details: http://www.bx.psu.edu/hg/galaxy/rev/66fda01625f3
changeset: 3482:66fda01625f3
user: jeremy goecks <jeremy.goecks(a)emory.edu>
date: Thu Mar 04 13:49:09 2010 -0500
description:
Refactor page, history, workflow display code to use same security code as get() methods.
diffstat:
lib/galaxy/web/base/controller.py | 3 +--
lib/galaxy/web/controllers/history.py | 10 +++-------
lib/galaxy/web/controllers/page.py | 10 +++-------
lib/galaxy/web/controllers/workflow.py | 12 +++---------
4 files changed, 10 insertions(+), 25 deletions(-)
diffs (79 lines):
diff -r 2e025a8d71d0 -r 66fda01625f3 lib/galaxy/web/base/controller.py
--- a/lib/galaxy/web/base/controller.py Thu Mar 04 13:19:14 2010 -0500
+++ b/lib/galaxy/web/base/controller.py Thu Mar 04 13:49:09 2010 -0500
@@ -110,8 +110,7 @@
if check_accessible:
# Verify accessible.
if ( item.user != user ) and ( not item.importable ) and ( user not in item.users_shared_with_dot_users ):
- raise "hi"
- error( "%s is not accessible by current user" % item.__class__.__name__ )
+ error( "%s is not accessible to current user" % item.__class__.__name__ )
return item
class UsesHistoryDatasetAssociation:
diff -r 2e025a8d71d0 -r 66fda01625f3 lib/galaxy/web/controllers/history.py
--- a/lib/galaxy/web/controllers/history.py Thu Mar 04 13:19:14 2010 -0500
+++ b/lib/galaxy/web/controllers/history.py Thu Mar 04 13:49:09 2010 -0500
@@ -589,15 +589,11 @@
# Get history.
session = trans.sa_session
user = session.query( model.User ).filter_by( username=username ).first()
- history_query_base = trans.sa_session.query( model.History ).filter_by( user=user, slug=slug, deleted=False )
- if user is not None:
- # User can view history if it's importable or if it's shared with him/her.
- history = history_query_base.filter( or_( model.History.importable==True, model.History.users_shared_with.any( model.HistoryUserShareAssociation.user==trans.get_user() ) ) ).first()
- else:
- # User not logged in, so only way to view history is if it's importable.
- history = history_query_base.filter_by( importable=True ).first()
+ history = trans.sa_session.query( model.History ).filter_by( user=user, slug=slug, deleted=False ).first()
if history is None:
raise web.httpexceptions.HTTPNotFound()
+ # Security check raises error if user cannot access history.
+ self.security_check( trans.get_user(), history, False, True)
# Get datasets.
datasets = self.get_history_datasets( trans, history )
diff -r 2e025a8d71d0 -r 66fda01625f3 lib/galaxy/web/controllers/page.py
--- a/lib/galaxy/web/controllers/page.py Thu Mar 04 13:19:14 2010 -0500
+++ b/lib/galaxy/web/controllers/page.py Thu Mar 04 13:49:09 2010 -0500
@@ -555,15 +555,11 @@
# Get page.
session = trans.sa_session
user = session.query( model.User ).filter_by( username=username ).first()
- page_query_base = trans.sa_session.query( model.Page ).filter_by( user=user, slug=slug, deleted=False )
- if user is not None:
- # User can view page if it's importable or if it's shared with him/her.
- page = page_query_base.filter( or_( model.Page.user==trans.get_user(), model.Page.importable==True, model.Page.users_shared_with.any( model.PageUserShareAssociation.user==trans.get_user() ) ) ).first()
- else:
- # User not logged in, so only way to view page is if it's importable.
- page = page_query_base.filter_by( importable=True ).first()
+ page = trans.sa_session.query( model.Page ).filter_by( user=user, slug=slug, deleted=False ).first()
if page is None:
raise web.httpexceptions.HTTPNotFound()
+ # Security check raises error if user cannot access page.
+ self.security_check( trans.get_user(), page, False, True)
# Process page content.
processor = _PageContentProcessor( trans, 'utf-8', 'text/html', self._get_embed_html )
diff -r 2e025a8d71d0 -r 66fda01625f3 lib/galaxy/web/controllers/workflow.py
--- a/lib/galaxy/web/controllers/workflow.py Thu Mar 04 13:19:14 2010 -0500
+++ b/lib/galaxy/web/controllers/workflow.py Thu Mar 04 13:49:09 2010 -0500
@@ -169,15 +169,9 @@
# Get workflow.
session = trans.sa_session
user = session.query( model.User ).filter_by( username=username ).first()
- workflow_query_base = trans.sa_session.query( model.StoredWorkflow ).filter_by( user=user, slug=slug, deleted=False )
- if user is not None:
- # User can view workflow if it's importable or if it's shared with him/her.
- stored_workflow = workflow_query_base.filter( or_( model.StoredWorkflow.importable==True, model.StoredWorkflow.users_shared_with.any( model.StoredWorkflowUserShareAssociation.user==trans.get_user() ) ) ).first()
- else:
- # User not logged in, so only way to view workflow is if it's importable.
- stored_workflow = workflow_query_base.filter_by( importable=True ).first()
- if stored_workflow is None:
- raise web.httpexceptions.HTTPNotFound()
+ stored_workflow = trans.sa_session.query( model.StoredWorkflow ).filter_by( user=user, slug=slug, deleted=False ).first()
+ # Security check raises error if user cannot access workflow.
+ self.security_check( trans.get_user(), stored_workflow, False, True)
# Get data for workflow's steps.
self.get_stored_workflow_steps( trans, stored_workflow )
details: http://www.bx.psu.edu/hg/galaxy/rev/2e025a8d71d0
changeset: 3481:2e025a8d71d0
user: Dan Blankenberg <dan(a)bx.psu.edu>
date: Thu Mar 04 13:19:14 2010 -0500
description:
Update default tool action execute() method to only wrap incoming values once per call. It was previously wrapping once per output data label generated and for each change_format tag.
diffstat:
lib/galaxy/tools/actions/__init__.py | 20 ++++++++++++--------
1 files changed, 12 insertions(+), 8 deletions(-)
diffs (44 lines):
diff -r 39aac31a841b -r 2e025a8d71d0 lib/galaxy/tools/actions/__init__.py
--- a/lib/galaxy/tools/actions/__init__.py Thu Mar 04 13:10:09 2010 -0500
+++ b/lib/galaxy/tools/actions/__init__.py Thu Mar 04 13:19:14 2010 -0500
@@ -182,6 +182,7 @@
on_text = ""
# Add the dbkey to the incoming parameters
incoming[ "dbkey" ] = input_dbkey
+ params = None #wrapped params are used by change_format action and by output.label; only perform this wrapping once, as needed
# Keep track of parent / child relationships, we'll create all the
# datasets first, then create the associations
parent_to_child_pairs = []
@@ -213,8 +214,9 @@
ext = input_ext
#process change_format tags
if output.change_format:
- params = make_dict_copy( incoming ) #FIXME: The wrapping of inputs should only be done once per call to execute; currently happens here and possibly when generating output dataset name
- wrap_values( tool.inputs, params )
+ if params is None:
+ params = make_dict_copy( incoming )
+ wrap_values( tool.inputs, params )
for change_elem in output.change_format:
for when_elem in change_elem.findall( 'when' ):
check = when_elem.get( 'input', None )
@@ -258,12 +260,14 @@
data.blurb = "queued"
# Set output label
if output.label:
- params = make_dict_copy( incoming )
- # wrapping the params allows the tool config to contain things like
- # <outputs>
- # <data format="input" name="output" label="Blat on ${<input_param>.name}" />
- # </outputs>
- wrap_values( tool.inputs, params )
+ if params is None:
+ params = make_dict_copy( incoming )
+ # wrapping the params allows the tool config to contain things like
+ # <outputs>
+ # <data format="input" name="output" label="Blat on ${<input_param>.name}" />
+ # </outputs>
+ wrap_values( tool.inputs, params )
+ #tool (only needing to be set once) and on_string (set differently for each label) are overwritten for each output dataset label being determined
params['tool'] = tool
params['on_string'] = on_text
data.name = fill_template( output.label, context=params )