commit/galaxy-central: 2 new changesets

2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/ce1977c956b3/ Changeset: ce1977c956b3 User: jmchilton Date: 2014-01-04 05:04:36 Summary: If master_api_key set, allow it to run_as if any user can run_as. If no master_api_key set no change in behavior, if api_allow_run_as is empty no change in behavior (i.e. run_as will not work with master_api_key if no api_allow_run_as users are configured - as to not increase attack surface for these Galaxy instances). This changeset contains no tests, but pull request #278 included functional tests for these changes (as well as original behavior) which passed. Affected #: 1 file diff -r f0f7c3cd2e8af64243f878c04f418c1ee054bc55 -r ce1977c956b3457bd3b7ee50506b5e2675192f17 lib/galaxy/web/framework/__init__.py --- a/lib/galaxy/web/framework/__init__.py +++ b/lib/galaxy/web/framework/__init__.py @@ -947,8 +947,13 @@ return self.user and admin_users and self.user.email in admin_users def user_can_do_run_as( self ): - run_as_users = self.app.config.get( "api_allow_run_as", "" ).split( "," ) - return self.user and run_as_users and self.user.email in run_as_users + run_as_users = [ user for user in self.app.config.get( "api_allow_run_as", "" ).split( "," ) if user ] + if not run_as_users: + return False + user_in_run_as_users = self.user and run_as_users and self.user.email in run_as_users + # Can do if explicitly in list or master_api_key supplied. + can_do_run_as = user_in_run_as_users or self.api_inherit_admin + return can_do_run_as def get_toolbox(self): """Returns the application toolbox""" https://bitbucket.org/galaxy/galaxy-central/commits/7e11c0d36c85/ Changeset: 7e11c0d36c85 User: dannon Date: 2014-01-07 20:24:11 Summary: Merged in jmchilton/galaxy-central-fork-1 (pull request #288) If master_api_key set, allow it to run_as if any user can run_as. Affected #: 1 file diff -r f2e3d2e41c1d2e90d089c1ac9ea4d626b620a94d -r 7e11c0d36c85a0e916534ef6733c35fbf5046c41 lib/galaxy/web/framework/__init__.py --- a/lib/galaxy/web/framework/__init__.py +++ b/lib/galaxy/web/framework/__init__.py @@ -947,8 +947,13 @@ return self.user and admin_users and self.user.email in admin_users def user_can_do_run_as( self ): - run_as_users = self.app.config.get( "api_allow_run_as", "" ).split( "," ) - return self.user and run_as_users and self.user.email in run_as_users + run_as_users = [ user for user in self.app.config.get( "api_allow_run_as", "" ).split( "," ) if user ] + if not run_as_users: + return False + user_in_run_as_users = self.user and run_as_users and self.user.email in run_as_users + # Can do if explicitly in list or master_api_key supplied. + can_do_run_as = user_in_run_as_users or self.api_inherit_admin + return can_do_run_as def get_toolbox(self): """Returns the application toolbox""" Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.
participants (1)
-
commits-noreply@bitbucket.org