commit/galaxy-central: smcmanus: The fourth optimized query was being emitted due to other calls to get_item_actions; this fixes that case.

27 Sep 2012

1 new commit in galaxy-central:


https://bitbucket.org/galaxy/galaxy-central/changeset/048e0743316c/
changeset:   048e0743316c
user:        smcmanus
date:        2012-09-27 23:49:28
summary:     The fourth optimized query was being emitted due to other calls to get_item_actions; this fixes that case.
affected #:  2 files

diff -r 8fcb6ed6e2336542bb122cbac70c3150464cbbf1 -r 048e0743316c67570062b13da2c3dcf7dcc1924c lib/galaxy/security/__init__.py

--- a/lib/galaxy/security/__init__.py
+++ b/lib/galaxy/security/__init__.py
@@ -324,7 +324,7 @@
         return ret_permissions
 
 
-    def allow_action_on_items( self, trans, user_roles, action, items ):
+    def allow_action_on_libitems( self, trans, user_roles, action, items ):
         """
         This should be the equivalent of allow_action defined on multiple items.
         It is meant to specifically replace allow_action for multiple 
@@ -379,19 +379,56 @@
         return ret_allow_action
 
 
-    def get_dataset_access_mapping( self, trans, user_roles, datasets ):
+    # DELETEME: SM: DO NOT TOUCH! This actually works.
+    def dataset_access_mapping( self, trans, user_roles, datasets ):
         '''
         For the given list of datasets, return a mapping of the datasets' ids
         to whether they can be accessed by the user or not. The datasets input
         is expected to be a simple list of Dataset objects. 
         '''
         datasets_public_map = self.datasets_are_public( trans, datasets )
-        datasets_allow_action_map = self.allow_action_on_items( trans, user_roles, self.permitted_actions.DATASET_ACCESS, datasets )
+        datasets_allow_action_map = self.allow_action_on_libitems( trans, user_roles, self.permitted_actions.DATASET_ACCESS, datasets )
         can_access = {}
         for dataset in datasets:
             can_access[ dataset.id ] = datasets_public_map[ dataset.id ] or datasets_allow_action_map[ dataset.id ]
         return can_access
 
+    def dataset_permission_map_for_access( self, trans, user_roles, libitems ):
+        '''
+        For a given list of library items (e.g., Datasets), return a map of the
+        datasets' ids to whether they can have permission to use that action 
+        (e.g., "access" or "modify") on the dataset. The libitems input is 
+        expected to be a simple list of library items, such as Datasets or
+        LibraryDatasets.
+        NB: This is currently only usable for Datasets; it was intended to
+        be used for any library item.
+        '''
+        # Map the library items to whether they are publicly accessible or not.
+        # Then determine what actions are allowed on the item (in case it's not
+        # public). Finally, the item is accessible if it's publicly available
+        # or the right permissions are enabled.
+        # TODO: This only works for Datasets; other code is using X_is_public,
+        # so this will have to be rewritten to support other items.
+        libitems_public_map = self.datasets_are_public( trans, libitems )
+        libitems_allow_action_map = self.allow_action_on_libitems( 
+            trans, user_roles, self.permitted_actions.DATASET_ACCESS, libitems )
+        can_access = {}
+        for libitem in libitems:
+            can_access[ libitem.id ] = libitems_public_map[ libitem.id ] or libitems_allow_action_map[ libitem.id ]
+        return can_access
+
+    def item_permission_map_for_modify( self, trans, user_roles, libitems ): 
+        return self.allow_action_on_libitems( 
+            trans, user_roles, self.permitted_actions.LIBRARY_MODIFY, libitems )
+
+    def item_permission_map_for_manage( self, trans, user_roles, libitems ): 
+        return self.allow_action_on_libitems( 
+            trans, user_roles, self.permitted_actions.LIBRARY_MANAGE, libitems )
+
+    def item_permission_map_for_add( self, trans, user_roles, libitems ): 
+        return self.allow_action_on_libitems( 
+            trans, user_roles, self.permitted_actions.LIBRARY_ADD, libitems )
+
     def can_access_dataset( self, user_roles, dataset ):
         # SM: dataset_is_public will access dataset.actions, which is a 
         # backref that causes a query to be made to DatasetPermissions 


diff -r 8fcb6ed6e2336542bb122cbac70c3150464cbbf1 -r 048e0743316c67570062b13da2c3dcf7dcc1924c templates/library/common/browse_library_opt.mako
--- a/templates/library/common/browse_library_opt.mako
+++ b/templates/library/common/browse_library_opt.mako
@@ -207,7 +207,7 @@
     </script></%def>
 
-<%def name="render_dataset( cntrller, ldda, library_dataset, selected, library, folder, pad, parent, row_counter, tracked_datasets, show_deleted=False, simple=False )">
+<%def name="render_dataset( cntrller, ldda, library_dataset, can_modify, can_manage, selected, library, folder, pad, parent, row_counter, tracked_datasets, show_deleted=False, simple=False )"><%
         ## The received ldda must always be a LibraryDatasetDatasetAssociation object.  The object id passed to methods
         ## from the drop down menu should be the ldda id to prevent id collision ( which could happen when displaying
@@ -215,29 +215,15 @@
         ## library_dataset, so we display the attributes from the ldda.
         
         from galaxy.web.controllers.library_common import branch_deleted
-        # SM: DELETEME
-        import logging
-        log = logging.getLogger( __name__ )
-        
+
         is_admin = trans.user_is_admin() and cntrller == 'library_admin'
-        
-        if ldda == library_dataset.library_dataset_dataset_association:
-            current_version = True
-            if is_admin:
-                can_modify = can_manage = True
-            elif cntrller in [ 'library', 'requests' ]:
-                #log.debug( "SM: Query 4: backref to Library_Dataset_Permissions" )
-                can_modify = trans.app.security_agent.can_modify_library_item( current_user_roles, library_dataset )
-                can_manage = trans.app.security_agent.can_manage_library_item( current_user_roles, library_dataset )
-            else:
-                can_modify = can_manage = False
-        else:
-            current_version = False
+        current_version = ( ldda == library_dataset.library_dataset_dataset_association )
         if current_version and ldda.state not in ( 'ok', 'error', 'empty', 'deleted', 'discarded' ):
             tracked_datasets[ldda.id] = ldda.state
-        #log.debug( "SM: Query 5 call: LibraryDatasetDatasetInfoAssocation" )
+        # SM: This causes a query to be emitted, but it quickly goes down a
+        # rabbit hole of many possible inheritable cases. It may not be 
+        # possible to easily eliminate the extra query from this call.
         info_association, inherited = ldda.get_info_association( restrict=True )
-        # SM: The form type is for displaying URLs only; ignore for now.
         form_type = trans.model.FormDefinition.types.LIBRARY_INFO_TEMPLATE
     %>
     %if current_version and ( not ldda.library_dataset.deleted or show_deleted ):
@@ -326,7 +312,7 @@
 
 <%def name="render_folder( cntrller, folder, folder_pad, created_ldda_ids, library, hidden_folder_ids, tracked_datasets, show_deleted=False, parent=None, row_counter=None, root_folder=False, simple=False )"><%
-        from galaxy.web.controllers.library_common import active_folders, active_folders_and_library_datasets, activatable_folders_and_library_datasets, map_library_datasets_to_lddas, branch_deleted, datasets_for_lddas
+        from galaxy.web.controllers.library_common import active_folders, active_folders_and_library_datasets, activatable_folders_and_library_datasets, map_library_datasets_to_lddas, branch_deleted, datasets_for_lddas 
 
         # SM: DELETEME
         from datetime import datetime, timedelta
@@ -466,14 +452,20 @@
         if ( len( library_datasets ) > 0 ):
             lib_dataset_ldda_map = map_library_datasets_to_lddas( trans, library_datasets )
             dataset_list = datasets_for_lddas( trans, lib_dataset_ldda_map.values() )
-            can_access_datasets = trans.app.security_agent.get_dataset_access_mapping( trans, current_user_roles, dataset_list )
+            #can_access_datasets = trans.app.security_agent.dataset_access_mapping( trans, current_user_roles, dataset_list )
+            can_access_datasets = trans.app.security_agent.dataset_permission_map_for_access( trans, current_user_roles, dataset_list )
+            can_modify_datasets = trans.app.security_agent.item_permission_map_for_modify( trans, current_user_roles, dataset_list )
+            can_manage_datasets = trans.app.security_agent.item_permission_map_for_manage( trans, current_user_roles, dataset_list )
             for library_dataset in library_datasets:
                 ldda = lib_dataset_ldda_map[ library_dataset.id ]
                 if ldda: 
+                    # SMTODO: Fix awkard modify/manage permission checks.
                     can_access = is_admin or can_access_datasets[ ldda.dataset_id ]
+                    can_modify = is_admin or ( cntrller in ['library', 'requests'] and can_modify_datasets[ ldda.dataset_id ])
+                    can_manage = is_admin or ( cntrller in ['library', 'requests'] and can_manage_datasets[ ldda.dataset_id ])
                     selected = created_ldda_ids and str( ldda.id ) in created_ldda_ids
                     if can_access:
-                        render_dataset( cntrller, ldda, library_dataset, selected, library, folder, pad, my_row, row_counter, tracked_datasets, show_deleted=show_deleted )
+                        render_dataset( cntrller, ldda, library_dataset, can_modify, can_manage, selected, library, folder, pad, my_row, row_counter, tracked_datasets, show_deleted=show_deleted )
     %></%def>

Repository URL: https://bitbucket.org/galaxy/galaxy-central/

--

This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.

    

Bitbucket

tags

participants (1)