details:
http://www.bx.psu.edu/hg/galaxy/rev/3bbb2d2caa5f
changeset: 2465:3bbb2d2caa5f
user: Greg Von Kuster <greg(a)bx.psu.edu>
date: Tue Jul 07 14:48:01 2009 -0400
description:
Fixes and additional functional tests associated with a user's private role:
- private roles are no longer displayed in the association forms, except for the currently
selected user's private role
- a user's private role association can no longer be eliminated
- more than 1 association can no longer be made between a user and her private role
7 file(s) affected in this change:
lib/galaxy/model/mapping.py
lib/galaxy/security/__init__.py
lib/galaxy/web/controllers/admin.py
lib/galaxy/web/controllers/user.py
templates/admin/dataset_security/roles.mako
test/base/twilltestcase.py
test/functional/test_security_and_libraries.py
diffs (157 lines):
diff -r 4c3282337a4c -r 3bbb2d2caa5f lib/galaxy/model/mapping.py
--- a/lib/galaxy/model/mapping.py Tue Jul 07 12:06:35 2009 -0400
+++ b/lib/galaxy/model/mapping.py Tue Jul 07 14:48:01 2009 -0400
@@ -624,7 +624,7 @@
user=relation( User, backref="roles" ),
non_private_roles=relation( User,
backref="non_private_roles",
- primaryjoin=( ( User.table.c.id ==
UserRoleAssociation.table.c.user_id ) & ( UserRoleAssociation.table.c.role_id ==
Role.table.c.id ) & not_( Role.table.c.type == 'private' ) ) ),
+ primaryjoin=( ( User.table.c.id ==
UserRoleAssociation.table.c.user_id ) & ( UserRoleAssociation.table.c.role_id ==
Role.table.c.id ) & not_( Role.table.c.name == User.table.c.email &
Role.table.c.type == 'private' ) ) ),
role=relation( Role )
)
)
diff -r 4c3282337a4c -r 3bbb2d2caa5f lib/galaxy/security/__init__.py
--- a/lib/galaxy/security/__init__.py Tue Jul 07 12:06:35 2009 -0400
+++ b/lib/galaxy/security/__init__.py Tue Jul 07 14:48:01 2009 -0400
@@ -422,8 +422,11 @@
for a in user.non_private_roles + user.groups:
a.delete()
a.flush()
+ user.refresh()
for role in roles:
- self.associate_components( user=user, role=role )
+ # Make sure we are not creating an additional association with a PRIVATE
role
+ if role not in user.roles:
+ self.associate_components( user=user, role=role )
for group in groups:
self.associate_components( user=user, group=group )
def set_entity_group_associations( self, groups=[], users=[], roles=[],
delete_existing_assocs=True ):
diff -r 4c3282337a4c -r 3bbb2d2caa5f lib/galaxy/web/controllers/admin.py
--- a/lib/galaxy/web/controllers/admin.py Tue Jul 07 12:06:35 2009 -0400
+++ b/lib/galaxy/web/controllers/admin.py Tue Jul 07 14:48:01 2009 -0400
@@ -623,22 +623,35 @@
msg = util.restore_text( params.get( 'msg', '' ) )
messagetype = params.get( 'messagetype', 'done' )
user = trans.app.model.User.get( int( params.user_id ) )
+ private_role = trans.app.security_agent.get_private_user_role( user )
if params.get( 'user_roles_groups_edit_button', False ):
+ # Make sure the user is not dis-associating himself from his private role
+ out_roles = [ trans.app.model.Role.get( x ) for x in util.listify(
params.out_roles ) ]
+ if private_role in out_roles:
+ msg += "You cannot eliminate a user's private role association.
"
+ messagetype = 'error'
in_roles = [ trans.app.model.Role.get( x ) for x in util.listify(
params.in_roles ) ]
+ out_groups = [ trans.app.model.Group.get( x ) for x in util.listify(
params.out_groups ) ]
in_groups = [ trans.app.model.Group.get( x ) for x in util.listify(
params.in_groups ) ]
- trans.app.security_agent.set_entity_user_associations( users=[ user ],
roles=in_roles, groups=in_groups )
- user.refresh()
- msg += "User '%s' has been updated with %d associated roles and
%d associated groups (private roles are not displayed)" % \
- ( user.email, len( in_roles ), len( in_groups ) )
- trans.response.send_redirect( web.url_for( action='users',
msg=util.sanitize_text( msg ), messagetype=messagetype ) )
+ if in_roles:
+ trans.app.security_agent.set_entity_user_associations( users=[ user ],
roles=in_roles, groups=in_groups )
+ user.refresh()
+ msg += "User '%s' has been updated with %d associated roles
and %d associated groups (private roles are not displayed)" % \
+ ( user.email, len( in_roles ), len( in_groups ) )
+ trans.response.send_redirect( web.url_for( action='users',
msg=util.sanitize_text( msg ), messagetype=messagetype ) )
in_roles = []
out_roles = []
in_groups = []
out_groups = []
- for role in trans.app.model.Role.filter(
trans.app.model.Role.table.c.deleted==False ).order_by( trans.app.model.Role.table.c.name
).all():
+ for role in trans.app.model.Role.filter(
trans.app.model.Role.table.c.deleted==False ) \
+ .order_by( trans.app.model.Role.table.c.name
).all():
if role in [ x.role for x in user.roles ]:
in_roles.append( ( role.id, role.name ) )
- else:
+ elif role.type != trans.app.model.Role.types.PRIVATE:
+ # There is a 1 to 1 mapping between a user and a PRIVATE role, so private
roles should
+ # not be listed in the roles form fields, except for the currently
selected user's private
+ # role, which should always be in in_roles. The check above is added as
an additional
+ # precaution, since for a period of time we were including private roles
in the form fields.
out_roles.append( ( role.id, role.name ) )
for group in trans.app.model.Group.filter(
trans.app.model.Group.table.c.deleted==False ).order_by(
trans.app.model.Group.table.c.name ).all():
if group in [ x.group for x in user.groups ]:
diff -r 4c3282337a4c -r 3bbb2d2caa5f lib/galaxy/web/controllers/user.py
--- a/lib/galaxy/web/controllers/user.py Tue Jul 07 12:06:35 2009 -0400
+++ b/lib/galaxy/web/controllers/user.py Tue Jul 07 14:48:01 2009 -0400
@@ -81,7 +81,6 @@
@web.expose
def login( self, trans, email='', password='' ):
- log.debug( "###IN login, email:%s, password: %s" % ( email, password
))
email_error = password_error = None
# Attempt login
if trans.app.config.require_login:
diff -r 4c3282337a4c -r 3bbb2d2caa5f templates/admin/dataset_security/roles.mako
--- a/templates/admin/dataset_security/roles.mako Tue Jul 07 12:06:35 2009 -0400
+++ b/templates/admin/dataset_security/roles.mako Tue Jul 07 14:48:01 2009 -0400
@@ -44,7 +44,7 @@
%endif
%if len( roles ) == 0:
- There are no Galaxy roles
+ There are no non-private Galaxy roles
%else:
<table class="manage-table colored" border="0"
cellspacing="0" cellpadding="0" width="100%">
<%
diff -r 4c3282337a4c -r 3bbb2d2caa5f test/base/twilltestcase.py
--- a/test/base/twilltestcase.py Tue Jul 07 12:06:35 2009 -0400
+++ b/test/base/twilltestcase.py Tue Jul 07 14:48:01 2009 -0400
@@ -816,16 +816,23 @@
check_str = "User '%s' has been marked as purged." % email
self.check_page_for_string( check_str )
self.home()
- def associate_roles_and_groups_with_user( self, user_id, email, role_ids=[],
group_ids=[] ):
+ def associate_roles_and_groups_with_user( self, user_id, email,
+ in_role_ids=[], out_role_ids=[],
+ in_group_ids=[], out_group_ids=[],
+ check_str='' ):
self.home()
url = "%s/admin/user?user_id=%s&user_roles_groups_edit_button=Save"
% ( self.url, user_id )
- if role_ids:
- url += "&in_roles=%s" % ','.join( role_ids )
- if group_ids:
- url += "&in_groups=%s" % ','.join( group_ids )
+ if in_role_ids:
+ url += "&in_roles=%s" % ','.join( in_role_ids )
+ if out_role_ids:
+ url += "&out_roles=%s" % ','.join( out_role_ids )
+ if in_group_ids:
+ url += "&in_groups=%s" % ','.join( in_group_ids )
+ if out_group_ids:
+ url += "&out_groups=%s" % ','.join( out_group_ids )
self.visit_url( url )
- check_str = "User '%s' has been updated with %d associated roles and
%d associated groups" % ( email, len( role_ids ), len( group_ids ) )
- self.check_page_for_string( check_str )
+ if check_str:
+ self.check_page_for_string( check_str )
self.home()
# Tests associated with roles
diff -r 4c3282337a4c -r 3bbb2d2caa5f test/functional/test_security_and_libraries.py
--- a/test/functional/test_security_and_libraries.py Tue Jul 07 12:06:35 2009 -0400
+++ b/test/functional/test_security_and_libraries.py Tue Jul 07 14:48:01 2009 -0400
@@ -72,6 +72,11 @@
self.home()
self.visit_url( "%s/admin/user?user_id=%s" % ( self.url, admin_user.id
) )
self.check_page_for_string( admin_user.email )
+ # Try deleting the admin_user's private role
+ check_str = "You cannot eliminate a user's private role
association."
+ self.associate_roles_and_groups_with_user( str( admin_user.id ),
admin_user.email,
+ out_role_ids=str(
admin_user_private_role.id ),
+ check_str=check_str )
self.logout()
def test_010_login_as_regular_user1( self ):
"""Testing logging in as regular user test1(a)bx.psu.edu - tests
private role creation and changing DefaultHistoryPermissions for new
histories"""
@@ -430,7 +435,9 @@
group_ids = []
for uga in admin_user.groups:
group_ids.append( str( uga.group_id ) )
- self.associate_roles_and_groups_with_user( str( admin_user.id ), str(
admin_user.email ), role_ids=role_ids, group_ids=group_ids )
+ check_str = "User '%s' has been updated with %d associated roles and
%d associated groups" % ( admin_user.email, len( role_ids ), len( group_ids ) )
+ self.associate_roles_and_groups_with_user( str( admin_user.id ), str(
admin_user.email ),
+ in_role_ids=role_ids,
in_group_ids=group_ids, check_str=check_str )
admin_user.refresh()
# admin_user should now be associated with 4 roles: private, role_one, role_two,
role_three
if len( admin_user.roles ) != 4: