commit/galaxy-central: 2 new changesets
2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/7342edd34eed/ Changeset: 7342edd34eed Branch: stable User: carlfeberhard Date: 2015-01-21 16:33:40+00:00 Summary: Fix to allow anon users to view pages with histories Affected #: 2 files diff -r 5e1b2c9da932b46776e56453d1bd2acec5c89760 -r 7342edd34eedbc83df778706197502adc8e93cd3 lib/galaxy/web/base/controller.py --- a/lib/galaxy/web/base/controller.py +++ b/lib/galaxy/web/base/controller.py @@ -255,16 +255,26 @@ """ Get a History from the database by id, verifying ownership. """ - if trans.user is None and trans.history: - if id == trans.security.encode_id( trans.history.id ): - return trans.history - raise ItemOwnershipException( "Must be logged in to manage Galaxy items", type='error' ) + if not trans.user: + return self._anonymous_get_history( trans, id, + check_ownership=check_ownership, check_accessible=check_accessible, deleted=deleted ) history = self.get_object( trans, id, 'History', check_ownership=check_ownership, check_accessible=check_accessible, deleted=deleted ) history = self.security_check( trans, history, check_ownership, check_accessible ) return history + def _anonymous_get_history( self, trans, id, check_ownership=True, check_accessible=False, deleted=None ): + history = self.get_object( trans, id, 'History', + check_ownership=False, check_accessible=False, deleted=deleted ) + # access public histories + if history.importable: + return history + # allow current history + if history == trans.history: + return history + raise ItemOwnershipException( "Must be logged in to manage Galaxy items", type='error' ) + def get_user_histories( self, trans, user=None, include_deleted=False, only_deleted=False ): """ Get all the histories for a given user (defaulting to `trans.user`) diff -r 5e1b2c9da932b46776e56453d1bd2acec5c89760 -r 7342edd34eedbc83df778706197502adc8e93cd3 lib/galaxy/webapps/galaxy/controllers/page.py --- a/lib/galaxy/webapps/galaxy/controllers/page.py +++ b/lib/galaxy/webapps/galaxy/controllers/page.py @@ -729,7 +729,8 @@ Returns html suitable for embedding in another page. """ #TODO: should be moved to history controller and/or called via ajax from the template - history = self.get_history( trans, id, False, True ) + # histories embedded in pages are set to importable when embedded, check for access here + history = self.get_history( trans, id, check_ownership=False, check_accessible=True ) if not history: return None https://bitbucket.org/galaxy/galaxy-central/commits/4039bfd5584a/ Changeset: 4039bfd5584a Branch: stable User: dannon Date: 2015-01-21 16:46:38+00:00 Summary: Merged in carlfeberhard/carlfeberhard-galaxy-central-stable/stable (pull request #642) [STABLE] Fix to allow anon users to view pages with histories Affected #: 2 files diff -r 8d45e099f1c5b2f36b709c01fdd38803543fc8f1 -r 4039bfd5584aac053f686197a76ac176253e6f3d lib/galaxy/web/base/controller.py --- a/lib/galaxy/web/base/controller.py +++ b/lib/galaxy/web/base/controller.py @@ -255,16 +255,26 @@ """ Get a History from the database by id, verifying ownership. """ - if trans.user is None and trans.history: - if id == trans.security.encode_id( trans.history.id ): - return trans.history - raise ItemOwnershipException( "Must be logged in to manage Galaxy items", type='error' ) + if not trans.user: + return self._anonymous_get_history( trans, id, + check_ownership=check_ownership, check_accessible=check_accessible, deleted=deleted ) history = self.get_object( trans, id, 'History', check_ownership=check_ownership, check_accessible=check_accessible, deleted=deleted ) history = self.security_check( trans, history, check_ownership, check_accessible ) return history + def _anonymous_get_history( self, trans, id, check_ownership=True, check_accessible=False, deleted=None ): + history = self.get_object( trans, id, 'History', + check_ownership=False, check_accessible=False, deleted=deleted ) + # access public histories + if history.importable: + return history + # allow current history + if history == trans.history: + return history + raise ItemOwnershipException( "Must be logged in to manage Galaxy items", type='error' ) + def get_user_histories( self, trans, user=None, include_deleted=False, only_deleted=False ): """ Get all the histories for a given user (defaulting to `trans.user`) diff -r 8d45e099f1c5b2f36b709c01fdd38803543fc8f1 -r 4039bfd5584aac053f686197a76ac176253e6f3d lib/galaxy/webapps/galaxy/controllers/page.py --- a/lib/galaxy/webapps/galaxy/controllers/page.py +++ b/lib/galaxy/webapps/galaxy/controllers/page.py @@ -729,7 +729,8 @@ Returns html suitable for embedding in another page. """ #TODO: should be moved to history controller and/or called via ajax from the template - history = self.get_history( trans, id, False, True ) + # histories embedded in pages are set to importable when embedded, check for access here + history = self.get_history( trans, id, check_ownership=False, check_accessible=True ) if not history: return None Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.
participants (1)
-
commits-noreply@bitbucket.org