_data, truncated=truncated ) else: raise web.httpexceptions.HTTPNotFound() @@ -482,7 +482,7 @@ raise web.httpexceptions.HTTPNotFound() truncated, dataset_data = self.get_data( dataset, preview=True ) # Get annotation. - dataset.annotation = self.get_item_annotation_str( trans.sa_session, trans.get_user(), dataset ) + dataset.annotation = self.get_item_annotation_str( trans, trans.user, dataset ) return trans.stream_template_mako( "/dataset/item_content.mako", item=dataset, item_data=dataset_data, truncated=truncated ) @web.expose @@ -502,7 +502,7 @@ dataset = self.get_dataset( trans, id, False, True ) if not dataset: web.httpexceptions.HTTPNotFound() - return self.get_item_annotation_str( trans.sa_session, trans.get_user(), dataset ) + return self.get_item_annotation_str( trans, trans.user, dataset ) @web.expose def display_at( self, trans, dataset_id, filename=None, **kwd ): diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/web/controllers/forms.py --- a/lib/galaxy/web/controllers/forms.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/web/controllers/forms.py Wed Apr 21 11:35:21 2010 -0400 @@ -1,7 +1,7 @@ from galaxy.web.base.controller import * from galaxy.model.orm import * from galaxy.datatypes import sniff -from galaxy import util +from galaxy import model, util import logging, os, sys from galaxy.web.form_builder import * from galaxy.tools.parameters.basic import parameter_types diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/web/controllers/history.py --- a/lib/galaxy/web/controllers/history.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/web/controllers/history.py Wed Apr 21 11:35:21 2010 -0400 @@ -1,6 +1,6 @@ from galaxy.web.base.controller import * from galaxy.web.framework.helpers import time_ago, iff, grids -from galaxy import util +from galaxy import model, util from galaxy.util.odict import odict from galaxy.model.mapping import desc from galaxy.model.orm import * @@ -490,9 +490,9 @@ # Get datasets. datasets = self.get_history_datasets( trans, history ) # Get annotations. - history.annotation = self.get_item_annotation_str( trans.sa_session, history.user, history ) + history.annotation = self.get_item_annotation_str( trans, history.user, history ) for dataset in datasets: - dataset.annotation = self.get_item_annotation_str( trans.sa_session, history.user, dataset ) + dataset.annotation = self.get_item_annotation_str( trans, history.user, dataset ) return trans.stream_template_mako( "/history/item_content.mako", item = history, item_data = datasets ) @web.expose @@ -613,9 +613,9 @@ # Get datasets. datasets = self.get_history_datasets( trans, history ) # Get annotations. - history.annotation = self.get_item_annotation_str( trans.sa_session, history.user, history ) + history.annotation = self.get_item_annotation_str( trans, history.user, history ) for dataset in datasets: - dataset.annotation = self.get_item_annotation_str( trans.sa_session, history.user, dataset ) + dataset.annotation = self.get_item_annotation_str( trans, history.user, dataset ) return trans.stream_template_mako( "history/display.mako", item = history, item_data = datasets ) diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/web/controllers/library_admin.py --- a/lib/galaxy/web/controllers/library_admin.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/web/controllers/library_admin.py Wed Apr 21 11:35:21 2010 -0400 @@ -1,5 +1,5 @@ import sys -from galaxy import util +from galaxy import model, util from galaxy.web.base.controller import * from galaxy.web.framework.helpers import time_ago, iff, grids from galaxy.model.orm import * diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/web/controllers/page.py --- a/lib/galaxy/web/controllers/page.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/web/controllers/page.py Wed Apr 21 11:35:21 2010 -0400 @@ -1,3 +1,4 @@ +from galaxy import model from galaxy.web.base.controller import * from galaxy.web.framework.helpers import time_ago, grids from galaxy.util.sanitize_html import sanitize_html, _BaseHTMLProcessor @@ -406,7 +407,7 @@ else: page_title = page.title page_slug = page.slug - page_annotation = self.get_item_annotation_str( trans.sa_session, trans.get_user(), page ) + page_annotation = self.get_item_annotation_str( trans, trans.user, page ) if not page_annotation: page_annotation = "" return trans.show_form( @@ -527,7 +528,7 @@ annotations = from_json_string( annotations ) for annotation_dict in annotations: item_id = trans.security.decode_id( annotation_dict[ 'item_id' ] ) - item_class = self.get_class( annotation_dict[ 'item_class' ] ) + item_class = self.get_class( trans, annotation_dict[ 'item_class' ] ) item = trans.sa_session.query( item_class ).filter_by( id=item_id ).first() if not item: raise RuntimeError( "cannot find annotated item" ) @@ -693,28 +694,28 @@ def _get_embed_html( self, trans, item_class, item_id ): """ Returns HTML for embedding an item in a page. """ - item_class = self.get_class( item_class ) + item_class = self.get_class( trans, item_class ) if item_class == model.History: history = self.get_history( trans, item_id, False, True ) - history.annotation = self.get_item_annotation_str( trans.sa_session, history.user, history ) + history.annotation = self.get_item_annotation_str( trans, history.user, history ) if history: datasets = self.get_history_datasets( trans, history ) return trans.fill_template( "history/embed.mako", item=history, item_data=datasets ) elif item_class == model.HistoryDatasetAssociation: dataset = self.get_dataset( trans, item_id, False, True ) - dataset.annotation = self.get_item_annotation_str( trans.sa_session, dataset.history.user, dataset ) + dataset.annotation = self.get_item_annotation_str( trans, dataset.history.user, dataset ) if dataset: data = self.get_data( dataset ) return trans.fill_template( "dataset/embed.mako", item=dataset, item_data=data ) elif item_class == model.StoredWorkflow: workflow = self.get_stored_workflow( trans, item_id, False, True ) - workflow.annotation = self.get_item_annotation_str( trans.sa_session, workflow.user, workflow ) + workflow.annotation = self.get_item_annotation_str( trans, workflow.user, workflow ) if workflow: self.get_stored_workflow_steps( trans, workflow ) return trans.fill_template( "workflow/embed.mako", item=workflow, item_data=workflow.latest_workflow.steps ) elif item_class == model.Visualization: visualization = self.get_visualization( trans, item_id, False, True ) - visualization.annotation = self.get_item_annotation_str( trans.sa_session, visualization.user, visualization ) + visualization.annotation = self.get_item_annotation_str( trans, visualization.user, visualization ) if visualization: return trans.fill_template( "visualization/embed.mako", item=visualization, item_data=None ) diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/web/controllers/requests.py --- a/lib/galaxy/web/controllers/requests.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/web/controllers/requests.py Wed Apr 21 11:35:21 2010 -0400 @@ -2,7 +2,7 @@ from galaxy.web.framework.helpers import time_ago, iff, grids from galaxy.model.orm import * from galaxy.datatypes import sniff -from galaxy import util +from galaxy import model, util from galaxy.util.streamball import StreamBall from galaxy.util.odict import odict import logging, tempfile, zipfile, tarfile, os, sys diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/web/controllers/requests_admin.py --- a/lib/galaxy/web/controllers/requests_admin.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/web/controllers/requests_admin.py Wed Apr 21 11:35:21 2010 -0400 @@ -2,7 +2,7 @@ from galaxy.web.framework.helpers import time_ago, iff, grids from galaxy.model.orm import * from galaxy.datatypes import sniff -from galaxy import util +from galaxy import model, util from galaxy.util.streamball import StreamBall import logging, tempfile, zipfile, tarfile, os, sys, subprocess from galaxy.web.form_builder import * diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/web/controllers/root.py --- a/lib/galaxy/web/controllers/root.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/web/controllers/root.py Wed Apr 21 11:35:21 2010 -0400 @@ -72,7 +72,7 @@ datasets = self.get_history_datasets( trans, history, show_deleted ) return trans.stream_template_mako( "root/history.mako", history = history, - annotation = self.get_item_annotation_str( trans.sa_session, trans.get_user(), history ), + annotation = self.get_item_annotation_str( trans, trans.user, history ), datasets = datasets, hda_id = hda_id, show_deleted = show_deleted ) @@ -368,7 +368,7 @@ status = 'done' return trans.fill_template( "/dataset/edit_attributes.mako", data=data, - data_annotation=self.get_item_annotation_str( trans.sa_session, trans.get_user(), data ), + data_annotation=self.get_item_annotation_str( trans, trans.user, data ), datatypes=ldatatypes, current_user_roles=current_user_roles, all_roles=all_roles, @@ -392,7 +392,7 @@ if data.parent_id is None and len( data.creating_job_associations ) > 0: # Mark associated job for deletion job = data.creating_job_associations[0].job - if job.state in [ model.Job.states.QUEUED, model.Job.states.RUNNING, model.Job.states.NEW ]: + if job.state in [ self.app.model.Job.states.QUEUED, self.app.model.Job.states.RUNNING, self.app.model.Job.states.NEW ]: # Are *all* of the job's other output datasets deleted? if job.check_if_output_datasets_deleted(): job.mark_deleted() diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/web/controllers/tag.py --- a/lib/galaxy/web/controllers/tag.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/web/controllers/tag.py Wed Apr 21 11:35:21 2010 -0400 @@ -72,7 +72,7 @@ if item_id is not None: item = self._get_item( trans, item_class, trans.security.decode_id( item_id ) ) user = trans.user - item_class = self.get_class( item_class ) + item_class = self.get_class( trans, item_class ) q = q.encode( 'utf-8' ) if q.find( ":" ) == -1: return self._get_tag_autocomplete_names( trans, q, limit, timestamp, user, item, item_class ) diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/web/controllers/tracks.py --- a/lib/galaxy/web/controllers/tracks.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/web/controllers/tracks.py Wed Apr 21 11:35:21 2010 -0400 @@ -16,6 +16,7 @@ import math, re, logging, glob log = logging.getLogger(__name__) +from galaxy import model from galaxy.util.json import to_json_string, from_json_string from galaxy.web.base.controller import * from galaxy.web.framework import simplejson diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/web/controllers/user.py --- a/lib/galaxy/web/controllers/user.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/web/controllers/user.py Wed Apr 21 11:35:21 2010 -0400 @@ -103,8 +103,9 @@ status='done', active_view="user" ) @web.expose - def create( self, trans, webapp='galaxy', redirect_url='', refresh_frames=[], **kwd ): + def create( self, trans, redirect_url='', refresh_frames=[], **kwd ): params = util.Params( kwd ) + webapp = params.get( 'webapp', 'galaxy' ) use_panels = util.string_as_bool( kwd.get( 'use_panels', True ) ) email = util.restore_text( params.get( 'email', '' ) ) # Do not sanitize passwords, so take from kwd @@ -165,7 +166,7 @@ action='users', message='Created new user account (%s)' % user.email, status='done' ) ) - else: + elif not admin_view: # Must be logging into the community space webapp trans.handle_user_login( user, webapp ) if not error: diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/web/controllers/visualization.py --- a/lib/galaxy/web/controllers/visualization.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/web/controllers/visualization.py Wed Apr 21 11:35:21 2010 -0400 @@ -1,3 +1,4 @@ +from galaxy import model from galaxy.web.base.controller import * from galaxy.web.framework.helpers import time_ago, grids, iff from galaxy.util.sanitize_html import sanitize_html @@ -366,7 +367,7 @@ if visualization.slug is None: self.create_item_slug( trans.sa_session, visualization ) visualization_slug = visualization.slug - visualization_annotation = self.get_item_annotation_str( trans.sa_session, trans.get_user(), visualization ) + visualization_annotation = self.get_item_annotation_str( trans, trans.user, visualization ) if not visualization_annotation: visualization_annotation = "" return trans.show_form( diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/web/controllers/workflow.py --- a/lib/galaxy/web/controllers/workflow.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/web/controllers/workflow.py Wed Apr 21 11:35:21 2010 -0400 @@ -14,6 +14,7 @@ from galaxy.util.sanitize_html import sanitize_html from galaxy.util.topsort import topsort, topsort_levels, CycleError from galaxy.workflow.modules import * +from galaxy import model from galaxy.model.mapping import desc from galaxy.model.orm import * @@ -176,9 +177,9 @@ # Get data for workflow's steps. self.get_stored_workflow_steps( trans, stored_workflow ) # Get annotations. - stored_workflow.annotation = self.get_item_annotation_str( trans.sa_session, stored_workflow.user, stored_workflow ) + stored_workflow.annotation = self.get_item_annotation_str( trans, stored_workflow.user, stored_workflow ) for step in stored_workflow.latest_workflow.steps: - step.annotation = self.get_item_annotation_str( trans.sa_session, stored_workflow.user, step ) + step.annotation = self.get_item_annotation_str( trans, stored_workflow.user, step ) return trans.fill_template_mako( "workflow/display.mako", item=stored_workflow, item_data=stored_workflow.latest_workflow.steps ) @web.expose @@ -192,9 +193,9 @@ # Get data for workflow's steps. self.get_stored_workflow_steps( trans, stored ) # Get annotations. - stored.annotation = self.get_item_annotation_str( trans.sa_session, stored.user, stored ) + stored.annotation = self.get_item_annotation_str( trans, stored.user, stored ) for step in stored.latest_workflow.steps: - step.annotation = self.get_item_annotation_str( trans.sa_session, stored.user, step ) + step.annotation = self.get_item_annotation_str( trans, stored.user, step ) return trans.stream_template_mako( "/workflow/item_content.mako", item = stored, item_data = stored.latest_workflow.steps ) @web.expose @@ -330,7 +331,7 @@ return trans.fill_template( 'workflow/edit_attributes.mako', stored=stored, - annotation=self.get_item_annotation_str( trans.sa_session, trans.get_user(), stored ) + annotation=self.get_item_annotation_str( trans, trans.user, stored ) ) @web.expose @@ -501,7 +502,7 @@ if not id: error( "Invalid workflow id" ) stored = self.get_stored_workflow( trans, id ) - return trans.fill_template( "workflow/editor.mako", stored=stored, annotation=self.get_item_annotation_str( trans.sa_session, trans.get_user(), stored ) ) + return trans.fill_template( "workflow/editor.mako", stored=stored, annotation=self.get_item_annotation_str( trans, trans.user, stored ) ) @web.json def editor_form_post( self, trans, type='tool', tool_id=None, annotation=None, **incoming ): @@ -580,7 +581,7 @@ # as a dictionary not just the values data['upgrade_messages'][step.order_index] = upgrade_message.values() # Get user annotation. - step_annotation = self.get_item_annotation_obj ( trans.sa_session, trans.get_user(), step ) + step_annotation = self.get_item_annotation_obj ( trans, trans.user, step ) annotation_str = "" if step_annotation: annotation_str = step_annotation.annotation diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/web/framework/helpers/grids.py --- a/lib/galaxy/web/framework/helpers/grids.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/web/framework/helpers/grids.py Wed Apr 21 11:35:21 2010 -0400 @@ -1,7 +1,5 @@ -from galaxy.model import * from galaxy.model.orm import * - -from galaxy.web.base import controller +from galaxy.web.base.controller import * from galaxy.web.framework.helpers import iff from galaxy.web import url_for from galaxy.util.json import from_json_string, to_json_string @@ -15,6 +13,7 @@ """ Specifies the content and format of a grid (data table). """ + webapp = None title = "" exposed = True model_class = None @@ -43,6 +42,7 @@ self.has_multiple_item_operations = True break def __call__( self, trans, **kwargs ): + webapp = kwargs.get( 'webapp', 'galaxy' ) status = kwargs.get( 'status', None ) message = kwargs.get( 'message', None ) session = trans.sa_session @@ -193,7 +193,8 @@ params = cur_filter_dict.copy() params['sort'] = sort_key params['async'] = ( 'async' in kwargs ) - trans.log_action( trans.get_user(), unicode( "grid.view"), context, params ) + params['webapp'] = webapp + trans.log_action( trans.get_user(), unicode( "grid.view" ), context, params ) # Render grid. def url( *args, **kwargs ): # Only include sort/filter arguments if not linking to another @@ -214,8 +215,8 @@ else: new_kwargs[ 'id' ] = trans.security.encode_id( id ) return url_for( **new_kwargs ) - use_panels = ( 'use_panels' in kwargs ) and ( kwargs['use_panels'] == True ) - async_request = ( ( self.use_async ) and ( 'async' in kwargs ) and ( kwargs['async'] in [ 'True', 'true'] ) ) + use_panels = ( 'use_panels' in kwargs ) and ( kwargs['use_panels'] in [ True, 'True', 'true' ] ) + async_request = ( ( self.use_async ) and ( 'async' in kwargs ) and ( kwargs['async'] in [ True, 'True', 'true'] ) ) return trans.fill_template( iff( async_request, self.async_template, self.template), grid=self, query=query, @@ -232,6 +233,7 @@ message_type = status, message = message, use_panels=use_panels, + webapp=self.webapp, # Pass back kwargs so that grid template can set and use args without # grid explicitly having to pass them. kwargs=kwargs ) @@ -333,7 +335,7 @@ model_class_key_field = getattr( self.model_class, self.key ) return func.lower( model_class_key_field ).like( "%" + a_filter.lower() + "%" ) -class OwnerAnnotationColumn( TextColumn, controller.UsesAnnotations ): +class OwnerAnnotationColumn( TextColumn, UsesAnnotations ): """ Column that displays and filters item owner's annotations. """ def __init__( self, col_name, key, model_class, model_annotation_association_class, filterable ): GridColumn.__init__( self, col_name, key=key, model_class=model_class, filterable=filterable ) @@ -341,7 +343,7 @@ self.model_annotation_association_class = model_annotation_association_class def get_value( self, trans, grid, item ): """ Returns item annotation. """ - annotation = self.get_item_annotation_str( trans.sa_session, item.user, item ) + annotation = self.get_item_annotation_str( trans, item.user, item ) return iff( annotation, annotation, "" ) def get_single_filter( self, user, a_filter ): """ Filter by annotation and annotation owner. """ @@ -515,7 +517,8 @@ return accepted_filters class GridOperation( object ): - def __init__( self, label, key=None, condition=None, allow_multiple=True, allow_popup=True, target=None, url_args=None, async_compatible=False, confirm=None ): + def __init__( self, label, key=None, condition=None, allow_multiple=True, allow_popup=True, + target=None, url_args=None, async_compatible=False, confirm=None ): self.label = label self.key = key self.allow_multiple = allow_multiple diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/webapps/community/base/controller.py --- a/lib/galaxy/webapps/community/base/controller.py Wed Apr 21 10:41:30 2010 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,24 +0,0 @@ -"""Contains functionality needed in every webapp interface""" -import os, time, logging -# Pieces of Galaxy to make global in every controller -from galaxy import config, tools, web, util -from galaxy.web import error, form, url_for -from galaxy.webapps.community import model -from galaxy.model.orm import * - -from Cheetah.Template import Template - -log = logging.getLogger( __name__ ) - -class BaseController( object ): - """Base class for Galaxy webapp application controllers.""" - def __init__( self, app ): - """Initialize an interface for application 'app'""" - self.app = app - def get_class( self, class_name ): - """ Returns the class object that a string denotes. Without this method, we'd have to do eval(<class_name>). """ - if class_name == 'Tool': - item_class = model.Tool - else: - item_class = None - return item_class \ No newline at end of file diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/webapps/community/buildapp.py --- a/lib/galaxy/webapps/community/buildapp.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/webapps/community/buildapp.py Wed Apr 21 11:35:21 2010 -0400 @@ -25,7 +25,8 @@ Search for controllers in the 'galaxy.webapps.controllers' module and add them to the webapp. """ - from galaxy.webapps.community.base.controller import BaseController + from galaxy.web.base.controller import BaseController + from galaxy.web.base.controller import ControllerUnavailable import galaxy.webapps.community.controllers controller_dir = galaxy.webapps.community.controllers.__path__[0] for fname in os.listdir( controller_dir ): @@ -40,12 +41,11 @@ T = getattr( module, key ) if isclass( T ) and T is not BaseController and issubclass( T, BaseController ): webapp.add_controller( name, T( app ) ) - from galaxy.web.base.controller import BaseController import galaxy.web.controllers controller_dir = galaxy.web.controllers.__path__[0] for fname in os.listdir( controller_dir ): # TODO: fix this if we decide to use, we don't need to inspect all controllers... - if fname.startswith( 'user' ) and fname.endswith( ".py" ): + if fname.startswith( 'user' ) and fname.endswith( ".py" ): name = fname[:-3] module_name = "galaxy.web.controllers." + name module = __import__( module_name ) diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/webapps/community/config.py --- a/lib/galaxy/webapps/community/config.py Wed Apr 21 10:41:30 2010 -0400 +++ b/lib/galaxy/webapps/community/config.py Wed Apr 21 11:35:21 2010 -0400 @@ -79,15 +79,12 @@ for path in self.root, self.file_path, self.template_path: if not os.path.isdir( path ): raise ConfigurationError("Directory does not exist: %s" % path ) - def is_admin_user( self,user ): + def is_admin_user( self, user ): """ Determine if the provided user is listed in `admin_users`. - - NOTE: This is temporary, admin users will likely be specified in the - database in the future. """ admin_users = self.get( "admin_users", "" ).split( "," ) - return ( user is not None and user.email in admin_users ) + return user is not None and user.email in admin_users def get_database_engine_options( kwargs ): """ diff -r 076f572d7c9d -r d6fddb034db7 lib/galaxy/webapps/community/controllers/admin.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/lib/galaxy/webapps/community/controllers/admin.py Wed Apr 21 11:35:21 2010 -0400 @@ -0,0 +1,285 @@ +from galaxy.web.base.controller import * +#from galaxy.web.controllers.admin import get_user, get_group, get_role +from galaxy.webapps.community import model +from galaxy.model.orm import * +from galaxy.web.framework.helpers import time_ago, iff, grids +import logging +log = logging.getLogger( __name__ ) + +class UserListGrid( grids.Grid ): + class EmailColumn( grids.TextColumn ): + def get_value( self, trans, grid, user ): + return user.email + class UserNameColumn( grids.TextColumn ): + def get_value( self, trans, grid, user ): + if user.username: + return user.username + return 'not set' + class StatusColumn( grids.GridColumn ): + def get_value( self, trans, grid, user ): + if user.purged: + return "purged" + elif user.deleted: + return "deleted" + return "" + class GroupsColumn( grids.GridColumn ): + def get_value( self, trans, grid, user ): + if user.groups: + return len( user.groups ) + return 0 + class RolesColumn( grids.GridColumn ): + def get_value( self, trans, grid, user ): + if user.roles: + return len( user.roles ) + return 0 + class ExternalColumn( grids.GridColumn ): + def get_value( self, trans, grid, user ): + if user.external: + return 'yes' + return 'no' + class LastLoginColumn( grids.GridColumn ): + def get_value( self, trans, grid, user ): + if user.galaxy_sessions: + return self.format( user.galaxy_sessions[ 0 ].update_time ) + return 'never' + + log.debug("####In UserListGrid, in community" ) + # Grid definition + webapp = "community" + title = "Users" + model_class = model.User + template='/admin/user/grid.mako' + default_sort_key = "email" + columns = [ + EmailColumn( "Email", + key="email", + model_class=model.User, + link=( lambda item: dict( operation="information", id=item.id, webapp="community" ) ), + attach_popup=True, + filterable="advanced" ), + UserNameColumn( "User Name", + key="username", + model_class=model.User, + attach_popup=False, + filterable="advanced" ), + GroupsColumn( "Groups", attach_popup=False ), + RolesColumn( "Roles", attach_popup=False ), + ExternalColumn( "External", attach_popup=False ), + LastLoginColumn( "Last Login", format=time_ago ), + StatusColumn( "Status", attach_popup=False ), + # Columns that are valid for filtering but are not visible. + grids.DeletedColumn( "Deleted", key="deleted", visible=False, filterable="advanced" ) + ] + columns.append( grids.MulticolFilterColumn( "Search", + cols_to_filter=[ columns[0], columns[1] ], + key="free-text-search", + visible=False, + filterable="standard" ) ) + global_actions = [ + grids.GridAction( "Create new user", + dict( controller='admin', action='users', operation='create', webapp="community" ) ) + ] + operations = [ + grids.GridOperation( "Manage Roles and Groups", + condition=( lambda item: not item.deleted ), + allow_multiple=False, + url_args=dict( webapp="community", action="manage_roles_and_groups_for_user" ) ), + grids.GridOperation( "Reset Password", + condition=( lambda item: not item.deleted ), + allow_multiple=True, + allow_popup=False, + url_args=dict( webapp="community", action="reset_user_password" ) ) + ]