details: http://www.bx.psu.edu/hg/galaxy/rev/99dcba7af5b6 changeset: 2661:99dcba7af5b6 user: Greg Von Kuster greg@bx.psu.edu date: Fri Sep 04 10:31:23 2009 -0400 description: More performance improvements in checking security on datasets and generatng HTML for libraries, and a bit of code cleanup in these areas.
30 file(s) affected in this change:
lib/galaxy/model/__init__.py lib/galaxy/model/mapping.py lib/galaxy/model/migrate/versions/0017_library_item_indexes.py lib/galaxy/security/__init__.py lib/galaxy/tools/actions/__init__.py lib/galaxy/tools/parameters/basic.py lib/galaxy/web/controllers/admin.py lib/galaxy/web/controllers/dataset.py lib/galaxy/web/controllers/history.py lib/galaxy/web/controllers/library.py lib/galaxy/web/controllers/requests.py lib/galaxy/web/controllers/root.py lib/galaxy/web/framework/__init__.py templates/admin/library/browse_library.mako templates/admin/library/common.mako templates/admin/library/ldda_info.mako templates/dataset/edit_attributes.mako templates/library/browse_library.mako templates/library/common.mako templates/library/folder_info.mako templates/library/folder_permissions.mako templates/library/ldda_edit_info.mako templates/library/ldda_info.mako templates/library/library_dataset_info.mako templates/library/library_dataset_permissions.mako templates/library/library_info.mako templates/library/library_permissions.mako templates/mobile/history/detail.mako templates/mobile/manage_library.mako templates/root/history_common.mako
diffs (1594 lines):
diff -r adff03258b45 -r 99dcba7af5b6 lib/galaxy/model/__init__.py --- a/lib/galaxy/model/__init__.py Fri Sep 04 10:23:37 2009 -0400 +++ b/lib/galaxy/model/__init__.py Fri Sep 04 10:31:23 2009 -0400 @@ -709,9 +709,9 @@ folder.order_id = self.item_count self.item_count += 1 def get_info_association( self, restrict=False ): - # If restrict is True, we will return this folder's info_association whether it - # exists or not. If restrict is False, we'll return the next available info_association - # in the inheritable hierarchy + # If restrict is True, we will return this folder's info_association, not inheriting. + # If restrict is False, we'll return the next available info_association in the + # inheritable hierarchy if self.info_association: return self.info_association[0] if restrict: @@ -721,9 +721,6 @@ if self.library_root: return self.library_root[0].get_info_association() return None - @property - def active_components( self ): - return list( self.active_folders ) + list( self.active_library_datasets ) @property def active_library_datasets( self ): # This needs to be a list @@ -736,10 +733,6 @@ def active_datasets( self ): # This needs to be a list return [ ld.library_dataset_dataset_association.dataset for ld in self.datasets if not ld.library_dataset_dataset_association.deleted ] - @property #make this a relation - def activatable_folders( self ): - # This needs to be a list - return [ folder for folder in self.folders if not folder.purged ]
class LibraryDataset( object ): # This class acts as a proxy to the currently selected LDDA @@ -1062,17 +1055,11 @@ return s return False def submitted(self): - if self.state == self.states.SUBMITTED: - return True - return False + return self.state == self.states.SUBMITTED def unsubmitted(self): - if self.state == self.states.UNSUBMITTED: - return True - return False + return self.state == self.states.UNSUBMITTED def complete(self): - if self.state == self.states.COMPLETE: - return True - return False + return self.state == self.states.COMPLETE
class RequestType( object ): def __init__(self, name=None, desc=None, request_form=None, sample_form=None): diff -r adff03258b45 -r 99dcba7af5b6 lib/galaxy/model/mapping.py --- a/lib/galaxy/model/mapping.py Fri Sep 04 10:23:37 2009 -0400 +++ b/lib/galaxy/model/mapping.py Fri Sep 04 10:31:23 2009 -0400 @@ -233,10 +233,10 @@ Column( "id", Integer, primary_key=True ), Column( "library_dataset_dataset_association_id", Integer, ForeignKey( "library_dataset_dataset_association.id", use_alter=True, name="library_dataset_dataset_association_id_fk" ), nullable=True, index=True ),#current version of dataset, if null, there is not a current version selected Column( "folder_id", Integer, ForeignKey( "library_folder.id" ), index=True ), - Column( "order_id", Integer ), + Column( "order_id", Integer ), #not currently being used, but for possible future use Column( "create_time", DateTime, default=now ), Column( "update_time", DateTime, default=now, onupdate=now ), - Column( "name", TrimmedString( 255 ), key="_name" ), #when not None/null this will supercede display in library (but not when imported into user's history?) + Column( "name", TrimmedString( 255 ), key="_name", index=True ), #when not None/null this will supercede display in library (but not when imported into user's history?) Column( "info", TrimmedString( 255 ), key="_info" ), #when not None/null this will supercede display in library (but not when imported into user's history?) Column( "deleted", Boolean, index=True, default=False ) )
@@ -248,7 +248,7 @@ Column( "update_time", DateTime, default=now, onupdate=now ), Column( "copied_from_history_dataset_association_id", Integer, ForeignKey( "history_dataset_association.id", use_alter=True, name='history_dataset_association_dataset_id_fkey' ), nullable=True ), Column( "copied_from_library_dataset_dataset_association_id", Integer, ForeignKey( "library_dataset_dataset_association.id", use_alter=True, name='library_dataset_dataset_association_id_fkey' ), nullable=True ), - Column( "name", TrimmedString( 255 ) ), + Column( "name", TrimmedString( 255 ), index=True ), Column( "info", TrimmedString( 255 ) ), Column( "blurb", TrimmedString( 255 ) ), Column( "peek" , TEXT ), @@ -276,9 +276,9 @@ Column( "parent_id", Integer, ForeignKey( "library_folder.id" ), nullable = True, index=True ), Column( "create_time", DateTime, default=now ), Column( "update_time", DateTime, default=now, onupdate=now ), - Column( "name", TEXT ), + Column( "name", TEXT, index=True ), Column( "description", TEXT ), - Column( "order_id", Integer ), + Column( "order_id", Integer ), #not currently being used, but for possible future use Column( "item_count", Integer ), Column( "deleted", Boolean, index=True, default=False ), Column( "purged", Boolean, index=True, default=False ), @@ -823,15 +823,16 @@ folders=relation( LibraryFolder, primaryjoin=( LibraryFolder.table.c.parent_id == LibraryFolder.table.c.id ), + order_by=asc( LibraryFolder.table.c.name ), backref=backref( "parent", primaryjoin=( LibraryFolder.table.c.parent_id == LibraryFolder.table.c.id ), remote_side=[LibraryFolder.table.c.id] ) ), active_folders=relation( LibraryFolder, primaryjoin=( ( LibraryFolder.table.c.parent_id == LibraryFolder.table.c.id ) & ( not_( LibraryFolder.table.c.deleted ) ) ), - order_by=asc( LibraryFolder.table.c.order_id ), + order_by=asc( LibraryFolder.table.c.name ), lazy=True, #"""sqlalchemy.exceptions.ArgumentError: Error creating eager relationship 'active_folders' on parent class '<class 'galaxy.model.LibraryFolder'>' to child class '<class 'galaxy.model.LibraryFolder'>': Cant use eager loading on a self referential relationship.""" viewonly=True ), datasets=relation( LibraryDataset, primaryjoin=( ( LibraryDataset.table.c.folder_id == LibraryFolder.table.c.id ) ), - order_by=asc( LibraryDataset.table.c.order_id ), + order_by=asc( LibraryDataset.table.c._name ), lazy=False, viewonly=True ) ) ) diff -r adff03258b45 -r 99dcba7af5b6 lib/galaxy/model/migrate/versions/0017_library_item_indexes.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/lib/galaxy/model/migrate/versions/0017_library_item_indexes.py Fri Sep 04 10:31:23 2009 -0400 @@ -0,0 +1,53 @@ +""" +This script adds 3 indexes to table columns: library_folder.name, +library_dataset.name, library_dataset_dataset_association.name. +""" +from sqlalchemy import * +from sqlalchemy.orm import * +from migrate import * +import sys, logging + +log = logging.getLogger( __name__ ) +log.setLevel(logging.DEBUG) +handler = logging.StreamHandler( sys.stdout ) +format = "%(name)s %(levelname)s %(asctime)s %(message)s" +formatter = logging.Formatter( format ) +handler.setFormatter( formatter ) +log.addHandler( handler ) + +metadata = MetaData( migrate_engine ) +db_session = scoped_session( sessionmaker( bind=migrate_engine, autoflush=False, transactional=False ) ) +LibraryFolder_table = Table( "library_folder", metadata, autoload=True ) +LibraryDatasetDatasetAssociation_table = Table( "library_dataset_dataset_association", metadata, autoload=True ) +LibraryDataset_table = Table( "library_dataset", metadata, autoload=True ) + +def display_migration_details(): + print "========================================" + print "This script adds 3 indexes to table columns: library_folder.name," + print "library_dataset.name, library_dataset_dataset_association.name." + print "========================================" + +def upgrade(): + display_migration_details() + # Load existing tables + metadata.reflect() + # Add 1 index to the library_folder table + i = Index( 'ix_library_folder_name', LibraryFolder_table.c.name ) + try: + i.create() + except Exception, e: + log.debug( "Adding index 'ix_library_folder_name' to library_folder table failed: %s" % ( str( e ) ) ) + # Add 1 index to the library_dataset_dataset_association table + i = Index( 'ix_library_dataset_dataset_association_name', LibraryDatasetDatasetAssociation_table.c.name ) + try: + i.create() + except Exception, e: + log.debug( "Adding index 'ix_library_dataset_dataset_association_name' to library_dataset_dataset_association table failed: %s" % ( str( e ) ) ) + # Add 1 index to the library_dataset table + i = Index( 'ix_library_dataset_name', LibraryDataset_table.c.name ) + try: + i.create() + except Exception, e: + log.debug( "Adding index 'ix_library_dataset_name' to library_dataset table failed: %s" % ( str( e ) ) ) +def downgrade(): + log.debug( "Downgrade is not possible." ) diff -r adff03258b45 -r 99dcba7af5b6 lib/galaxy/security/__init__.py --- a/lib/galaxy/security/__init__.py Fri Sep 04 10:23:37 2009 -0400 +++ b/lib/galaxy/security/__init__.py Fri Sep 04 10:31:23 2009 -0400 @@ -33,11 +33,19 @@ def get_actions( self ): """Get all permitted actions as a list of Action objects""" return self.permitted_actions.__dict__.values() - def allow_action( self, user, roles, action, **kwd ): - raise 'No valid method of checking action (%s) on %s for user %s.' % ( action, kwd, user ) def get_item_action( self, action, item ): raise 'No valid method of retrieving action (%s) for item %s.' % ( action, item ) def guess_derived_permissions_for_datasets( self, datasets = [] ): + raise "Unimplemented Method" + def can_access_dataset( self, roles, dataset ): + raise "Unimplemented Method" + def can_manage_dataset( self, roles, dataset ): + raise "Unimplemented Method" + def can_add_library_item( self, user, roles, item ): + raise "Unimplemented Method" + def can_modify_library_item( self, user, roles, item ): + raise "Unimplemented Method" + def can_manage_library_item( self, user, roles, item ): raise "Unimplemented Method" def associate_components( self, **kwd ): raise 'No valid method of associating provided components: %s' % kwd @@ -89,36 +97,20 @@ to allow migration toward a more SQLAlchemy 0.4 style of use. """ return self.model.context.current - def allow_action( self, user, roles, action, **kwd ): - if 'dataset' in kwd: - return self.allow_dataset_action( user, roles, action, kwd[ 'dataset' ] ) - elif 'library_item' in kwd: - return self.allow_library_item_action( user, roles, action, kwd[ 'library_item' ] ) - raise 'No valid method of checking action (%s) for user %s using kwd %s' % ( action, str( user ), str( kwd ) ) - def allow_dataset_action( self, user, roles, action, dataset ): - """Returns true when user has permission to perform an action""" - if not user: - if action == self.permitted_actions.DATASET_ACCESS and action.action not in [ dp.action for dp in dataset.actions ]: - # anons only get access, and only if there are no roles required for the access action - # Other actions (or if the dataset has roles defined for the access action) fall through - # to the false below for anons - return True - elif action.action not in [ dp.action for dp in dataset.actions ]: - if action.model == 'restrict': - # Implicit access to restrict-style actions if the dataset does not have the action - # Grant style actions fall through to the false below - return True - else: - perms = self.get_dataset_permissions( dataset ) - if action in perms.keys(): - # The filter() returns a list of the dataset's role ids of which the user is not a member, - # so an empty list means the user has all of the required roles. - if not filter( lambda x: x not in roles, [ r for r in perms[ action ] ] ): - # User has all of the roles required to perform the action - return True - # The user is missing at least one required role - return False - def allow_library_item_action( self, user, roles, action, library_item ): + def allow_dataset_action( self, roles, action, dataset ): + """ + Returns true when user has permission to perform an action on an + instance of Dataset. + """ + dataset_action = self.get_item_action( action, dataset ) + if dataset_action is None: + return action.model == 'restrict' + return dataset_action.role in roles + def can_access_dataset( self, roles, dataset ): + return self.allow_dataset_action( roles, self.permitted_actions.DATASET_ACCESS, dataset ) + def can_manage_dataset( self, roles, dataset ): + return self.allow_dataset_action( roles, self.permitted_actions.DATASET_MANAGE_PERMISSIONS, dataset ) + def allow_library_item_action( self, user, roles, action, item ): """ Method for checking a permission for the current user to perform a specific library action on a library item, which must be one of: @@ -127,30 +119,22 @@ if user is None: # All permissions are granted, so non-users cannot have permissions return False - # Check to see if user has access to any of the roles - allowed_role_assocs = [] - for item_class, permission_class in self.library_item_assocs: - if isinstance( library_item, item_class ): - if permission_class == self.model.LibraryPermissions: - allowed_role_assocs = permission_class.filter_by( action=action.action, - library=library_item ).all() - elif permission_class == self.model.LibraryFolderPermissions: - allowed_role_assocs = permission_class.filter_by( action=action.action, - folder=library_item ).all() - elif permission_class == self.model.LibraryDatasetPermissions: - allowed_role_assocs = permission_class.filter_by( action=action.action, - library_dataset=library_item ).all() - elif permission_class == self.model.LibraryDatasetDatasetAssociationPermissions: - allowed_role_assocs = permission_class.filter_by( action=action.action, - library_dataset_dataset_association=library_item ).all() - for allowed_role_assoc in allowed_role_assocs: - if allowed_role_assoc.role in roles: - return True - return False + # Check to see if user has access to any of the roles associated with action + item_action = self.get_item_action( action, item ) + if item_action is None: + # All permissions are granted, so item must have action + return False + return item_action.role in roles + def can_add_library_item( self, user, roles, item ): + return self.allow_library_item_action( user, roles, self.permitted_actions.LIBRARY_ADD, item ) + def can_modify_library_item( self, user, roles, item ): + return self.allow_library_item_action( user, roles, self.permitted_actions.LIBRARY_MODIFY, item ) + def can_manage_library_item( self, user, roles, item ): + return self.allow_library_item_action( user, roles, self.permitted_actions.LIBRARY_MANAGE, item ) def get_item_action( self, action, item ): # item must be one of: Dataset, Library, LibraryFolder, LibraryDataset, LibraryDatasetDatasetAssociation for permission in item.actions: - if permission.action == action: + if permission.action == action.action: return permission return None def guess_derived_permissions_for_datasets( self, datasets=[] ): @@ -282,10 +266,7 @@ if [ assoc for assoc in dataset.history_associations if assoc.history not in user.histories ]: # Don't change permissions on a dataset associated with a history not owned by the user continue - if bypass_manage_permission or self.allow_action( user, - user.all_roles(), - self.permitted_actions.DATASET_MANAGE_PERMISSIONS, - dataset=dataset ): + if bypass_manage_permission or self.can_manage_dataset( user.all_roles(), dataset ): self.set_all_dataset_permissions( dataset, permissions ) def history_get_default_permissions( self, history ): permissions = {} @@ -445,7 +426,7 @@ the string, True is returned if the current user has permission to perform any 1 of actions_to_check on library_item. Otherwise, cycle through all sub-folders in library_item until one is found that meets this criteria, if it exists. - """ + """ for action in actions_to_check: if self.allow_library_item_action( user, roles, action, library_item ): return True, hidden_folder_ids @@ -515,7 +496,7 @@ with the string, True is returned if the current user has permission to access folder. Otherwise, cycle through all sub-folders in folder until one is found that meets this criteria, if it exists. """ - action = self.permitted_actions.DATASET_ACCESS.action + action = self.permitted_actions.DATASET_ACCESS lddas = self.sa_session.query( self.model.LibraryDatasetDatasetAssociation ) \ .join( "library_dataset" ) \ .filter( self.model.LibraryDataset.folder == folder ) \ diff -r adff03258b45 -r 99dcba7af5b6 lib/galaxy/tools/actions/__init__.py --- a/lib/galaxy/tools/actions/__init__.py Fri Sep 04 10:23:37 2009 -0400 +++ b/lib/galaxy/tools/actions/__init__.py Fri Sep 04 10:31:23 2009 -0400 @@ -48,10 +48,7 @@ assoc.flush() data = new_data user, roles = trans.get_user_and_roles() - if data and not trans.app.security_agent.allow_action( user, - roles, - data.permitted_actions.DATASET_ACCESS, - dataset=data.dataset ): + if data and not trans.app.security_agent.can_access_dataset( roles, data.dataset ): raise "User does not have permission to use a dataset (%s) provided for input." % data.id return data if isinstance( input, DataToolParameter ): @@ -267,10 +264,7 @@ user, roles = trans.get_user_and_roles() for name, dataset in inp_data.iteritems(): if dataset: - if not trans.app.security_agent.allow_action( user, - roles, - dataset.permitted_actions.DATASET_ACCESS, - dataset=dataset.dataset ): + if not trans.app.security_agent.can_access_dataset( roles, dataset.dataset ): raise "User does not have permission to use a dataset (%s) provided for input." % data.id job.add_input_dataset( name, dataset ) else: diff -r adff03258b45 -r 99dcba7af5b6 lib/galaxy/tools/parameters/basic.py --- a/lib/galaxy/tools/parameters/basic.py Fri Sep 04 10:23:37 2009 -0400 +++ b/lib/galaxy/tools/parameters/basic.py Fri Sep 04 10:31:23 2009 -0400 @@ -1149,19 +1149,11 @@ hid = str( hda.hid ) if not hda.dataset.state in [galaxy.model.Dataset.states.ERROR, galaxy.model.Dataset.states.DISCARDED] and \ hda.visible and \ - trans.app.security_agent.allow_action( user, - roles, - hda.permitted_actions.DATASET_ACCESS, - dataset=hda.dataset ): + trans.app.security_agent.can_access_dataset( roles, hda.dataset ): # If we are sending data to an external application, then we need to make sure there are no roles - # associated with the dataset that restrict it's access from "public". We determine this by sending - # None as the user to the allow_action method. - if self.tool and self.tool.tool_type == 'data_destination': - if not trans.app.security_agent.allow_action( None, - None, - hda.permitted_actions.DATASET_ACCESS, - dataset=hda.dataset ): - continue + # associated with the dataset that restrict it's access from "public". + if self.tool and self.tool.tool_type == 'data_destination' and not trans.app.security_agent.dataset_is_public( hda.dataset ): + continue if self.options and hda.get_dbkey() != filter_value: continue if isinstance( hda.datatype, self.formats): @@ -1172,10 +1164,7 @@ if target_ext: if converted_dataset: hda = converted_dataset - if not trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.DATASET_ACCESS, - dataset=hda.dataset ): + if not trans.app.security_agent.can_access_dataset( roles, hda.dataset ): continue selected = ( value and ( hda in value ) ) field.add_option( "%s: (as %s) %s" % ( hid, target_ext, hda_name ), hda.id, selected ) diff -r adff03258b45 -r 99dcba7af5b6 lib/galaxy/web/controllers/admin.py --- a/lib/galaxy/web/controllers/admin.py Fri Sep 04 10:23:37 2009 -0400 +++ b/lib/galaxy/web/controllers/admin.py Fri Sep 04 10:31:23 2009 -0400 @@ -2001,7 +2001,6 @@ show_deleted=False, msg=msg, messagetype=messagetype ) - def _save_request_type(self, trans, **kwd): params = util.Params( kwd ) num_states = int( util.restore_text( params.get( 'num_states', 0 ) )) @@ -2031,7 +2030,6 @@ ss.flush() msg = "The new request type named '%s' with %s state(s) has been created" % (rt.name, num_states) return rt, msg - @web.expose @web.require_admin def delete_request_type( self, trans, **kwd ): @@ -2045,7 +2043,6 @@ action='manage_request_types', msg='Request type <b>%s</b> has been deleted' % rt.name, messagetype='done') ) - @web.expose @web.require_admin def undelete_request_type( self, trans, **kwd ): diff -r adff03258b45 -r 99dcba7af5b6 lib/galaxy/web/controllers/dataset.py --- a/lib/galaxy/web/controllers/dataset.py Fri Sep 04 10:23:37 2009 -0400 +++ b/lib/galaxy/web/controllers/dataset.py Fri Sep 04 10:31:23 2009 -0400 @@ -109,10 +109,7 @@ if not data: raise paste.httpexceptions.HTTPRequestRangeNotSatisfiable( "Invalid reference dataset id: %s." % str( dataset_id ) ) user, roles = trans.get_user_and_roles() - if trans.app.security_agent.allow_action( user, - roles, - data.permitted_actions.DATASET_ACCESS, - dataset=data.dataset ): + if trans.app.security_agent.can_access_dataset( roles, data.dataset ): if data.state == trans.model.Dataset.states.UPLOAD: return trans.show_error_message( "Please wait until this dataset finishes uploading before attempting to view it." ) if filename is None or filename.lower() == "index": @@ -147,12 +144,9 @@ return trans.show_error_message( 'Invalid parameters specified for "display at" link, please contact a Galaxy administrator' ) redirect_url = kwd['redirect_url'] % urllib.quote_plus( kwd['display_url'] ) user, roles = trans.get_user_and_roles() - if trans.app.security_agent.allow_action( None, None, data.permitted_actions.DATASET_ACCESS, dataset=data.dataset ): + if trans.app.security_agent.dataset_is_public( data.dataset ): return trans.response.send_redirect( redirect_url ) # anon access already permitted by rbac - if trans.app.security_agent.allow_action( user, - roles, - data.permitted_actions.DATASET_ACCESS, - dataset=data.dataset ): + if trans.app.security_agent.can_access_dataset( roles, data.dataset ): trans.app.host_security_agent.set_dataset_permissions( data, trans.user, site ) return trans.response.send_redirect( redirect_url ) else: diff -r adff03258b45 -r 99dcba7af5b6 lib/galaxy/web/controllers/history.py --- a/lib/galaxy/web/controllers/history.py Fri Sep 04 10:23:37 2009 -0400 +++ b/lib/galaxy/web/controllers/history.py Fri Sep 04 10:31:23 2009 -0400 @@ -443,15 +443,9 @@ for hda in history.activatable_datasets: # If the current dataset is not public, we may need to perform an action on it to # make it accessible by the other user. - if not trans.app.security_agent.allow_action( send_to_user, - send_to_user.all_roles(), - trans.app.security_agent.permitted_actions.DATASET_ACCESS, - dataset=hda.dataset ): + if not trans.app.security_agent.can_access_dataset( send_to_user.all_roles(), hda.dataset ): # The user with which we are sharing the history does not have access permission on the current dataset - if trans.app.security_agent.allow_action( user, - user_roles, - trans.app.security_agent.permitted_actions.DATASET_MANAGE_PERMISSIONS, - dataset=hda.dataset ) and not hda.dataset.library_associations: + if trans.app.security_agent.can_manage_dataset( user_roles, hda.dataset ) and not hda.dataset.library_associations: # The current user has authority to change permissions on the current dataset because # they have permission to manage permissions on the dataset and the dataset is not associated # with a library. @@ -556,15 +550,9 @@ no_change_needed[ send_to_user ][ history ] = [ hda ] else: no_change_needed[ send_to_user ][ history ].append( hda ) - elif not trans.app.security_agent.allow_action( send_to_user, - send_to_user.all_roles(), - trans.app.security_agent.permitted_actions.DATASET_ACCESS, - dataset=hda.dataset ): + elif not trans.app.security_agent.can_access_dataset( send_to_user.all_roles(), hda.dataset ): # The user with which we are sharing the history does not have access permission on the current dataset - if trans.app.security_agent.allow_action( user, - user_roles, - trans.app.security_agent.permitted_actions.DATASET_MANAGE_PERMISSIONS, - dataset=hda.dataset ) and not hda.dataset.library_associations: + if trans.app.security_agent.can_manage_dataset( user_roles, hda.dataset ) and not hda.dataset.library_associations: # The current user has authority to change permissions on the current dataset because # they have permission to manage permissions on the dataset and the dataset is not associated # with a library. diff -r adff03258b45 -r 99dcba7af5b6 lib/galaxy/web/controllers/library.py --- a/lib/galaxy/web/controllers/library.py Fri Sep 04 10:23:37 2009 -0400 +++ b/lib/galaxy/web/controllers/library.py Fri Sep 04 10:31:23 2009 -0400 @@ -2,6 +2,7 @@ from galaxy.model.orm import * from galaxy.datatypes import sniff from galaxy import util +from galaxy.util.odict import odict from galaxy.web.controllers.forms import get_all_forms, get_form_widgets from galaxy.util.streamball import StreamBall import logging, tempfile, zipfile, tarfile, os, sys @@ -74,7 +75,7 @@ # The folders that should not be displayed may not be a complete list, but it is ultimately passed # to the browse_library() method and the browse_library.mako template to keep from re-checking the # same folders when the library is rendered. - authorized_libraries = {} + authorized_libraries = odict() for library in all_libraries: can_access, hidden_folder_ids = trans.app.security_agent.check_folder_contents( user, roles, library.root_folder ) if can_access: @@ -283,10 +284,7 @@ user, roles = trans.get_user_and_roles() for id in ldda_ids: ldda = trans.app.model.LibraryDatasetDatasetAssociation.get( id ) - if not ldda or not trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.DATASET_ACCESS, - dataset = ldda.dataset ): + if not ldda or not trans.app.security_agent.can_access_dataset( roles, ldda.dataset ): continue path = "" parent_folder = ldda.library_dataset.folder @@ -384,10 +382,7 @@ user, roles = trans.get_user_and_roles() if action == 'information': if params.get( 'edit_attributes_button', False ): - if trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, - library_item=library_dataset ): + if trans.app.security_agent.can_modify_library_item( user, roles, library_dataset ): if params.get( 'edit_attributes_button', False ): old_name = library_dataset.name new_name = util.restore_text( params.get( 'name', '' ) ) @@ -411,10 +406,7 @@ messagetype=messagetype ) elif action == 'permissions': if params.get( 'update_roles_button', False ): - if trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.LIBRARY_MANAGE, - library_item=library_dataset ): + if trans.app.security_agent.can_manage_library_item( user, roles, library_dataset ): # The user clicked the Save button on the 'Associate With Roles' form permissions = {} for k, v in trans.app.model.Library.permitted_actions.items(): @@ -501,14 +493,8 @@ if action == 'permissions': if params.get( 'update_roles_button', False ): # The user clicked the Save button on the 'Associate With Roles' form - if trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.LIBRARY_MANAGE, - library_item=ldda ) and \ - trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.DATASET_MANAGE_PERMISSIONS, - dataset=ldda.dataset ): + if trans.app.security_agent.can_manage_library_item( user, roles, ldda ) and \ + trans.app.security_agent.can_manage_dataset( roles, ldda.dataset ): permissions = {} for k, v in trans.app.model.Dataset.permitted_actions.items(): in_roles = [ trans.app.model.Role.get( x ) for x in util.listify( params.get( k + '_in', [] ) ) ] @@ -547,10 +533,7 @@ elif action == 'edit_info': if params.get( 'change', False ): # The user clicked the Save button on the 'Change data type' form - if trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, - library_item=ldda ): + if trans.app.security_agent.can_modify_library_item( user, roles, ldda ): if ldda.datatype.allow_datatype_change and trans.app.datatypes_registry.get_datatype_by_extension( params.datatype ).allow_datatype_change: trans.app.datatypes_registry.change_datatype( ldda, params.datatype ) trans.app.model.flush() @@ -571,10 +554,7 @@ messagetype=messagetype ) elif params.get( 'save', False ): # The user clicked the Save button on the 'Edit Attributes' form - if trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, - library_item=ldda ): + if trans.app.security_agent.can_modify_library_item( user, roles, ldda ): old_name = ldda.name new_name = util.restore_text( params.get( 'name', '' ) ) new_info = util.restore_text( params.get( 'info', '' ) ) @@ -613,10 +593,7 @@ messagetype=messagetype ) elif params.get( 'detect', False ): # The user clicked the Auto-detect button on the 'Edit Attributes' form - if trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, - library_item=ldda ): + if trans.app.security_agent.can_modify_library_item( user, roles, ldda ): for name, spec in ldda.datatype.metadata_spec.items(): # We need to be careful about the attributes we are resetting if name not in [ 'name', 'info', 'dbkey' ]: @@ -638,10 +615,7 @@ msg=msg, messagetype=messagetype ) elif params.get( 'delete', False ): - if trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, - library_item=folder ): + if trans.app.security_agent.can_modify_library_item( user, roles, folder ): ldda.deleted = True ldda.flush() msg = 'Dataset %s has been removed from this library' % ldda.name @@ -656,10 +630,7 @@ widgets=widgets, msg=msg, messagetype=messagetype ) - if trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, - library_item=ldda ): + if trans.app.security_agent.can_modify_library_item( user, roles, ldda ): ldda.datatype.before_edit( ldda ) if "dbkey" in ldda.datatype.metadata_spec and not ldda.metadata.dbkey: # Copy dbkey into metadata, for backwards compatability @@ -697,14 +668,8 @@ messagetype='error' ) ) if action == 'permissions': if params.get( 'update_roles_button', False ): - if trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.LIBRARY_MANAGE, - library_item=ldda ) and \ - trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.DATASET_MANAGE_PERMISSIONS, - dataset=ldda.dataset ): + if trans.app.security_agent.can_manage_library_item( user, roles, ldda ) and \ + trans.app.security_agent.can_manage_dataset( roles, ldda.dataset ): permissions = {} for k, v in trans.app.model.Dataset.permitted_actions.items(): in_roles = [ trans.app.model.Role.get( x ) for x in util.listify( params.get( k + '_in', [] ) ) ] @@ -735,14 +700,8 @@ library_id=library_id, msg=msg, messagetype=messagetype ) - if trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.LIBRARY_MANAGE, - library_item=ldda ) and \ - trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.DATASET_MANAGE_PERMISSIONS, - dataset=ldda.dataset ): + if trans.app.security_agent.can_manage_library_item( user, roles, ldda ) and \ + trans.app.security_agent.can_manage_dataset( roles, ldda.dataset ): # Ensure that the permissions across all library items are identical, otherwise we can't update them together. check_list = [] for ldda in lddas: @@ -774,14 +733,8 @@ library_id=library_id, msg=msg, messagetype=messagetype ) - if trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.LIBRARY_ADD, - library_item=folder ) or \ - ( replace_dataset and trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, - library_item=replace_dataset ) ): + if trans.app.security_agent.can_add_library_item( user, roles, folder ) or \ + ( replace_dataset and trans.app.security_agent.can_modify_library_item( user, roles, replace_dataset ) ): if params.get( 'new_dataset_button', False ): upload_option = params.get( 'upload_option', 'upload_file' ) created_ldda_ids = trans.webapp.controllers[ 'library_dataset' ].upload_dataset( trans, @@ -804,10 +757,7 @@ # Since permissions on all LibraryDatasetDatasetAssociations must be the same at this point, we only need # to check one of them to see if the current user can manage permissions on them. check_ldda = trans.app.model.LibraryDatasetDatasetAssociation.get( ldda_id_list[0] ) - if trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.LIBRARY_MANAGE, - library_item=check_ldda ): + if trans.app.security_agent.can_manage_library_item( user, roles, check_ldda ): if replace_dataset: default_action = '' else: @@ -929,10 +879,7 @@ # to check one of them to see if the current user can manage permissions on them. check_ldda = trans.app.model.LibraryDatasetDatasetAssociation.get( ldda_id_list[0] ) user, roles = trans.get_user_and_roles() - if trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.LIBRARY_MANAGE, - library_item=check_ldda ): + if trans.app.security_agent.can_manage_library_item( user, roles, check_ldda ): if replace_dataset: default_action = '' else: @@ -1033,10 +980,7 @@ else: widgets = [] if params.get( 'rename_folder_button', False ): - if trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, - library_item=folder ): + if trans.app.security_agent.can_modify_library_item( user, roles, folder ): old_name = folder.name new_name = util.restore_text( params.name ) new_description = util.restore_text( params.description ) @@ -1077,10 +1021,7 @@ elif action == 'permissions': if params.get( 'update_roles_button', False ): # The user clicked the Save button on the 'Associate With Roles' form - if trans.app.security_agent.allow_action( user, - roles, - trans.app.security_agent.permitted_actions.LIBRARY_MANAGE, - library_item=folder ): + if trans.app.security_agent.can_manage_library_item( user, roles, folder ): permissions = {} for k, v in trans.app.model.Library.permitted_actions.items(): in_roles = [ trans.app.model.Role.get( int( x ) ) for x in util.listify( params.get( k + '_in', [] ) ) ] @@ -1202,3 +1143,41 @@ edit_info=True, msg=util.sanitize_text( msg ), messagetype='done' ) ) + +# ---- Utility methods ------------------------------------------------------- + +def active_folders( trans, folder ): + # Much faster way of retrieving all active sub-folders within a given folder than the + # performance of the mapper. This query also eagerloads the permissions on each folder. + return trans.sa_session.query( trans.app.model.LibraryFolder ) \ + .filter_by( parent=folder, deleted=False ) \ + .options( eagerload_all( "actions" ) ) \ + .order_by( trans.app.model.LibraryFolder.table.c.name ) \ + .all() +def activatable_folders( trans, folder ): + return trans.sa_session.query( trans.app.model.LibraryFolder ) \ + .filter_by( parent=folder, purged=False ) \ + .options( eagerload_all( "actions" ) ) \ + .order_by( trans.app.model.LibraryFolder.table.c.name ) \ + .all() +def active_folders_and_lddas( trans, folder ): + folders = active_folders( trans, folder ) + # This query is much faster than the folder.active_library_datasets property + lddas = trans.sa_session.query( trans.app.model.LibraryDatasetDatasetAssociation ) \ + .filter_by( deleted=False ) \ + .join( "library_dataset" ) \ + .filter( trans.app.model.LibraryDataset.table.c.folder_id==folder.id ) \ + .order_by( trans.app.model.LibraryDatasetDatasetAssociation.table.c.name ) \ + .all() + return folders, lddas +def activatable_folders_and_lddas( trans, folder ): + folders = activatable_folders( trans, folder ) + # This query is much faster than the folder.activatable_library_datasets property + lddas = trans.sa_session.query( trans.app.model.LibraryDatasetDatasetAssociation ) \ + .join( "library_dataset" ) \ + .filter( trans.app.model.LibraryDataset.table.c.folder_id==folder.id ) \ + .join( "dataset" ) \ + .filter( trans.app.model.Dataset.table.c.deleted==False ) \ + .order_by( trans.app.model.LibraryDatasetDatasetAssociation.table.c.name ) \ + .all() + return folders, lddas diff -r adff03258b45 -r 99dcba7af5b6 lib/galaxy/web/controllers/requests.py --- a/lib/galaxy/web/controllers/requests.py Fri Sep 04 10:23:37 2009 -0400 +++ b/lib/galaxy/web/controllers/requests.py Fri Sep 04 10:31:23 2009 -0400 @@ -4,6 +4,7 @@ from galaxy.datatypes import sniff from galaxy import util from galaxy.util.streamball import StreamBall +from galaxy.util.odict import odict import logging, tempfile, zipfile, tarfile, os, sys from galaxy.web.form_builder import * from datetime import datetime, timedelta @@ -470,7 +471,7 @@ # TODO: RC, when you add the folders select list to your request form, take advantage of the hidden_folder_ids # so that you do not need to check those same folders yet again when populating the select list. # - libraries = {} + libraries = odict() for library in all_libraries: can_show, hidden_folder_ids = trans.app.security_agent.show_library_item( user, roles, library, actions_to_check ) if can_show: diff -r adff03258b45 -r 99dcba7af5b6 lib/galaxy/web/controllers/root.py --- a/lib/galaxy/web/controllers/root.py Fri Sep 04 10:23:37 2009 -0400 +++ b/lib/galaxy/web/controllers/root.py Fri Sep 04 10:31:23 2009 -0400 @@ -153,10 +153,7 @@ return "Dataset id '%s' is invalid" %str( id ) if data: user, roles = trans.get_user_and_roles() - if trans.app.security_agent.allow_action( user, - roles, - data.permitted_actions.DATASET_ACCESS, - dataset = data.dataset ): + if trans.app.security_agent.can_access_dataset( roles, data.dataset ): mime = trans.app.datatypes_registry.get_mimetype_by_extension( data.extension.lower() ) trans.response.set_content_type(mime) if tofile: @@ -189,10 +186,7 @@ child = data.get_child_by_designation( designation ) if child: user, roles = trans.get_user_and_roles() - if trans.app.security_agent.allow_action( user, - roles, - child.permitted_actions.DATASET_ACCESS, - dataset = child ): + if trans.app.security_agent.can_access_dataset( roles, child ): return self.display( trans, id=child.id, tofile=tofile, toext=toext ) else: return "You are not privileged to access this dataset." @@ -209,10 +203,7 @@ authz_method = kwd['authz_method'] if data: user, roles = trans.get_user_and_roles() - if authz_method == 'rbac' and trans.app.security_agent.allow_action( user, - roles, - data.permitted_actions.DATASET_ACCESS, - dataset = data ): + if authz_method == 'rbac' and trans.app.security_agent.can_access_dataset( roles, data ): trans.response.set_content_type( data.get_mime() ) trans.log_event( "Formatted dataset id %s for display at %s" % ( str( id ), display_app ) ) return data.as_display_type( display_app, **kwd ) @@ -262,10 +253,7 @@ if id is not None and data.history.user is not None and data.history.user != trans.user: return trans.show_error_message( "This instance of a dataset (%s) in a history does not belong to you." % ( data.id ) ) user, roles = trans.get_user_and_roles() - if trans.app.security_agent.allow_action( user, - roles, - data.permitted_actions.DATASET_ACCESS, - dataset=data.dataset ): + if trans.app.security_agent.can_access_dataset( roles, data.dataset ): if data.state == trans.model.Dataset.states.UPLOAD: return trans.show_error_message( "Please wait until this dataset finishes uploading before attempting to edit its metadata." ) params = util.Params( kwd, safe=False ) @@ -331,10 +319,7 @@ elif params.update_roles_button: if not trans.user: return trans.show_error_message( "You must be logged in if you want to change permissions." ) - if trans.app.security_agent.allow_action( user, - roles, - data.dataset.permitted_actions.DATASET_MANAGE_PERMISSIONS, - dataset = data.dataset ): + if trans.app.security_agent.can_manage_dataset( roles, data.dataset ): permissions = {} for k, v in trans.app.model.Dataset.permitted_actions.items(): in_roles = params.get( k + '_in', [] ) diff -r adff03258b45 -r 99dcba7af5b6 lib/galaxy/web/framework/__init__.py --- a/lib/galaxy/web/framework/__init__.py Fri Sep 04 10:23:37 2009 -0400 +++ b/lib/galaxy/web/framework/__init__.py Fri Sep 04 10:31:23 2009 -0400 @@ -503,7 +503,7 @@ if user: roles = user.all_roles() else: - roles = None + roles = [] return user, roles
def user_is_admin( self ): diff -r adff03258b45 -r 99dcba7af5b6 templates/admin/library/browse_library.mako --- a/templates/admin/library/browse_library.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/admin/library/browse_library.mako Fri Sep 04 10:31:23 2009 -0400 @@ -1,17 +1,15 @@ <%inherit file="/base.mako"/> -<%namespace file="common.mako" import="render_dataset" /> <%namespace file="/message.mako" import="render_msg" /> -<% from galaxy import util %> +<% + from time import strftime + from galaxy import util + from galaxy.web.controllers.library import active_folders_and_lddas, activatable_folders_and_lddas +%>
<%def name="stylesheets()"> <link href="${h.url_for('/static/style/base.css')}" rel="stylesheet" type="text/css" /> <link href="${h.url_for('/static/style/library.css')}" rel="stylesheet" type="text/css" /> </%def> - -<% -def name_sorted( l ): - return sorted( l, lambda a, b: cmp( a.name.lower(), b.name.lower() ) ) -%>
<script type="text/javascript"> $( document ).ready( function () { @@ -72,24 +70,77 @@ } </script>
-<%def name="render_folder( folder, folder_pad, deleted, show_deleted, created_ldda_ids, library_id )"> +<%def name="render_dataset( ldda, library_dataset, selected, library, folder, deleted, show_deleted )"> <% - root_folder = not folder.parent + ## The received data must always be a LibraryDatasetDatasetAssociation object. The object id passed to methods + ## from the drop down menu should be the ldda id to prevent id collision ( which could happen when displaying + ## children, which are always lddas ). We also need to make sure we're displaying the latest version of this + ## library_dataset, so we display the attributes from the ldda. + if ldda.user: + uploaded_by = ldda.user.email + else: + uploaded_by = 'anonymous' + if ldda == library_dataset.library_dataset_dataset_association: + current_version = True + else: + current_version = False + %> + <div class="historyItemWrapper historyItem historyItem-${ldda.state}" id="libraryItem-${ldda.id}"> + ## Header row for library items (name, state, action buttons) + <div class="historyItemTitleBar"> + <table cellspacing="0" cellpadding="0" border="0" width="100%"> + <tr> + <td width="*"> + %if selected: + <input type="checkbox" name="ldda_ids" value="${ldda.id}" checked/> + %else: + <input type="checkbox" name="ldda_ids" value="${ldda.id}"/> + %endif + <span class="libraryItemDeleted-${ldda.deleted}"> + <a href="${h.url_for( controller='admin', action='library_dataset_dataset_association', library_id=library.id, folder_id=folder.id, id=ldda.id, info=True, deleted=deleted, show_deleted=show_deleted )}"><b>${ldda.name[:50]}</b></a> + </span> + <a id="dataset-${ldda.id}-popup" class="popup-arrow" style="display: none;">▼</a> + %if not library.deleted and not folder.deleted and not library_dataset.deleted: + <div popupmenu="dataset-${ldda.id}-popup"> + <a class="action-button" href="${h.url_for( controller='admin', action='library_dataset_dataset_association', library_id=library.id, folder_id=folder.id, id=ldda.id, edit_info=True )}">Edit this dataset's information</a> + ## We're disabling the ability to add templates at the LDDA and LibraryDataset level, but will leave this here for possible future use + ##<a class="action-button" href="${h.url_for( controller='admin', action='info_template', library_id=library.id, library_dataset_id=library_dataset.id, new_template=True )}">Add an information template to this dataset</a> + <a class="action-button" href="${h.url_for( controller='admin', action='library_dataset_dataset_association', library_id=library.id, folder_id=folder.id, id=ldda.id, permissions=True )}">Edit this dataset's permissions</a> + %if current_version: + <a class="action-button" href="${h.url_for( controller='admin', action='library_dataset_dataset_association', library_id=library.id, folder_id=folder.id, replace_id=library_dataset.id )}">Upload a new version of this dataset</a> + %endif + %if ldda.has_data: + <a class="action-button" href="${h.url_for( controller='admin', action='download_dataset_from_folder', id=ldda.id, library_id=library.id )}">Download this dataset</a> + %endif + <a class="action-button" confirm="Click OK to delete dataset '${ldda.name}'." href="${h.url_for( controller='admin', action='delete_library_item', library_id=library.id, library_item_id=library_dataset.id, library_item_type='library_dataset' )}">Delete this dataset</a> + </div> + %elif not library.deleted and not folder.deleted and library_dataset.deleted: + <div popupmenu="dataset-${ldda.id}-popup"> + <a class="action-button" href="${h.url_for( controller='admin', action='undelete_library_item', library_id=library.id, library_item_id=library_dataset.id, library_item_type='library_dataset' )}">Undelete this dataset</a> + </div> + %endif + </td> + <td width="300">${ldda.message}</td> + <td width="150">${uploaded_by}</td> + <td width="60">${ldda.create_time.strftime( "%Y-%m-%d" )}</td> + </tr> + </table> + </div> + </div> +</%def> + +<%def name="render_folder( folder, folder_pad, deleted, show_deleted, created_ldda_ids, library_id, root_folder=False )"> + <% if root_folder: pad = folder_pad + expander = "/static/images/silk/resultset_bottom.png" + folder_img = "/static/images/silk/folder_page.png" else: pad = folder_pad + 20 - if folder_pad == 0: - expander = "/static/images/silk/resultset_bottom.png" - folder_img = "/static/images/silk/folder_page.png" - subfolder = False - else: expander = "/static/images/silk/resultset_next.png" folder_img = "/static/images/silk/folder.png" - subfolder = True - created_ldda_id_list = util.listify( created_ldda_ids ) - if created_ldda_id_list: - created_ldda_ids = [ int( ldda_id ) for ldda_id in created_ldda_id_list ] + if created_ldda_ids: + created_ldda_ids = [ int( ldda_id ) for ldda_id in util.listify( created_ldda_ids ) ] %> %if not root_folder: <li class="folderRow libraryOrFolderRow" style="padding-left: ${pad}px;"> @@ -104,10 +155,6 @@ </div> %endif %if not folder.deleted: - <% - library_item_ids = {} - library_item_ids[ 'folder' ] = folder.id - %> <div popupmenu="folder-${folder.id}-popup"> <a class="action-button" href="${h.url_for( controller='admin', action='library_dataset_dataset_association', library_id=library_id, folder_id=folder.id )}">Add datasets to this folder</a> <a class="action-button" href="${h.url_for( controller='admin', action='folder', new=True, id=folder.id, library_id=library_id )}">Create a new sub-folder in this folder</a> @@ -130,30 +177,31 @@ %endif </li> %endif - %if subfolder: + %if pad > 0: <ul id="subFolder"> %else: <ul> %endif %if show_deleted: <% - parent_folders = folder.activatable_folders - parent_datasets = folder.activatable_library_datasets + sub_folders, lddas = activatable_folders_and_lddas( trans, folder ) %> %else: <% - parent_folders = folder.active_folders - parent_datasets = folder.active_library_datasets + sub_folders, lddas = active_folders_and_lddas( trans, folder ) %> %endif - %for folder in name_sorted( parent_folders ): - ${render_folder( folder, pad, deleted, show_deleted, created_ldda_ids, library_id )} - %endfor - %for library_dataset in name_sorted( parent_datasets ): + %for sub_folder in sub_folders: + ${render_folder( sub_folder, pad, deleted, show_deleted, created_ldda_ids, library_id )} + %endfor + %for ldda in lddas: <% - selected = created_ldda_ids and library_dataset.library_dataset_dataset_association.id in created_ldda_ids + library_dataset = ldda.library_dataset + selected = created_ldda_ids and ldda.id in created_ldda_ids %> - <li class="datasetRow" style="padding-left: ${pad + 18}px;">${render_dataset( library_dataset, selected, library, deleted, show_deleted )}</li> + <li class="datasetRow" style="padding-left: ${pad + 18}px;"> + ${render_dataset( ldda, library_dataset, selected, library, folder, deleted, show_deleted )} + </li> %endfor </ul> </%def> @@ -196,10 +244,6 @@ <a id="library-${library.id}-popup" class="popup-arrow" style="display: none;">▼</a> <div popupmenu="library-${library.id}-popup"> %if not deleted: - <% - library_item_ids = {} - library_item_ids[ 'library' ] = library.id - %> <a class="action-button" href="${h.url_for( controller='admin', action='library', id=library.id, information=True )}">Edit this data library's information</a> ## Editing templates disabled until we determine optimal approach to re-linking library item to new version of form definition ##%if library.info_association: @@ -228,7 +272,7 @@ </div> </li> <ul> - ${render_folder( library.root_folder, 0, deleted, show_deleted, created_ldda_ids, library.id )} + ${render_folder( library.root_folder, 0, deleted, show_deleted, created_ldda_ids, library.id, root_folder=True )} </ul> <br/> </ul> diff -r adff03258b45 -r 99dcba7af5b6 templates/admin/library/common.mako --- a/templates/admin/library/common.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/admin/library/common.mako Fri Sep 04 10:31:23 2009 -0400 @@ -1,68 +1,3 @@ -<% from time import strftime %> - -<%def name="render_dataset( library_dataset, selected, library, deleted, show_deleted )"> - <% - ## The received data must always be a LibraryDataset object, but the object id passed to methods from the drop down menu - ## should be the underlying ldda id to prevent id collision ( which could happen when displaying children, which are always - ## lddas ). We also need to make sure we're displaying the latest version of this library_dataset, so we display the attributes - ## from the ldda. - ldda = library_dataset.library_dataset_dataset_association - if ldda.user: - uploaded_by = ldda.user.email - else: - uploaded_by = 'anonymous' - if ldda == ldda.library_dataset.library_dataset_dataset_association: - current_version = True - else: - current_version = False - %> - <div class="historyItemWrapper historyItem historyItem-${ldda.state}" id="libraryItem-${ldda.id}"> - ## Header row for library items (name, state, action buttons) - <div class="historyItemTitleBar"> - <table cellspacing="0" cellpadding="0" border="0" width="100%"> - <tr> - <td width="*"> - %if selected: - <input type="checkbox" name="ldda_ids" value="${ldda.id}" checked/> - %else: - <input type="checkbox" name="ldda_ids" value="${ldda.id}"/> - %endif - <span class="libraryItemDeleted-${library_dataset.deleted}"> - <a href="${h.url_for( controller='admin', action='library_dataset_dataset_association', library_id=library.id, folder_id=library_dataset.folder.id, id=ldda.id, info=True, deleted=deleted, show_deleted=show_deleted )}"><b>${ldda.name[:50]}</b></a> - </span> - <a id="dataset-${ldda.id}-popup" class="popup-arrow" style="display: none;">▼</a> - %if not library.deleted and not library_dataset.folder.deleted and not library_dataset.deleted: - <% - library_item_ids = {} - library_item_ids[ 'ldda' ] = ldda.id - %> - <div popupmenu="dataset-${ldda.id}-popup"> - <a class="action-button" href="${h.url_for( controller='admin', action='library_dataset_dataset_association', library_id=library.id, folder_id=library_dataset.folder.id, id=ldda.id, edit_info=True )}">Edit this dataset's information</a> - ## We're disabling the ability to add templates at the LDDA and LibraryDataset level, but will leave this here for possible future use - ##<a class="action-button" href="${h.url_for( controller='admin', action='info_template', library_id=library.id, library_dataset_id=library_dataset.id, new_template=True )}">Add an information template to this dataset</a> - <a class="action-button" href="${h.url_for( controller='admin', action='library_dataset_dataset_association', library_id=library.id, folder_id=library_dataset.folder.id, id=ldda.id, permissions=True )}">Edit this dataset's permissions</a> - %if current_version: - <a class="action-button" href="${h.url_for( controller='admin', action='library_dataset_dataset_association', library_id=library.id, folder_id=library_dataset.folder.id, replace_id=library_dataset.id )}">Upload a new version of this dataset</a> - %endif - %if ldda.has_data: - <a class="action-button" href="${h.url_for( controller='admin', action='download_dataset_from_folder', id=ldda.id, library_id=library.id )}">Download this dataset</a> - %endif - <a class="action-button" confirm="Click OK to delete dataset '${ldda.name}'." href="${h.url_for( controller='admin', action='delete_library_item', library_id=library.id, library_item_id=library_dataset.id, library_item_type='library_dataset' )}">Delete this dataset</a> - </div> - %elif not library.deleted and not library_dataset.folder.deleted and library_dataset.deleted: - <div popupmenu="dataset-${ldda.id}-popup"> - <a class="action-button" href="${h.url_for( controller='admin', action='undelete_library_item', library_id=library.id, library_item_id=library_dataset.id, library_item_type='library_dataset' )}">Undelete this dataset</a> - </div> - %endif - </td> - <td width="300">${ldda.message}</td> - <td width="150">${uploaded_by}</td> - <td width="60">${ldda.create_time.strftime( "%Y-%m-%d" )}</td> - </tr> - </table> - </div> - </div> -</%def>
<%def name="render_template_info( library_item, library_id, widgets, editable=True )"> <% diff -r adff03258b45 -r 99dcba7af5b6 templates/admin/library/ldda_info.mako --- a/templates/admin/library/ldda_info.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/admin/library/ldda_info.mako Fri Sep 04 10:31:23 2009 -0400 @@ -86,26 +86,14 @@ <div class="form-row"> <div>${ldda.blurb}</div> </div> - <div class="form-row"> - <div id="info${ldda.id}" class="historyItemBody"> - %if ldda.peek != "no peek": + %if ldda.peek != "no peek": + <div class="form-row"> + <div id="info${ldda.id}" class="historyItemBody"> <label>Peek:</label> <div><pre id="peek${ldda.id}" class="peek">${ldda.display_peek()}</pre></div> - %endif - ## Recurse for child datasets - %if len( ldda.visible_children ) > 0: - <div> - There are ${len( ldda.visible_children )} secondary datasets. - %for idx, child in enumerate( ldda.visible_children ): - ## TODO: do we need to clarify if the child is deleted? - %if not child.purged: - ${ render_dataset( child, selected, library, False, False ) } - %endif - %endfor - </div> - %endif + </div> </div> - </div> + %endif </div> %if widgets: ${render_template_info( ldda, library.id, widgets, editable=False )} diff -r adff03258b45 -r 99dcba7af5b6 templates/dataset/edit_attributes.mako --- a/templates/dataset/edit_attributes.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/dataset/edit_attributes.mako Fri Sep 04 10:31:23 2009 -0400 @@ -190,7 +190,7 @@ </div> <p />
-%if trans.app.security_agent.allow_action( user, user_roles, data.permitted_actions.DATASET_MANAGE_PERMISSIONS, dataset=data.dataset ): +%if trans.app.security_agent.can_manage_dataset( user_roles, data.dataset ): <%namespace file="/dataset/security_common.mako" import="render_permission_form" /> ${render_permission_form( data.dataset, data.name, h.url_for( controller='root', action='edit', id=data.id ), user_roles )} %elif trans.user: diff -r adff03258b45 -r 99dcba7af5b6 templates/library/browse_library.mako --- a/templates/library/browse_library.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/library/browse_library.mako Fri Sep 04 10:31:23 2009 -0400 @@ -2,6 +2,7 @@ <%namespace file="/message.mako" import="render_msg" /> <% from galaxy import util + from galaxy.web.controllers.library import active_folders from time import strftime user, roles = trans.get_user_and_roles() %> @@ -13,10 +14,6 @@ </%def>
<% - -def name_sorted( l ): - return sorted( l, lambda a, b: cmp( a.name.lower(), b.name.lower() ) ) - class RowCounter( object ): def __init__( self ): self.count = 0 @@ -82,21 +79,22 @@ }); </script>
-<%def name="render_dataset( library_dataset, selected, library, pad, parent, row_conter )"> +<%def name="render_dataset( ldda, library_dataset, selected, library, folder, pad, parent, row_conter )"> <% - ## The received data must always be a LibraryDataset object, but the object id passed to methods from the drop down menu - ## should be the underlying ldda id to prevent id collision ( which could happen when displaying children, which are always - ## lddas ). We also need to make sure we're displaying the latest version of this library_dataset, so we display the attributes + ## The id passed to methods from the drop down menu should be the ldda id to prevent id collision + ## ( which could happen when displaying children, which are always lddas ). We also need to make + ## sure we're displaying the latest version of this library_dataset, so we display the attributes ## from the ldda. - ldda = library_dataset.library_dataset_dataset_association if ldda.user: uploaded_by = ldda.user.email else: uploaded_by = 'anonymous' - if ldda == ldda.library_dataset.library_dataset_dataset_association: + if ldda == library_dataset.library_dataset_dataset_association: current_version = True else: current_version = False + can_modify_library_dataset = trans.app.security_agent.can_modify_library_item( user, roles, library_dataset ) + can_manage_library_dataset = trans.app.security_agent.can_manage_library_item( user, roles, library_dataset ) %>
<tr class="datasetRow" @@ -111,19 +109,19 @@ %else: <input type="checkbox" name="ldda_ids" value="${ldda.id}"/> %endif - <a href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library.id, folder_id=library_dataset.folder.id, id=ldda.id, info=True )}"><b>${ldda.name[:60]}</b></a> + <a href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library.id, folder_id=folder.id, id=ldda.id, info=True )}"><b>${ldda.name[:60]}</b></a> <a id="dataset-${ldda.id}-popup" class="popup-arrow" style="display: none;">▼</a> <div popupmenu="dataset-${ldda.id}-popup"> - %if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, library_item=ldda.library_dataset ): - <a class="action-button" href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library.id, folder_id=library_dataset.folder.id, id=ldda.id, edit_info=True )}">Edit this dataset's information</a> + %if can_modify_library_dataset: + <a class="action-button" href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library.id, folder_id=folder.id, id=ldda.id, edit_info=True )}">Edit this dataset's information</a> %else: - <a class="action-button" href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library.id, folder_id=library_dataset.folder.id, id=ldda.id, information=True )}">View this dataset's information</a> + <a class="action-button" href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library.id, folder_id=folder.id, id=ldda.id, information=True )}">View this dataset's information</a> %endif - %if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.DATASET_MANAGE_PERMISSIONS, dataset=ldda.dataset ) and trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MANAGE, library_item=ldda.library_dataset ): - <a class="action-button" href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library.id, folder_id=library_dataset.folder.id, id=ldda.id, permissions=True )}">Edit this dataset's permissions</a> - %if current_version and trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, library_item=ldda.library_dataset ): - <a class="action-button" href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library.id, folder_id=library_dataset.folder.id, replace_id=library_dataset.id )}">Upload a new version of this dataset</a> + %if can_manage_library_dataset: + <a class="action-button" href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library.id, folder_id=folder.id, id=ldda.id, permissions=True )}">Edit this dataset's permissions</a> %endif + %if current_version and can_modify_library_dataset: + <a class="action-button" href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library.id, folder_id=folder.id, replace_id=library_dataset.id )}">Upload a new version of this dataset</a> %endif %if ldda.has_data: <a class="action-button" href="${h.url_for( controller='library', action='datasets', library_id=library.id, ldda_ids=str( ldda.id ), do_action='add' )}">Import this dataset into your current history</a> @@ -141,7 +139,7 @@ %> </%def>
-<%def name="render_folder( folder, folder_pad, created_ldda_ids, library_id, hidden_folder_ids, parent=None, row_counter=None )"> +<%def name="render_folder( folder, folder_pad, created_ldda_ids, library_id, hidden_folder_ids, parent=None, row_counter=None, root_folder=False )"> <% if str( folder.id ) in hidden_folder_ids: return "" @@ -156,18 +154,15 @@ trans.app.security_agent.permitted_actions.LIBRARY_MANAGE ] ) if not can_show: return "" - root_folder = not folder.parent if root_folder: pad = folder_pad else: pad = folder_pad + 20 - if folder_pad == 0: - subfolder = False - else: - subfolder = True - created_ldda_id_list = util.listify( created_ldda_ids ) - if created_ldda_id_list: - created_ldda_ids = [ int( ldda_id ) for ldda_id in created_ldda_id_list ] + if created_ldda_ids: + created_ldda_ids = [ int( ldda_id ) for ldda_id in util.listify( created_ldda_ids ) ] + can_add = trans.app.security_agent.can_add_library_item( user, roles, folder ) + can_modify = trans.app.security_agent.can_modify_library_item( user, roles, folder ) + can_manage = trans.app.security_agent.can_manage_library_item( user, roles, folder ) my_row = None %> %if not root_folder: @@ -187,21 +182,19 @@ %endif <a id="folder_img-${folder.id}-popup" class="popup-arrow" style="display: none;">▼</a> <div popupmenu="folder_img-${folder.id}-popup"> - %if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_ADD, library_item=folder ): + %if can_add: <a class="action-button" href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library_id, folder_id=folder.id )}">Add datasets to this folder</a> <a class="action-button" href="${h.url_for( controller='library', action='folder', new=True, id=folder.id, library_id=library_id )}">Create a new sub-folder in this folder</a> %endif - %if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, library_item=folder ): + %if can_modify: <a class="action-button" href="${h.url_for( controller='library', action='folder', information=True, id=folder.id, library_id=library_id )}">Edit this folder's information</a> %else: <a class="action-button" href="${h.url_for( controller='library', action='folder', information=True, id=folder.id, library_id=library_id )}">View this folder's information</a> %endif - %if forms and not folder.info_association: - %if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_ADD, library_item=library ): - <a class="action-button" href="${h.url_for( controller='library', action='info_template', library_id=library.id, add=True )}">Add an information template to this folder</a> - %endif + %if can_add and forms and not folder.info_association: + <a class="action-button" href="${h.url_for( controller='library', action='info_template', library_id=library.id, add=True )}">Add an information template to this folder</a> %endif - %if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MANAGE, library_item=folder ): + %if can_manage: <a class="action-button" href="${h.url_for( controller='library', action='folder', permissions=True, id=folder.id, library_id=library_id )}">Edit this folder's permissions</a> %endif </div> @@ -213,43 +206,48 @@ row_counter.increment() %> %endif - %for child_folder in name_sorted( folder.active_folders ): - ${render_folder( child_folder, pad, created_ldda_ids, library_id, hidden_folder_ids, my_row, row_counter )} + <% sub_folders = active_folders( trans, folder ) %> + %for sub_folder in sub_folders: + ${render_folder( sub_folder, pad, created_ldda_ids, library_id, hidden_folder_ids, parent=my_row, row_counter=row_counter )} %endfor - %for library_dataset in name_sorted( folder.active_library_datasets ): + %for library_dataset in folder.active_library_datasets: <% - selected = created_ldda_ids and library_dataset.library_dataset_dataset_association.id in created_ldda_ids + ldda = library_dataset.library_dataset_dataset_association + can_access = trans.app.security_agent.can_access_dataset( roles, ldda.dataset ) + selected = created_ldda_ids and ldda.id in created_ldda_ids %> - %if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.DATASET_ACCESS, dataset=library_dataset.library_dataset_dataset_association.dataset ): - ${render_dataset( library_dataset, selected, library, pad, my_row, row_counter )} + %if can_access: + ${render_dataset( ldda, library_dataset, selected, library, folder, pad, my_row, row_counter )} %endif %endfor </%def>
<h2>Data Library “${library.name}”</h2>
+<% +can_add = trans.app.security_agent.can_add_library_item( user, roles, library ) +can_modify = trans.app.security_agent.can_modify_library_item( user, roles, library ) +can_manage = trans.app.security_agent.can_manage_library_item( user, roles, library ) +%> + <ul class="manage-table-actions"> - %if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_ADD, library_item=library ): - %if not deleted: - <li> - <a class="action-button" href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library.id, folder_id=library.root_folder.id )}"><span>Add datasets to this library</span></a> - </li> - <li> - <a class="action-button" href="${h.url_for( controller='library', action='folder', new=True, id=library.root_folder.id, library_id=library.id )}">Add a folder to this library</a> - </li> - %endif + %if can_add and not_deleted: + <li> + <a class="action-button" href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library.id, folder_id=library.root_folder.id )}"><span>Add datasets to this library</span></a> + </li> + <li> + <a class="action-button" href="${h.url_for( controller='library', action='folder', new=True, id=library.root_folder.id, library_id=library.id )}">Add a folder to this library</a> + </li> %endif - %if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, library_item=library ): + %if can_modify: <li><a class="action-button" href="${h.url_for( controller='library', action='library', information=True, id=library.id )}">Edit this library's information</a></li> %else: <li><a class="action-button" href="${h.url_for( controller='library', action='library', information=True, id=library.id )}">View this library's information</a></li> %endif - %if forms and not library.info_association: - %if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_ADD, library_item=library ): - <a class="action-button" href="${h.url_for( controller='library', action='info_template', library_id=library.id, add=True )}">Add an information template to this library</a> - %endif + %if can_add and forms and not library.info_association: + <a class="action-button" href="${h.url_for( controller='library', action='info_template', library_id=library.id, add=True )}">Add an information template to this library</a> %endif - %if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MANAGE, library_item=library ): + %if can_manage: <li><a class="action-button" href="${h.url_for( controller='library', action='library', permissions=True, id=library.id )}">Edit this library's permissions</a></li> %endif </ul> @@ -259,10 +257,6 @@ %endif
<form name="import_from_library" action="${h.url_for( controller='library', action='datasets', library_id=library.id )}" method="post"> - <% - library_item_ids = {} - library_item_ids[ 'library' ] = library.id - %> <table cellspacing="0" cellpadding="0" border="0" width="100%" class="grid" id="library-grid"> <thead> <tr class="libraryTitle"> @@ -273,7 +267,7 @@ </thead> </tr> <% row_counter = RowCounter() %> - ${render_folder( library.root_folder, 0, created_ldda_ids, library.id, hidden_folder_ids, None, row_counter )} + ${render_folder( library.root_folder, 0, created_ldda_ids, library.id, hidden_folder_ids, parent=None, row_counter=row_counter, root_folder=True )} <tfoot> <tr> <td colspan="4" style="padding-left: 42px;"> diff -r adff03258b45 -r 99dcba7af5b6 templates/library/common.mako --- a/templates/library/common.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/library/common.mako Fri Sep 04 10:31:23 2009 -0400 @@ -21,7 +21,7 @@ <div class="toolForm"> <div class="toolFormTitle">Other information about ${library_item_desc} ${library_item.name}</div> <div class="toolFormBody"> - %if editable and trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, library_item=library_item ): + %if editable and trans.app.security_agent.can_modify_library_item( user, roles, library_item ): <form name="edit_info" action="${h.url_for( controller='library', action='edit_template_info', library_id=library_id, num_widgets=len( widgets ) )}" method="post"> <input type="hidden" name="library_item_id" value="${library_item.id}"/> <input type="hidden" name="library_item_type" value="${library_item_type}"/> diff -r adff03258b45 -r 99dcba7af5b6 templates/library/folder_info.mako --- a/templates/library/folder_info.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/library/folder_info.mako Fri Sep 04 10:31:23 2009 -0400 @@ -18,7 +18,7 @@ <div class="toolForm"> <div class="toolFormTitle">Edit folder name and description</div> <div class="toolFormBody"> - %if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, library_item=folder ): + %if trans.app.security_agent.can_modify_library_item( user, roles, folder ): <form name="folder" action="${h.url_for( controller='library', action='folder', rename=True, id=folder.id, library_id=library_id )}" method="post" > <div class="form-row"> <label>Name:</label> diff -r adff03258b45 -r 99dcba7af5b6 templates/library/folder_permissions.mako --- a/templates/library/folder_permissions.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/library/folder_permissions.mako Fri Sep 04 10:31:23 2009 -0400 @@ -15,6 +15,6 @@ ${render_msg( msg, messagetype )} %endif
-%if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MANAGE, library_item=folder ): +%if trans.app.security_agent.can_manage_library_item( user, roles, folder ): ${render_permission_form( folder, folder.name, h.url_for( controller='library', action='folder', id=folder.id, library_id=library_id, permissions=True ), trans.user.all_roles() )} %endif diff -r adff03258b45 -r 99dcba7af5b6 templates/library/ldda_edit_info.mako --- a/templates/library/ldda_edit_info.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/library/ldda_edit_info.mako Fri Sep 04 10:31:23 2009 -0400 @@ -34,7 +34,7 @@ </select> </%def>
-%if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, library_item=ldda.library_dataset ): +%if trans.app.security_agent.can_modify_library_item( user, roles, ldda.library_dataset ): <div class="toolForm"> <div class="toolFormTitle">Edit attributes of ${ldda.name}</div> <div class="toolFormBody"> diff -r adff03258b45 -r 99dcba7af5b6 templates/library/ldda_info.mako --- a/templates/library/ldda_info.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/library/ldda_info.mako Fri Sep 04 10:31:23 2009 -0400 @@ -40,15 +40,15 @@ Information about ${ldda.name} <a id="dataset-${ldda.id}-popup" class="popup-arrow" style="display: none;">▼</a> <div popupmenu="dataset-${ldda.id}-popup"> - %if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, library_item=ldda.library_dataset ): + %if trans.app.security_agent.can_modify_library_item( user, roles, ldda.library_dataset ): <a class="action-button" href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library_id, folder_id=ldda.library_dataset.folder.id, id=ldda.id, edit_info=True )}">Edit this dataset's information</a> %else: <a class="action-button" href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library_id, folder_id=ldda.library_dataset.folder.id, id=ldda.id, information=True )}">View this dataset's information</a> %endif - %if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.DATASET_MANAGE_PERMISSIONS, dataset=ldda.dataset ) and trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MANAGE, library_item=ldda.library_dataset ): + %if trans.app.security_agent.can_manage_dataset( roles, ldda.dataset ) and trans.app.security_agent.can_manage_library_item( user, roles, ldda.library_dataset ): <a class="action-button" href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library_id, folder_id=ldda.library_dataset.folder.id, id=ldda.id, permissions=True )}">Edit this dataset's permissions</a> %endif - %if current_version and trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, library_item=ldda.library_dataset ): + %if current_version and trans.app.security_agent.can_modify_library_item( user, roles, ldda.library_dataset ): <a class="action-button" href="${h.url_for( controller='library', action='library_dataset_dataset_association', library_id=library_id, folder_id=ldda.library_dataset.folder.id, replace_id=ldda.library_dataset.id )}">Upload a new version of this dataset</a> %endif %if ldda.has_data: @@ -86,28 +86,14 @@ <div class="form-row"> <div>${ldda.blurb}</div> </div> - <div class="form-row"> - <div id="info${ldda.id}" class="historyItemBody"> - %if ldda.peek != "no peek": + %if ldda.peek != "no peek": + <div class="form-row"> + <div id="info${ldda.id}" class="historyItemBody"> <label>Peek:</label> <div><pre id="peek${ldda.id}" class="peek">${ldda.display_peek()}</pre></div> - %endif - ## Recurse for child datasets - ## TODO: eliminate this - child datasets are deprecated, and where does - ## render_dataset() come from anyway - it's not imported! - %if len( ldda.visible_children ) > 0: - <div> - There are ${len( ldda.visible_children )} secondary datasets. - %for idx, child in enumerate( ldda.visible_children ): - ## TODO: do we need to clarify if the child is deleted? - %if not child.purged: - ${ render_dataset( child, selected, library ) } - %endif - %endfor - </div> - %endif + </div> </div> - </div> + %endif </div> %if widgets: ${render_template_info( ldda, library_id, widgets, editable=False )} diff -r adff03258b45 -r 99dcba7af5b6 templates/library/library_dataset_info.mako --- a/templates/library/library_dataset_info.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/library/library_dataset_info.mako Fri Sep 04 10:31:23 2009 -0400 @@ -21,7 +21,7 @@ ${render_msg( msg, messagetype )} %endif
-%if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, library_item=library_dataset ): +%if trans.app.security_agent.can_modify_library_item( user, roles, library_dataset ): <div class="toolForm"> <div class="toolFormTitle">Edit attributes of ${library_dataset.name}</div> <div class="toolFormBody"> diff -r adff03258b45 -r 99dcba7af5b6 templates/library/library_dataset_permissions.mako --- a/templates/library/library_dataset_permissions.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/library/library_dataset_permissions.mako Fri Sep 04 10:31:23 2009 -0400 @@ -21,7 +21,7 @@ ${render_msg( msg, messagetype )} %endif
-%if trans.app.security_agent.allow_action( user, user_roles, trans.app.security_agent.permitted_actions.LIBRARY_manage, library_item=library_dataset ): +%if trans.app.security_agent.can_manage_library_item( user, user_roles, library_dataset ): <% roles = trans.app.model.Role.filter( trans.app.model.Role.table.c.deleted==False ).order_by( trans.app.model.Role.table.c.name ).all() %> diff -r adff03258b45 -r 99dcba7af5b6 templates/library/library_info.mako --- a/templates/library/library_info.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/library/library_info.mako Fri Sep 04 10:31:23 2009 -0400 @@ -15,7 +15,7 @@ ${render_msg( msg, messagetype )} %endif
-%if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, library_item=library ): +%if trans.app.security_agent.can_modify_library_item( user, roles, library ): <div class="toolForm"> <div class="toolFormTitle">Change library name and description</div> <div class="toolFormBody"> diff -r adff03258b45 -r 99dcba7af5b6 templates/library/library_permissions.mako --- a/templates/library/library_permissions.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/library/library_permissions.mako Fri Sep 04 10:31:23 2009 -0400 @@ -15,7 +15,7 @@ ${render_msg( msg, messagetype )} %endif
-%if trans.app.security_agent.allow_action( user, user_roles, trans.app.security_agent.permitted_actions.LIBRARY_MANAGE, library_item=library ): +%if trans.app.security_agent.can_manage_library_item( user, user_roles, library ): <% roles = trans.app.model.Role.filter( trans.app.model.Role.table.c.deleted==False ).order_by( trans.app.model.Role.table.c.name ).all() %> diff -r adff03258b45 -r 99dcba7af5b6 templates/mobile/history/detail.mako --- a/templates/mobile/history/detail.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/mobile/history/detail.mako Fri Sep 04 10:31:23 2009 -0400 @@ -37,7 +37,7 @@ <div class="secondary"> ## Body for history items, extra info and actions, data "peek" <% user, roles = trans.get_user_and_roles() %> - %if not trans.app.security_agent.allow_action( user, roles, data.permitted_actions.DATASET_ACCESS, dataset = data.dataset ): + %if not trans.app.security_agent.can_access_dataset( roles, data.dataset ): <div>You do not have permission to view this dataset.</div> %elif data_state == "queued": <div>Job is waiting to run</div> diff -r adff03258b45 -r 99dcba7af5b6 templates/mobile/manage_library.mako --- a/templates/mobile/manage_library.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/mobile/manage_library.mako Fri Sep 04 10:31:23 2009 -0400 @@ -9,7 +9,7 @@ ${render_msg( msg, messagetype )} %endif
-%if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MODIFY, library_item=library ): +%if trans.app.security_agent.can_modify_library_item( user, roles, library ): <div class="toolForm"> <div class="toolFormTitle">Change library name and description</div> <div class="toolFormBody"> @@ -55,7 +55,7 @@ </div> </div> %endif -%if trans.app.security_agent.allow_action( user, roles, trans.app.security_agent.permitted_actions.LIBRARY_MANAGE, library_item=library ): +%if trans.app.security_agent.can_manage_library_item( user, roles, library ): <% roles = trans.app.model.Role.filter( trans.app.model.Role.table.c.deleted==False ).order_by( trans.app.model.Role.table.c.name ).all() %> diff -r adff03258b45 -r 99dcba7af5b6 templates/root/history_common.mako --- a/templates/root/history_common.mako Fri Sep 04 10:23:37 2009 -0400 +++ b/templates/root/history_common.mako Fri Sep 04 10:31:23 2009 -0400 @@ -8,7 +8,7 @@ data_state = data.state user, roles = trans.get_user_and_roles() %> - %if not trans.app.security_agent.allow_action( user, roles, data.permitted_actions.DATASET_ACCESS, dataset = data.dataset ): + %if not trans.app.security_agent.can_access_dataset( roles, data.dataset ): <div class="historyItemWrapper historyItem historyItem-${data_state} historyItem-noPermission" id="historyItem-${data.id}"> %else: <div class="historyItemWrapper historyItem historyItem-${data_state}" id="historyItem-${data.id}"> @@ -42,7 +42,7 @@ ## Body for history items, extra info and actions, data "peek"
<div id="info${data.id}" class="historyItemBody"> - %if not trans.app.security_agent.allow_action( user, roles, data.permitted_actions.DATASET_ACCESS, dataset = data.dataset ): + %if not trans.app.security_agent.can_access_dataset( roles, data.dataset ): <div>You do not have permission to view this dataset.</div> %elif data_state == "upload": <div>Dataset is uploading</div>