commit/galaxy-central: dannon: External Auth: this change allows users when use_remote_user is in action to
1 new commit in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/a3fef3c3f644/ Changeset: a3fef3c3f644 User: dannon Date: 2014-07-10 22:24:29 Summary: External Auth: this change allows users when use_remote_user is in action to navigate to the user preferences page. This specifically allows use of toolbox filters, and default permission setting on new histories as new functionality w/ external auth. Also added shortcut for whitelist comparison for non-user-controller requests. Affected #: 2 files diff -r a129d77f8d203d4db7940dbd0b9fdc8c48436781 -r a3fef3c3f644d87ab00bdf3e1962376f405e31c0 lib/galaxy/web/framework/middleware/remoteuser.py --- a/lib/galaxy/web/framework/middleware/remoteuser.py +++ b/lib/galaxy/web/framework/middleware/remoteuser.py @@ -76,7 +76,11 @@ before you may access Galaxy. """ return self.error( start_response, title, message ) - if path_info.startswith( '/user/create' ) and environ[ self.remote_user_header ] in self.admin_users: + if not path_info.startswith('/user'): + # shortcut the following whitelist for non-user-controller + # requests. + pass + elif path_info.startswith( '/user/create' ) and environ[ self.remote_user_header ] in self.admin_users: pass # admins can create users elif path_info.startswith( '/user/logout' ) and environ[ self.remote_user_header ] in self.admin_users: pass # Admin users may be impersonating, allow logout. @@ -86,7 +90,14 @@ pass # username can be managed when remote_user is in use elif path_info.startswith( '/user/dbkeys' ): pass # dbkeys can be managed when remote_user is in use + elif path_info.startswith( '/user/toolbox_filters' ): + pass # toolbox filters can be managed when remote_user is in use + elif path_info.startswith( '/user/set_default_permissions' ): + pass # default permissions can be managed when remote_user is in use + elif path_info == '/user' or path_info =='/user/': + pass # We do allow access to the root user preferences page. elif path_info.startswith( '/user' ): + # Any other endpoint in the user controller is off limits title = "Access to Galaxy user controls is disabled" message = """ User controls are disabled when Galaxy is configured diff -r a129d77f8d203d4db7940dbd0b9fdc8c48436781 -r a3fef3c3f644d87ab00bdf3e1962376f405e31c0 templates/user/index.mako --- a/templates/user/index.mako +++ b/templates/user/index.mako @@ -10,11 +10,13 @@ <p>You are currently logged in as ${trans.user.email}.</p><ul> %if t.webapp.name == 'galaxy': - <li><a href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller )}">${_('Manage your information')}</a></li> + %if not trans.app.config.use_remote_user: + <li><a href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller )}">${_('Manage your information')}</a></li> + %endif <li><a href="${h.url_for( controller='user', action='set_default_permissions', cntrller=cntrller )}">${_('Change default permissions')}</a> for new histories</li><li><a href="${h.url_for( controller='user', action='api_keys', cntrller=cntrller )}">${_('Manage your API keys')}</a></li><li><a href="${h.url_for( controller='user', action='toolbox_filters', cntrller=cntrller )}">${_('Manage your ToolBox filters')}</a></li> - %if trans.app.config.enable_openid: + %if trans.app.config.enable_openid and not trans.app.config.use_remote_user: <li><a href="${h.url_for( controller='user', action='openid_manage', cntrller=cntrller )}">${_('Manage OpenIDs')}</a> linked to your account</li> %endif %if trans.app.config.use_remote_user: Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.
participants (1)
-
commits-noreply@bitbucket.org