2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/changeset/3fc27b7125cc/ changeset: 3fc27b7125cc user: dan date: 2012-10-11 20:06:10 summary: Only allow errors to be viewed if the user can access the dataset. affected #: 1 file diff -r b27aa5db944d3c3a79c9bedf9d91fe2a2e89e01d -r 3fc27b7125ccca13354558e355832de8f1f5f51a lib/galaxy/webapps/galaxy/controllers/dataset.py --- a/lib/galaxy/webapps/galaxy/controllers/dataset.py +++ b/lib/galaxy/webapps/galaxy/controllers/dataset.py @@ -166,6 +166,8 @@ @web.expose def errors( self, trans, id ): hda = trans.sa_session.query( model.HistoryDatasetAssociation ).get( id ) + if not hda or not trans.app.security_agent.can_access_dataset( trans.get_current_user_roles(), hda.dataset ): + return trans.show_error_message( "Either this dataset does not exist or you do not have permission to access it." ) return trans.fill_template( "dataset/errors.mako", hda=hda ) @web.expose def stdoutX( self, trans, dataset_id=None, **kwargs ): https://bitbucket.org/galaxy/galaxy-central/changeset/7549962ac833/ changeset: 7549962ac833 user: dan date: 2012-10-11 20:06:18 summary: Only copy the user on bug reports if the user can access the dataset. affected #: 1 file diff -r 3fc27b7125ccca13354558e355832de8f1f5f51a -r 7549962ac83381ab92ac806b168d45b0b4b9a107 lib/galaxy/webapps/galaxy/controllers/dataset.py --- a/lib/galaxy/webapps/galaxy/controllers/dataset.py +++ b/lib/galaxy/webapps/galaxy/controllers/dataset.py @@ -248,7 +248,7 @@ # Check email a bit email = email.strip() parts = email.split() - if len( parts ) == 1 and len( email ) > 0: + if len( parts ) == 1 and len( email ) > 0 and trans.app.security_agent.can_access_dataset( trans.get_current_user_roles(), hda.dataset ): to = to_address + ", " + email else: to = to_address Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.