details: http://www.bx.psu.edu/hg/galaxy/rev/a4cd313cf84b changeset: 3400:a4cd313cf84b user: Greg Von Kuster <greg@bx.psu.edu> date: Tue Feb 16 11:50:50 2010 -0500 description: Filter out sharing roles from being displayed on permissions forms unless they belong to the current user. diffstat: lib/galaxy/security/__init__.py | 31 ++++++++++++++++++++++--------- 1 files changed, 22 insertions(+), 9 deletions(-) diffs (62 lines): diff -r e783e000f7c3 -r a4cd313cf84b lib/galaxy/security/__init__.py --- a/lib/galaxy/security/__init__.py Tue Feb 16 09:44:07 2010 -0500 +++ b/lib/galaxy/security/__init__.py Tue Feb 16 11:50:50 2010 -0500 @@ -139,13 +139,19 @@ if not trans.user: return trans.sa_session.query( trans.app.model.Role ) \ .filter( and_( self.model.Role.table.c.deleted==False, - self.model.Role.table.c.type != self.model.Role.types.PRIVATE ) ) \ + self.model.Role.table.c.type != self.model.Role.types.PRIVATE, + self.model.Role.table.c.type != self.model.Role.types.SHARING ) ) \ .order_by( self.model.Role.table.c.name ) # Add the current user's private role roles.add( self.get_private_user_role( trans.user ) ) + # Add the current user's sharing roles + for role in self.get_sharing_roles( trans.user ): + roles.add( role ) + # Add all remaining non-private, non-sharing roles for role in trans.sa_session.query( trans.app.model.Role ) \ .filter( and_( self.model.Role.table.c.deleted==False, - self.model.Role.table.c.type != self.model.Role.types.PRIVATE ) ) \ + self.model.Role.table.c.type != self.model.Role.types.PRIVATE, + self.model.Role.table.c.type != self.model.Role.types.SHARING ) ) \ .order_by( self.model.Role.table.c.name ): roles.add( role ) return sort_by_attr( [ role for role in roles ], 'name' ) @@ -172,15 +178,18 @@ return sort_by_attr( [ role for role in roles ], 'name' ) def ok_to_display( self, trans, role ): """ - Method for checking if a role is not private, unless it is the current user's - private role. Private roles, except for the current user's private role, are - never displayed, no matter what. + Method for checking if: + - a role is private and is the current user's private role + - a role is a sharing role and belongs to the current user """ - if trans.user and ( role.type != self.model.Role.types.PRIVATE or role == self.get_private_user_role( trans.user ) ): + if trans.user: + if role.type == self.model.Role.types.PRIVATE: + return role == self.get_private_user_role( trans.user ) + if role.type == self.model.Role.types.SHARING: + return role in self.get_sharing_roles( trans.user ) + # If role.type is neither private nor sharing, it's ok to display return True - if not trans.user and role.type != self.model.Role.types.PRIVATE: - return True - return False + return role.type != self.model.Role.types.PRIVATE and role.type != self.model.Role.types.SHARING def allow_action( self, roles, action, item ): """ Method for checking a permission for the current user ( based on roles ) to perform a @@ -287,6 +296,10 @@ else: return None return role + def get_sharing_roles( self, user ): + return self.sa_session.query( self.model.Role ) \ + .filter( and_( ( self.model.Role.table.c.name ).like( "Sharing role for: %" + user.email + "%" ), + self.model.Role.table.c.type == self.model.Role.types.SHARING ) ) def user_set_default_permissions( self, user, permissions={}, history=False, dataset=False, bypass_manage_permission=False, default_access_private = False ): # bypass_manage_permission is used to change permissions of datasets in a userless history when logging in if user is None: