Le 03/01/14 15:44, John Chilton a écrit :
I am not sure I understand the problem. Can you clarify a few points:
Is bioblend letting users associate roles with data libraries that they shouldn't be able to and the operation is succeeding -or- are you trying to add roles and the operation is failing?
Dear John,
In our Galaxy instance, each user connecting to Galaxy has a library associated to its user role which is created automatically as well as two directories; one in the links directory corresponding to our "user_library_import_dir" and one in an "output" directory to enable the users to export their results from the instance.
The user directories are readable by Galaxy and by themselves (unix rights are set using a root cron script)
For a project, we need to do basic galaxy stuff using either the API scripts or bioblend api. We have tried both and bioblend is a little simpler to use.
Using the api script library_upload_from_import_dir.py, using a user api key, only files from the user directory are "uploadable".
However, using bioblend function from libraries class "upload_file_from_server", a user with its key can upload within its galaxy library, the data of anyone.
#giOlivia.libraries.upload_file_from_server("OLIVIA_API_key","/xxxxxxx/links/otherUser@pasteur.fr/","F0045a9ffd77d1226")
To disable this, i'm trying to add an associate role when I launch the upload_file_from_server command but I get an error.
giOlivia.libraries.upload_file_from_server("OLIVIA_API_key","/xxxxxxxx/links/olivia@pasteur.fr/", "F0045a9ffd77d1226", roles='olivia@pasteur.fr')
and I get the following error:
Traceback (most recent call last):
File "<input>", line 1, in <module>
File "/usr/local/lib/python2.7/dist-packages/bioblend-0.4.2_dev-py2.7.egg/bioblend/galaxy/libraries/__init__.py", line 242, in upload_file_from_server
return self._do_upload(**vars)
File "/usr/local/lib/python2.7/dist-packages/bioblend-0.4.2_dev-py2.7.egg/bioblend/galaxy/libraries/__init__.py", line 190, in _do_upload
files_attached=files_attached)
File "/usr/local/lib/python2.7/dist-packages/bioblend-0.4.2_dev-py2.7.egg/bioblend/galaxy/client.py", line 71, in _post
r = self.gi.make_post_request(url, payload=payload,
files_attached=files_attached)
File "/usr/local/lib/python2.7/dist-packages/bioblend-0.4.2_dev-py2.7.egg/bioblend/galaxyclient.py", line 94, in make_post_request
r.status_code, body=r.text) # @see self.body for HTTP response
body
ConnectionError: Unexpected response from galaxy: 500: <html>
<head><title>Internal Server Error</title></head>
<body>
<h1>Internal Server Error</h1> <p>The server has either erred or is incapable of performing
the requested operation.
<br/>
<!-- --></p>
<hr noshade> <div align="right">WSGI Server</div>
</body>
</html>
If the API is producing an error message can you share that: in particular this code is probably resulting in an error or some kind?
elif roles: # Check to see if the user selected roles to associate
with the DATASET_ACCESS permission # on the dataset that would cause accessibility issues. vars = dict( DATASET_ACCESS_in=roles ) permissions, in_roles, error, message = \ trans.app.security_agent.derive_roles_from_access( trans, library.id, cntrller, library=True, **vars ) if error: if cntrller == 'api': return 400, message
the api does not produce any error when the api key corresponds to the user which tries to import its own data.
Has your institute made modifications Galaxy to enforce this constraint - ("it can't be possible that any user may upload any other user's data in their Galaxy Data library")? Also is the thing you are trying to do something that is working through the web ui but not through the API, or have you only tried through the API?
I did a few tests yesterday, and to resume, it works as it should using the api script but there is a problem using bioblend. I'm not sure that roles are really needed here, i only thought that it could guide galaxy (and bioblend) to not upload data that does not belong to user (corresponding to the API key)
I looked at the sources, and my major doubt was that bioblend didn't pass all the arguments but it does, everything is transmitted to galaxy do it should work.
Tell me if you need more information. I'll look further on monday but i'm kind of stuck.
Thank you for your help,
Cheers,