Okay, thanks for confirming and creating the card.

Yes...it's unfortunate that tool filters will not block tools entirely, but this will get it out of the users' view in one more place.


On 12/17/2013 05:39 PM, Dannon Baker wrote:
This sounds like a bug; the primary toolbox and workflow editor toolbox
should reflect the same set of tools (exception being workflow-specific
control steps, etc).  I've created a trello card to track this issue here:
https://trello.com/c/3TxFHkYR

That said, do note the warning on the dynamic toolbox filters page:

[image: <!>]  Filters will only hide Tools from the User Interface, they
are still available and can be made visible by means of HTML manipulation.
That said these feature is not a security feature, it is intended to
separate multiple groups of Tools and simplify the
ToolBox<https://wiki.galaxyproject.org/ToolBox>
.


On Tue, Dec 17, 2013 at 6:27 PM, Eric Rasche <rasche.eric@yandex.ru> wrote:

 I'm running the stable copy of galaxy and noticed that some custom,
administrative tools (and otherwise tools which should be restricted in
access due to licensing/etc.) were showing up in normal user's toolboxes
inside the workflow editor.

I feel that this is a bug, as the tool filters should be applied globally
and not just in terms of what tools users are restricted from seeing  in
the normal toolbox.

For me, this presents a problem as I strongly believe any administrative
tools that exist should leak as little information as possible--not their
entire set of options and associated documentation. Additionally, that sort
of information leakage isn't acceptable by my organisation's policies.

Do I have my instance misconfigured or is this an actual bug?
I have my galaxy configured according to
https://wiki.galaxyproject.org/Admin/Config/Access%20Control

$ hg head
changeset:   11242:9d4cbf2a1c13
branch:      stable
tag:         tip
user:        Nate Coraor <nate@bx.psu.edu> <nate@bx.psu.edu>
date:        Fri Dec 06 16:28:31 2013 -0500
summary:     Add missing destination long arg to cli runner's Torque
plugin and fix an incorrectly used PBS option in the sample job conf.

changeset:   11216:c458a0fe1ba8
parent:      11213:6d633418ecfa
parent:      11215:f79149dd3d35
user:        Nate Coraor <nate@bx.psu.edu> <nate@bx.psu.edu>
date:        Mon Nov 04 14:56:57 2013 -0500
summary:     Merge security fix for filtering tools from
stable/next-stable.

$ hg summary
parent: 11242:9d4cbf2a1c13 tip
 Add missing destination long arg to cli runner's Torque plugin and fix an
incorrectly used PBS option in the sample job conf.
branch: stable
commit: 4 modified, 34 unknown
update: (current)


Thank you,
Eric Rasche

Programmer II
Center for Phage Technology
Texas A&M University

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/


    


--
Eric Rasche
Programmer II
Center for Phage Technology
Texas A&M University
College Station, TX 77843
404-692-2048
esr@tamu.edu