details: http://www.bx.psu.edu/hg/galaxy/rev/f06777cbd5bb changeset: 2509:f06777cbd5bb user: Dan Blankenberg dan@bx.psu.edu date: Thu Jul 30 11:05:03 2009 -0400 description: Add a new config setting to universe_wsgi.ini: new_user_dataset_access_role_default_private.
When set to True, new users will have default dataset access permissions for histories set to their Private role. Default is False (original behavior); datasets are left as public.
Resolves ticket #111.
4 file(s) affected in this change:
lib/galaxy/config.py lib/galaxy/security/__init__.py lib/galaxy/web/controllers/user.py universe_wsgi.ini.sample
diffs (58 lines):
diff -r e01bfc281e09 -r f06777cbd5bb lib/galaxy/config.py --- a/lib/galaxy/config.py Tue Jul 28 14:16:19 2009 -0400 +++ b/lib/galaxy/config.py Thu Jul 30 11:05:03 2009 -0400 @@ -46,6 +46,7 @@ self.require_login = string_as_bool( kwargs.get( "require_login", "False" ) ) self.allow_user_creation = string_as_bool( kwargs.get( "allow_user_creation", "True" ) ) self.allow_user_deletion = string_as_bool( kwargs.get( "allow_user_deletion", "False" ) ) + self.new_user_dataset_access_role_default_private = string_as_bool( kwargs.get( "new_user_dataset_access_role_default_private", "False" ) ) self.template_path = resolve_path( kwargs.get( "template_path", "templates" ), self.root ) self.template_cache = resolve_path( kwargs.get( "template_cache_path", "database/compiled_templates" ), self.root ) self.local_job_queue_workers = int( kwargs.get( "local_job_queue_workers", "5" ) ) diff -r e01bfc281e09 -r f06777cbd5bb lib/galaxy/security/__init__.py --- a/lib/galaxy/security/__init__.py Tue Jul 28 14:16:19 2009 -0400 +++ b/lib/galaxy/security/__init__.py Thu Jul 30 11:05:03 2009 -0400 @@ -206,12 +206,16 @@ else: return None return role - def user_set_default_permissions( self, user, permissions={}, history=False, dataset=False, bypass_manage_permission=False ): + def user_set_default_permissions( self, user, permissions={}, history=False, dataset=False, bypass_manage_permission=False, default_access_private = False ): # bypass_manage_permission is used to change permissions of datasets in a userless history when logging in if user is None: return None if not permissions: - permissions = { self.permitted_actions.DATASET_MANAGE_PERMISSIONS : [ self.get_private_user_role( user, auto_create=True ) ] } + #default permissions + permissions = { self.permitted_actions.DATASET_MANAGE_PERMISSIONS : [ self.get_private_user_role( user, auto_create=True ) ] } + #new_user_dataset_access_role_default_private is set as True in config file + if default_access_private: + permissions[ self.permitted_actions.DATASET_ACCESS ] = permissions.values()[ 0 ] # Delete all of the current default permissions for the user for dup in user.default_permissions: dup.delete() diff -r e01bfc281e09 -r f06777cbd5bb lib/galaxy/web/controllers/user.py --- a/lib/galaxy/web/controllers/user.py Tue Jul 28 14:16:19 2009 -0400 +++ b/lib/galaxy/web/controllers/user.py Thu Jul 30 11:05:03 2009 -0400 @@ -157,7 +157,7 @@ user.flush() trans.app.security_agent.create_private_user_role( user ) # We set default user permissions, before we log in and set the default history permissions - trans.app.security_agent.user_set_default_permissions( user ) + trans.app.security_agent.user_set_default_permissions( user, default_access_private = trans.app.config.new_user_dataset_access_role_default_private ) # The handle_user_login() method has a call to the history_set_default_permissions() method # (needed when logging in with a history), user needs to have default permissions set before logging in trans.handle_user_login( user ) diff -r e01bfc281e09 -r f06777cbd5bb universe_wsgi.ini.sample --- a/universe_wsgi.ini.sample Tue Jul 28 14:16:19 2009 -0400 +++ b/universe_wsgi.ini.sample Thu Jul 30 11:05:03 2009 -0400 @@ -156,6 +156,9 @@ # Can an admin user delete user accounts? #allow_user_deletion = False
+# Should default dataset access permissions be private for new users; default is False (datasets are public) +new_user_dataset_access_role_default_private = False + # ---- Job Execution --------------------------------------------------------
# Number of concurrent jobs to run (local job runner)