commit/galaxy-central: 3 new changesets

3 Aug 2011

3 new changesets in galaxy-central:

http://bitbucket.org/galaxy/galaxy-central/changeset/8024a7996c55/
changeset:   8024a7996c55
user:        John Duddy
date:        2011-06-28 01:18:33
summary:     Add ability for API to do things on another user's behalf
affected #:  2 files (1.1 KB)

--- a/lib/galaxy/web/framework/__init__.py	Mon Jun 27 17:25:32 2011 -0400
+++ b/lib/galaxy/web/framework/__init__.py	Mon Jun 27 16:18:33 2011 -0700
@@ -117,6 +117,23 @@
                 return error
         trans.response.set_content_type( "application/json" )
         trans.set_user( provided_key.user )
+# Perform api_run_as processing, possibly changing identity
+        if 'run_as' in kwargs:
+            if not trans.user_can_do_run_as():
+                error_message = 'User does not have permissions to run jobs as another user'
+                return error
+            try:
+                decoded_user_id = trans.security.decode_id( kwargs['run_as'] )
+            except TypeError:
+                trans.response.status = 400
+                return "Malformed user id ( %s ) specified, unable to decode." % str( kwargs['run_as'] )
+            try:
+                user = trans.sa_session.query( trans.app.model.User ).get( decoded_user_id )
+                trans.set_user(user)
+            except:
+                trans.response.status = 400
+                return "That user does not exist."
+
         if trans.debug:
             return simplejson.dumps( func( self, trans, *args, **kwargs ), indent=4, sort_keys=True )
         else:
@@ -590,6 +607,9 @@
     def user_is_admin( self ):
         admin_users = self.app.config.get( "admin_users", "" ).split( "," )
         return self.user and admin_users and self.user.email in admin_users
+    def user_can_do_run_as( self ):
+        run_as_users = self.app.config.get( "api_allow_run_as", "" ).split( "," )
+        return self.user and run_as_users and self.user.email in run_as_users
     def get_toolbox(self):
         """Returns the application toolbox"""
         return self.app.toolbox


--- a/universe_wsgi.ini.sample	Mon Jun 27 17:25:32 2011 -0400
+++ b/universe_wsgi.ini.sample	Mon Jun 27 16:18:33 2011 -0700
@@ -433,6 +433,10 @@
 # Enable the (experimental! beta!) Web API.  Documentation forthcoming.
 #enable_api = False
 
+# Optional list of email addresses of API users who can make calls on behalf of
+# other users
+#api_allow_run_as = None
+
 # Enable tool tags (associating tools with tags).  This has its own option
 # since its implementation has a few performance implications on startup for
 # large servers.


http://bitbucket.org/galaxy/galaxy-central/changeset/2c7ddd0f8972/
changeset:   2c7ddd0f8972
user:        John Duddy
date:        2011-07-29 21:39:29
summary:     Promote run_as API users to admin if the API key user is an admin
affected #:  1 file (277 bytes)

--- a/lib/galaxy/web/framework/__init__.py	Mon Jun 27 16:18:33 2011 -0700
+++ b/lib/galaxy/web/framework/__init__.py	Fri Jul 29 12:39:29 2011 -0700
@@ -129,6 +129,7 @@
                 return "Malformed user id ( %s ) specified, unable to decode." % str( kwargs['run_as'] )
             try:
                 user = trans.sa_session.query( trans.app.model.User ).get( decoded_user_id )
+                trans.api_inherit_admin = trans.user_is_admin()
                 trans.set_user(user)
             except:
                 trans.response.status = 400
@@ -145,13 +146,13 @@
 
 def require_admin( func ):
     def decorator( self, trans, *args, **kwargs ):
-        admin_users = trans.app.config.get( "admin_users", "" ).split( "," )
-        if not admin_users:
-            return trans.show_error_message( "You must be logged in as an administrator to access this feature, but no administrators are set in the Galaxy configuration." )
-        user = trans.get_user()
-        if not user:
-            return trans.show_error_message( "You must be logged in as an administrator to access this feature." )
-        if not user.email in admin_users:
+        if not trans.user_is_admin():
+            admin_users = trans.app.config.get( "admin_users", "" ).split( "," )
+            if not admin_users:
+                return trans.show_error_message( "You must be logged in as an administrator to access this feature, but no administrators are set in the Galaxy configuration." )
+            user = trans.get_user()
+            if not user:
+                return trans.show_error_message( "You must be logged in as an administrator to access this feature." )
             return trans.show_error_message( "You must be an administrator to access this feature." )
         return func( self, trans, *args, **kwargs )
     return decorator
@@ -214,6 +215,8 @@
         # that the current history should not be used for parameter values
         # and such).
         self.workflow_building_mode = False
+        # Flag indicating whether this is an API call and the API key user is an administrator
+        self.api_inherit_admin = False
     def setup_i18n( self ):
         locales = []
         if 'HTTP_ACCEPT_LANGUAGE' in self.environ:
@@ -605,6 +608,8 @@
             roles = []
         return roles
     def user_is_admin( self ):
+        if self.api_inherit_admin:
+            return True
         admin_users = self.app.config.get( "admin_users", "" ).split( "," )
         return self.user and admin_users and self.user.email in admin_users
     def user_can_do_run_as( self ):


http://bitbucket.org/galaxy/galaxy-central/changeset/cde2d0c27d96/
changeset:   cde2d0c27d96
user:        dannon
date:        2011-08-03 06:34:27
summary:     Merge API run_as changes from John Duddy.
affected #:  2 files (1.4 KB)

--- a/lib/galaxy/web/framework/__init__.py	Tue Aug 02 16:05:55 2011 -0400
+++ b/lib/galaxy/web/framework/__init__.py	Wed Aug 03 00:34:27 2011 -0400
@@ -117,6 +117,24 @@
                 return error
         trans.response.set_content_type( "application/json" )
         trans.set_user( provided_key.user )
+# Perform api_run_as processing, possibly changing identity
+        if 'run_as' in kwargs:
+            if not trans.user_can_do_run_as():
+                error_message = 'User does not have permissions to run jobs as another user'
+                return error
+            try:
+                decoded_user_id = trans.security.decode_id( kwargs['run_as'] )
+            except TypeError:
+                trans.response.status = 400
+                return "Malformed user id ( %s ) specified, unable to decode." % str( kwargs['run_as'] )
+            try:
+                user = trans.sa_session.query( trans.app.model.User ).get( decoded_user_id )
+                trans.api_inherit_admin = trans.user_is_admin()
+                trans.set_user(user)
+            except:
+                trans.response.status = 400
+                return "That user does not exist."
+
         if trans.debug:
             return simplejson.dumps( func( self, trans, *args, **kwargs ), indent=4, sort_keys=True )
         else:
@@ -128,13 +146,13 @@
 
 def require_admin( func ):
     def decorator( self, trans, *args, **kwargs ):
-        admin_users = trans.app.config.get( "admin_users", "" ).split( "," )
-        if not admin_users:
-            return trans.show_error_message( "You must be logged in as an administrator to access this feature, but no administrators are set in the Galaxy configuration." )
-        user = trans.get_user()
-        if not user:
-            return trans.show_error_message( "You must be logged in as an administrator to access this feature." )
-        if not user.email in admin_users:
+        if not trans.user_is_admin():
+            admin_users = trans.app.config.get( "admin_users", "" ).split( "," )
+            if not admin_users:
+                return trans.show_error_message( "You must be logged in as an administrator to access this feature, but no administrators are set in the Galaxy configuration." )
+            user = trans.get_user()
+            if not user:
+                return trans.show_error_message( "You must be logged in as an administrator to access this feature." )
             return trans.show_error_message( "You must be an administrator to access this feature." )
         return func( self, trans, *args, **kwargs )
     return decorator
@@ -197,6 +215,8 @@
         # that the current history should not be used for parameter values
         # and such).
         self.workflow_building_mode = False
+        # Flag indicating whether this is an API call and the API key user is an administrator
+        self.api_inherit_admin = False
     def setup_i18n( self ):
         locales = []
         if 'HTTP_ACCEPT_LANGUAGE' in self.environ:
@@ -593,8 +613,13 @@
             roles = []
         return roles
     def user_is_admin( self ):
+        if self.api_inherit_admin:
+            return True
         admin_users = self.app.config.get( "admin_users", "" ).split( "," )
         return self.user and admin_users and self.user.email in admin_users
+    def user_can_do_run_as( self ):
+        run_as_users = self.app.config.get( "api_allow_run_as", "" ).split( "," )
+        return self.user and run_as_users and self.user.email in run_as_users
     def get_toolbox(self):
         """Returns the application toolbox"""
         return self.app.toolbox


--- a/universe_wsgi.ini.sample	Tue Aug 02 16:05:55 2011 -0400
+++ b/universe_wsgi.ini.sample	Wed Aug 03 00:34:27 2011 -0400
@@ -433,6 +433,10 @@
 # Enable the (experimental! beta!) Web API.  Documentation forthcoming.
 #enable_api = False
 
+# Optional list of email addresses of API users who can make calls on behalf of
+# other users
+#api_allow_run_as = None
+
 # Enable tool tags (associating tools with tags).  This has its own option
 # since its implementation has a few performance implications on startup for
 # large servers.

Repository URL: https://bitbucket.org/galaxy/galaxy-central/

--

This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.

    

Bitbucket

tags

participants (1)