details: http://www.bx.psu.edu/hg/galaxy/rev/3bbb2d2caa5f changeset: 2465:3bbb2d2caa5f user: Greg Von Kuster greg@bx.psu.edu date: Tue Jul 07 14:48:01 2009 -0400 description: Fixes and additional functional tests associated with a user's private role: - private roles are no longer displayed in the association forms, except for the currently selected user's private role - a user's private role association can no longer be eliminated - more than 1 association can no longer be made between a user and her private role

7 file(s) affected in this change:

lib/galaxy/model/mapping.py lib/galaxy/security/__init__.py lib/galaxy/web/controllers/admin.py lib/galaxy/web/controllers/user.py templates/admin/dataset_security/roles.mako test/base/twilltestcase.py test/functional/test_security_and_libraries.py

diffs (157 lines):

diff -r 4c3282337a4c -r 3bbb2d2caa5f lib/galaxy/model/mapping.py --- a/lib/galaxy/model/mapping.py Tue Jul 07 12:06:35 2009 -0400 +++ b/lib/galaxy/model/mapping.py Tue Jul 07 14:48:01 2009 -0400 @@ -624,7 +624,7 @@ user=relation( User, backref="roles" ), non_private_roles=relation( User, backref="non_private_roles", - primaryjoin=( ( User.table.c.id == UserRoleAssociation.table.c.user_id ) & ( UserRoleAssociation.table.c.role_id == Role.table.c.id ) & not_( Role.table.c.type == 'private' ) ) ), + primaryjoin=( ( User.table.c.id == UserRoleAssociation.table.c.user_id ) & ( UserRoleAssociation.table.c.role_id == Role.table.c.id ) & not_( Role.table.c.name == User.table.c.email & Role.table.c.type == 'private' ) ) ), role=relation( Role ) ) ) diff -r 4c3282337a4c -r 3bbb2d2caa5f lib/galaxy/security/__init__.py --- a/lib/galaxy/security/__init__.py Tue Jul 07 12:06:35 2009 -0400 +++ b/lib/galaxy/security/__init__.py Tue Jul 07 14:48:01 2009 -0400 @@ -422,8 +422,11 @@ for a in user.non_private_roles + user.groups: a.delete() a.flush() + user.refresh() for role in roles: - self.associate_components( user=user, role=role ) + # Make sure we are not creating an additional association with a PRIVATE role + if role not in user.roles: + self.associate_components( user=user, role=role ) for group in groups: self.associate_components( user=user, group=group ) def set_entity_group_associations( self, groups=[], users=[], roles=[], delete_existing_assocs=True ): diff -r 4c3282337a4c -r 3bbb2d2caa5f lib/galaxy/web/controllers/admin.py --- a/lib/galaxy/web/controllers/admin.py Tue Jul 07 12:06:35 2009 -0400 +++ b/lib/galaxy/web/controllers/admin.py Tue Jul 07 14:48:01 2009 -0400 @@ -623,22 +623,35 @@ msg = util.restore_text( params.get( 'msg', '' ) ) messagetype = params.get( 'messagetype', 'done' ) user = trans.app.model.User.get( int( params.user_id ) ) + private_role = trans.app.security_agent.get_private_user_role( user ) if params.get( 'user_roles_groups_edit_button', False ): + # Make sure the user is not dis-associating himself from his private role + out_roles = [ trans.app.model.Role.get( x ) for x in util.listify( params.out_roles ) ] + if private_role in out_roles: + msg += "You cannot eliminate a user's private role association. " + messagetype = 'error' in_roles = [ trans.app.model.Role.get( x ) for x in util.listify( params.in_roles ) ] + out_groups = [ trans.app.model.Group.get( x ) for x in util.listify( params.out_groups ) ] in_groups = [ trans.app.model.Group.get( x ) for x in util.listify( params.in_groups ) ] - trans.app.security_agent.set_entity_user_associations( users=[ user ], roles=in_roles, groups=in_groups ) - user.refresh() - msg += "User '%s' has been updated with %d associated roles and %d associated groups (private roles are not displayed)" % \ - ( user.email, len( in_roles ), len( in_groups ) ) - trans.response.send_redirect( web.url_for( action='users', msg=util.sanitize_text( msg ), messagetype=messagetype ) ) + if in_roles: + trans.app.security_agent.set_entity_user_associations( users=[ user ], roles=in_roles, groups=in_groups ) + user.refresh() + msg += "User '%s' has been updated with %d associated roles and %d associated groups (private roles are not displayed)" % \ + ( user.email, len( in_roles ), len( in_groups ) ) + trans.response.send_redirect( web.url_for( action='users', msg=util.sanitize_text( msg ), messagetype=messagetype ) ) in_roles = [] out_roles = [] in_groups = [] out_groups = [] - for role in trans.app.model.Role.filter( trans.app.model.Role.table.c.deleted==False ).order_by( trans.app.model.Role.table.c.name ).all(): + for role in trans.app.model.Role.filter( trans.app.model.Role.table.c.deleted==False ) \ + .order_by( trans.app.model.Role.table.c.name ).all(): if role in [ x.role for x in user.roles ]: in_roles.append( ( role.id, role.name ) ) - else: + elif role.type != trans.app.model.Role.types.PRIVATE: + # There is a 1 to 1 mapping between a user and a PRIVATE role, so private roles should + # not be listed in the roles form fields, except for the currently selected user's private + # role, which should always be in in_roles. The check above is added as an additional + # precaution, since for a period of time we were including private roles in the form fields. out_roles.append( ( role.id, role.name ) ) for group in trans.app.model.Group.filter( trans.app.model.Group.table.c.deleted==False ).order_by( trans.app.model.Group.table.c.name ).all(): if group in [ x.group for x in user.groups ]: diff -r 4c3282337a4c -r 3bbb2d2caa5f lib/galaxy/web/controllers/user.py --- a/lib/galaxy/web/controllers/user.py Tue Jul 07 12:06:35 2009 -0400 +++ b/lib/galaxy/web/controllers/user.py Tue Jul 07 14:48:01 2009 -0400 @@ -81,7 +81,6 @@

@web.expose def login( self, trans, email='', password='' ): - log.debug( "###IN login, email:%s, password: %s" % ( email, password )) email_error = password_error = None # Attempt login if trans.app.config.require_login: diff -r 4c3282337a4c -r 3bbb2d2caa5f templates/admin/dataset_security/roles.mako --- a/templates/admin/dataset_security/roles.mako Tue Jul 07 12:06:35 2009 -0400 +++ b/templates/admin/dataset_security/roles.mako Tue Jul 07 14:48:01 2009 -0400 @@ -44,7 +44,7 @@ %endif

%if len( roles ) == 0: - There are no Galaxy roles + There are no non-private Galaxy roles %else: <table class="manage-table colored" border="0" cellspacing="0" cellpadding="0" width="100%"> <% diff -r 4c3282337a4c -r 3bbb2d2caa5f test/base/twilltestcase.py --- a/test/base/twilltestcase.py Tue Jul 07 12:06:35 2009 -0400 +++ b/test/base/twilltestcase.py Tue Jul 07 14:48:01 2009 -0400 @@ -816,16 +816,23 @@ check_str = "User '%s' has been marked as purged." % email self.check_page_for_string( check_str ) self.home() - def associate_roles_and_groups_with_user( self, user_id, email, role_ids=[], group_ids=[] ): + def associate_roles_and_groups_with_user( self, user_id, email, + in_role_ids=[], out_role_ids=[], + in_group_ids=[], out_group_ids=[], + check_str='' ): self.home() url = "%s/admin/user?user_id=%s&user_roles_groups_edit_button=Save" % ( self.url, user_id ) - if role_ids: - url += "&in_roles=%s" % ','.join( role_ids ) - if group_ids: - url += "&in_groups=%s" % ','.join( group_ids ) + if in_role_ids: + url += "&in_roles=%s" % ','.join( in_role_ids ) + if out_role_ids: + url += "&out_roles=%s" % ','.join( out_role_ids ) + if in_group_ids: + url += "&in_groups=%s" % ','.join( in_group_ids ) + if out_group_ids: + url += "&out_groups=%s" % ','.join( out_group_ids ) self.visit_url( url ) - check_str = "User '%s' has been updated with %d associated roles and %d associated groups" % ( email, len( role_ids ), len( group_ids ) ) - self.check_page_for_string( check_str ) + if check_str: + self.check_page_for_string( check_str ) self.home()

# Tests associated with roles diff -r 4c3282337a4c -r 3bbb2d2caa5f test/functional/test_security_and_libraries.py --- a/test/functional/test_security_and_libraries.py Tue Jul 07 12:06:35 2009 -0400 +++ b/test/functional/test_security_and_libraries.py Tue Jul 07 14:48:01 2009 -0400 @@ -72,6 +72,11 @@ self.home() self.visit_url( "%s/admin/user?user_id=%s" % ( self.url, admin_user.id ) ) self.check_page_for_string( admin_user.email ) + # Try deleting the admin_user's private role + check_str = "You cannot eliminate a user's private role association." + self.associate_roles_and_groups_with_user( str( admin_user.id ), admin_user.email, + out_role_ids=str( admin_user_private_role.id ), + check_str=check_str ) self.logout() def test_010_login_as_regular_user1( self ): """Testing logging in as regular user test1@bx.psu.edu - tests private role creation and changing DefaultHistoryPermissions for new histories""" @@ -430,7 +435,9 @@ group_ids = [] for uga in admin_user.groups: group_ids.append( str( uga.group_id ) ) - self.associate_roles_and_groups_with_user( str( admin_user.id ), str( admin_user.email ), role_ids=role_ids, group_ids=group_ids ) + check_str = "User '%s' has been updated with %d associated roles and %d associated groups" % ( admin_user.email, len( role_ids ), len( group_ids ) ) + self.associate_roles_and_groups_with_user( str( admin_user.id ), str( admin_user.email ), + in_role_ids=role_ids, in_group_ids=group_ids, check_str=check_str ) admin_user.refresh() # admin_user should now be associated with 4 roles: private, role_one, role_two, role_three if len( admin_user.roles ) != 4: