details: http://www.bx.psu.edu/hg/galaxy/rev/9de680276272 changeset: 3651:9de680276272 user: Greg Von Kuster <greg@bx.psu.edu> date: Wed Apr 14 14:04:03 2010 -0400 description: Somehow missed this necessary cleanup in my initial commit for the Galaxy Community framework. diffstat: community_wsgi.ini.sample | 2 +- lib/galaxy/webapps/community/model/__init__.py | 26 +++++- lib/galaxy/webapps/community/model/mapping.py | 36 +++++++++- lib/galaxy/webapps/community/model/migrate/versions/0001_initial_tables.py | 34 ++++++-- lib/galaxy/webapps/community/security/__init__.py | 37 ++++++--- templates/webapps/community/base_panels.mako | 4 +- 6 files changed, 107 insertions(+), 32 deletions(-) diffs (291 lines): diff -r 3d8a7da23e46 -r 9de680276272 community_wsgi.ini.sample --- a/community_wsgi.ini.sample Wed Apr 14 13:52:35 2010 -0400 +++ b/community_wsgi.ini.sample Wed Apr 14 14:04:03 2010 -0400 @@ -17,7 +17,7 @@ log_level = DEBUG # Database connection -database_file = database/universe.sqlite +#database_file = database/community.sqlite # You may use a SQLAlchemy connection string to specify an external database instead #database_connection = postgres:///community_test?host=/var/run/postgresql diff -r 3d8a7da23e46 -r 9de680276272 lib/galaxy/webapps/community/model/__init__.py --- a/lib/galaxy/webapps/community/model/__init__.py Wed Apr 14 13:52:35 2010 -0400 +++ b/lib/galaxy/webapps/community/model/__init__.py Wed Apr 14 14:04:03 2010 -0400 @@ -29,6 +29,26 @@ """Check if 'cleartext' matches 'self.password' when hashed.""" return self.password == new_secure_hash( text_type=cleartext ) +class UserRoleAssociation( object ): + def __init__( self, user, role ): + self.user = user + self.role = role + +class Role( object ): + private_id = None + types = Bunch( + PRIVATE = 'private', + SYSTEM = 'system', + USER = 'user', + ADMIN = 'admin', + SHARING = 'sharing' + ) + def __init__( self, name="", description="", type="system", deleted=False ): + self.name = name + self.description = description + self.type = type + self.deleted = deleted + class GalaxySession( object ): def __init__( self, id=None, @@ -49,12 +69,6 @@ self.session_key = session_key self.is_valid = is_valid self.prev_session_id = prev_session_id - self.histories = [] - def add_history( self, history, association=None ): - if association is None: - self.histories.append( GalaxySessionToHistoryAssociation( self, history ) ) - else: - self.histories.append( association ) class Tool( object ): def __init__( self, guid=None, name=None, description=None, category=None, version=None, user_id=None, external_filename=None ): diff -r 3d8a7da23e46 -r 9de680276272 lib/galaxy/webapps/community/model/mapping.py --- a/lib/galaxy/webapps/community/model/mapping.py Wed Apr 14 13:52:35 2010 -0400 +++ b/lib/galaxy/webapps/community/model/mapping.py Wed Apr 14 14:04:03 2010 -0400 @@ -44,12 +44,28 @@ Column( "create_time", DateTime, default=now ), Column( "update_time", DateTime, default=now, onupdate=now ), Column( "email", TrimmedString( 255 ), nullable=False ), - Column( "username", TrimmedString( 255 ), index=True, unique=True ), + Column( "username", String( 255 ), index=True, unique=True, default=False ), Column( "password", TrimmedString( 40 ), nullable=False ), Column( "external", Boolean, default=False ), Column( "deleted", Boolean, index=True, default=False ), Column( "purged", Boolean, index=True, default=False ) ) +UserRoleAssociation.table = Table( "user_role_association", metadata, + Column( "id", Integer, primary_key=True ), + Column( "user_id", Integer, ForeignKey( "galaxy_user.id" ), index=True ), + Column( "role_id", Integer, ForeignKey( "role.id" ), index=True ), + Column( "create_time", DateTime, default=now ), + Column( "update_time", DateTime, default=now, onupdate=now ) ) + +Role.table = Table( "role", metadata, + Column( "id", Integer, primary_key=True ), + Column( "create_time", DateTime, default=now ), + Column( "update_time", DateTime, default=now, onupdate=now ), + Column( "name", String( 255 ), index=True, unique=True ), + Column( "description", TEXT ), + Column( "type", String( 40 ), index=True ), + Column( "deleted", Boolean, index=True, default=False ) ) + GalaxySession.table = Table( "galaxy_session", metadata, Column( "id", Integer, primary_key=True ), Column( "create_time", DateTime, default=now ), @@ -121,7 +137,23 @@ properties=dict( tools=relation( Tool, order_by=desc( Tool.table.c.update_time ) ), active_tools=relation( Tool, primaryjoin=( ( Tool.table.c.user_id == User.table.c.id ) & ( not_( Tool.table.c.deleted ) ) ), order_by=desc( Tool.table.c.update_time ) ), galaxy_sessions=relation( GalaxySession, order_by=desc( GalaxySession.table.c.update_time ) ) ) ) - + +assign_mapper( context, UserRoleAssociation, UserRoleAssociation.table, + properties=dict( + user=relation( User, backref="roles" ), + non_private_roles=relation( User, + backref="non_private_roles", + primaryjoin=( ( User.table.c.id == UserRoleAssociation.table.c.user_id ) & ( UserRoleAssociation.table.c.role_id == Role.table.c.id ) & not_( Role.table.c.name == User.table.c.email ) ) ), + role=relation( Role ) + ) +) + +assign_mapper( context, Role, Role.table, + properties=dict( + users=relation( UserRoleAssociation ) + ) +) + assign_mapper( context, GalaxySession, GalaxySession.table, properties=dict( user=relation( User.mapper ) ) ) diff -r 3d8a7da23e46 -r 9de680276272 lib/galaxy/webapps/community/model/migrate/versions/0001_initial_tables.py --- a/lib/galaxy/webapps/community/model/migrate/versions/0001_initial_tables.py Wed Apr 14 13:52:35 2010 -0400 +++ b/lib/galaxy/webapps/community/model/migrate/versions/0001_initial_tables.py Wed Apr 14 14:04:03 2010 -0400 @@ -16,18 +16,34 @@ metadata = MetaData( migrate_engine ) -User.table = Table( "galaxy_user", metadata, +User_table = Table( "galaxy_user", metadata, Column( "id", Integer, primary_key=True), Column( "create_time", DateTime, default=now ), Column( "update_time", DateTime, default=now, onupdate=now ), Column( "email", TrimmedString( 255 ), nullable=False ), - Column( "username", TrimmedString( 255 ), index=True, unique=True ), + Column( "username", String( 255 ), index=True, unique=True, default=False ), Column( "password", TrimmedString( 40 ), nullable=False ), Column( "external", Boolean, default=False ), Column( "deleted", Boolean, index=True, default=False ), Column( "purged", Boolean, index=True, default=False ) ) - -GalaxySession.table = Table( "galaxy_session", metadata, + +UserRoleAssociation_table = Table( "user_role_association", metadata, + Column( "id", Integer, primary_key=True ), + Column( "user_id", Integer, ForeignKey( "galaxy_user.id" ), index=True ), + Column( "role_id", Integer, ForeignKey( "role.id" ), index=True ), + Column( "create_time", DateTime, default=now ), + Column( "update_time", DateTime, default=now, onupdate=now ) ) + +Role_table = Table( "role", metadata, + Column( "id", Integer, primary_key=True ), + Column( "create_time", DateTime, default=now ), + Column( "update_time", DateTime, default=now, onupdate=now ), + Column( "name", String( 255 ), index=True, unique=True ), + Column( "description", TEXT ), + Column( "type", String( 40 ), index=True ), + Column( "deleted", Boolean, index=True, default=False ) ) + +GalaxySession_table = Table( "galaxy_session", metadata, Column( "id", Integer, primary_key=True ), Column( "create_time", DateTime, default=now ), Column( "update_time", DateTime, default=now, onupdate=now ), @@ -40,7 +56,7 @@ Column( "prev_session_id", Integer ) # saves a reference to the previous session so we have a way to chain them together ) -Tool.table = Table( "tool", metadata, +Tool_table = Table( "tool", metadata, Column( "id", Integer, primary_key=True ), Column( "guid", TrimmedString( 255 ), index=True, unique=True ), Column( "create_time", DateTime, default=now ), @@ -53,7 +69,7 @@ Column( "external_filename" , TEXT ), Column( "deleted", Boolean, default=False ) ) -Job.table = Table( "job", metadata, +Job_table = Table( "job", metadata, Column( "id", Integer, primary_key=True ), Column( "create_time", DateTime, default=now ), Column( "update_time", DateTime, default=now, onupdate=now ), @@ -70,14 +86,14 @@ Column( "job_runner_name", String( 255 ) ), Column( "job_runner_external_id", String( 255 ) ) ) -Tag.table = Table( "tag", metadata, +Tag_table = Table( "tag", metadata, Column( "id", Integer, primary_key=True ), Column( "type", Integer ), Column( "parent_id", Integer, ForeignKey( "tag.id" ) ), Column( "name", TrimmedString(255) ), UniqueConstraint( "name" ) ) -ToolTagAssociation.table = Table( "tool_tag_association", metadata, +ToolTagAssociation_table = Table( "tool_tag_association", metadata, Column( "id", Integer, primary_key=True ), Column( "tool_id", Integer, ForeignKey( "tool.id" ), index=True ), Column( "tag_id", Integer, ForeignKey( "tag.id" ), index=True ), @@ -86,7 +102,7 @@ Column( "value", TrimmedString(255), index=True), Column( "user_value", TrimmedString(255), index=True) ) -ToolAnnotationAssociation.table = Table( "tool_annotation_association", metadata, +ToolAnnotationAssociation_table = Table( "tool_annotation_association", metadata, Column( "id", Integer, primary_key=True ), Column( "tool_id", Integer, ForeignKey( "tool.id" ), index=True ), Column( "user_id", Integer, ForeignKey( "galaxy_user.id" ), index=True ), diff -r 3d8a7da23e46 -r 9de680276272 lib/galaxy/webapps/community/security/__init__.py --- a/lib/galaxy/webapps/community/security/__init__.py Wed Apr 14 13:52:35 2010 -0400 +++ b/lib/galaxy/webapps/community/security/__init__.py Wed Apr 14 14:04:03 2010 -0400 @@ -18,6 +18,18 @@ class RBACAgent: """Class that handles galaxy community space security""" permitted_actions = Bunch() + def associate_components( self, **kwd ): + raise 'No valid method of associating provided components: %s' % kwd + def associate_user_role( self, user, role ): + raise 'No valid method of associating a user with a role' + def convert_permitted_action_strings( self, permitted_action_strings ): + """ + When getting permitted actions from an untrusted source like a + form, ensure that they match our actual permitted actions. + """ + return filter( lambda x: x is not None, [ self.permitted_actions.get( action_string ) for action_string in permitted_action_strings ] ) + def create_private_user_role( self, user ): + raise "Unimplemented Method" def get_action( self, name, default=None ): """Get a permitted action by its dict key or action name""" for k, v in self.permitted_actions.items(): @@ -29,16 +41,8 @@ return self.permitted_actions.__dict__.values() def get_item_actions( self, action, item ): raise 'No valid method of retrieving action (%s) for item %s.' % ( action, item ) - def create_private_user_role( self, user ): - raise "Unimplemented Method" def get_private_user_role( self, user ): raise "Unimplemented Method" - def convert_permitted_action_strings( self, permitted_action_strings ): - """ - When getting permitted actions from an untrusted source like a - form, ensure that they match our actual permitted actions. - """ - return filter( lambda x: x is not None, [ self.permitted_actions.get( action_string ) for action_string in permitted_action_strings ] ) class CommunityRBACAgent( RBACAgent ): def __init__( self, model, permitted_actions=None ): @@ -49,7 +53,6 @@ def sa_session( self ): """Returns a SQLAlchemy session""" return self.model.context - def allow_action( self, roles, action, item ): """ Method for checking a permission for the current user ( based on roles ) to perform a @@ -64,9 +67,16 @@ ret_val = True break return ret_val - def get_item_actions( self, action, item ): - # item must be one of: Dataset, Library, LibraryFolder, LibraryDataset, LibraryDatasetDatasetAssociation - return [ permission for permission in item.actions if permission.action == action.action ] + def associate_components( self, **kwd ): + if 'user' in kwd: + if 'role' in kwd: + return self.associate_user_role( kwd['user'], kwd['role'] ) + raise 'No valid method of associating provided components: %s' % kwd + def associate_user_role( self, user, role ): + assoc = self.model.UserRoleAssociation( user, role ) + self.sa_session.add( assoc ) + self.sa_session.flush() + return assoc def create_private_user_role( self, user ): # Create private role role = self.model.Role( name=user.email, description='Private Role for ' + user.email, type=self.model.Role.types.PRIVATE ) @@ -75,6 +85,9 @@ # Add user to role self.associate_components( role=role, user=user ) return role + def get_item_actions( self, action, item ): + # item must be one of: Dataset, Library, LibraryFolder, LibraryDataset, LibraryDatasetDatasetAssociation + return [ permission for permission in item.actions if permission.action == action.action ] def get_private_user_role( self, user, auto_create=False ): role = self.sa_session.query( self.model.Role ) \ .filter( and_( self.model.Role.table.c.name == user.email, diff -r 3d8a7da23e46 -r 9de680276272 templates/webapps/community/base_panels.mako --- a/templates/webapps/community/base_panels.mako Wed Apr 14 13:52:35 2010 -0400 +++ b/templates/webapps/community/base_panels.mako Wed Apr 14 14:04:03 2010 -0400 @@ -60,9 +60,9 @@ %> <div class="submenu"> <ul class="loggedout-only" style="${style1}"> - <li><a href="${h.url_for( controller='/user', action='login', webapp='community' )}">Login</a></li> + <li><a target="galaxy_main" href="${h.url_for( controller='/user', action='login', webapp='community' )}">Login</a></li> %if app.config.allow_user_creation: - <li><a href="${h.url_for( controller='/user', action='create', webapp='community' )}">Register</a></li> + <li><a target="galaxy_main" href="${h.url_for( controller='/user', action='create', webapp='community' )}">Register</a></li> %endif </ul> <ul class="loggedin-only" style="${style2}">