Hello,
Martin Aryee wrote:
We would like to set up a public Galaxy instance that also hosts a few tools that would only be available to a particular user group.
For our local Galaxy server we needed something similar, and came up with the attached patch. For every tool executed, it calls a function with the tool id, user email and the function returns true/false if the user is allowed to run the tool. This is only a stop-gap solution until Galaxy supports per-tool security. You'll need to add your own python code for the permission logic, and unfortunately it will be hard coded. The message the users will see is also not very pretty, but it works. The log will show which tools are allowed and which ones are blocked (with the tool-id and user email). The patch is also available here: http://cancan.cshl.edu/labmembers/gordon/files/galaxy_per_tool_security.patc... (if it got mangled in the email). comments are welcomed, -gordon