I'm running the stable copy of galaxy and noticed that some custom, administrative tools (and otherwise tools which should be restricted in access due to licensing/etc.) were showing up in normal user's toolboxes inside the workflow editor.

I feel that this is a bug, as the tool filters should be applied globally and not just in terms of what tools users are restricted from seeing  in the normal toolbox.

For me, this presents a problem as I strongly believe any administrative tools that exist should leak as little information as possible--not their entire set of options and associated documentation. Additionally, that sort of information leakage isn't acceptable by my organisation's policies.

Do I have my instance misconfigured or is this an actual bug?
I have my galaxy configured according to https://wiki.galaxyproject.org/Admin/Config/Access%20Control

$ hg head
changeset:   11242:9d4cbf2a1c13
branch:      stable
tag:         tip
user:        Nate Coraor <nate@bx.psu.edu>
date:        Fri Dec 06 16:28:31 2013 -0500
summary:     Add missing destination long arg to cli runner's Torque plugin and fix an incorrectly used PBS option in the sample job conf.

changeset:   11216:c458a0fe1ba8
parent:      11213:6d633418ecfa
parent:      11215:f79149dd3d35
user:        Nate Coraor <nate@bx.psu.edu>
date:        Mon Nov 04 14:56:57 2013 -0500
summary:     Merge security fix for filtering tools from stable/next-stable.

$ hg summary
parent: 11242:9d4cbf2a1c13 tip
 Add missing destination long arg to cli runner's Torque plugin and fix an incorrectly used PBS option in the sample job conf.
branch: stable
commit: 4 modified, 34 unknown
update: (current)


Thank you,
Eric Rasche

Programmer II
Center for Phage Technology
Texas A&M University