[hg] galaxy 2509: Add a new config setting to universe_wsgi.ini:... - galaxy-dev

30 Jul 2009

details:   http://www.bx.psu.edu/hg/galaxy/rev/f06777cbd5bb
changeset: 2509:f06777cbd5bb
user:      Dan Blankenberg dan@bx.psu.edu
date:      Thu Jul 30 11:05:03 2009 -0400
description:
Add a new config setting to universe_wsgi.ini: new_user_dataset_access_role_default_private.
When set to True, new users will have default dataset access permissions for histories set to their Private role. Default is False (original behavior); datasets are left as public.
Resolves ticket #111.
4 file(s) affected in this change:
lib/galaxy/config.py
lib/galaxy/security/__init__.py
lib/galaxy/web/controllers/user.py
universe_wsgi.ini.sample
diffs (58 lines):
diff -r e01bfc281e09 -r f06777cbd5bb lib/galaxy/config.py

--- a/lib/galaxy/config.py	Tue Jul 28 14:16:19 2009 -0400
+++ b/lib/galaxy/config.py	Thu Jul 30 11:05:03 2009 -0400
@@ -46,6 +46,7 @@
         self.require_login = string_as_bool( kwargs.get( "require_login", "False" ) )
         self.allow_user_creation = string_as_bool( kwargs.get( "allow_user_creation", "True" ) )
         self.allow_user_deletion = string_as_bool( kwargs.get( "allow_user_deletion", "False" ) )
+        self.new_user_dataset_access_role_default_private = string_as_bool( kwargs.get( "new_user_dataset_access_role_default_private", "False" ) )
         self.template_path = resolve_path( kwargs.get( "template_path", "templates" ), self.root )
         self.template_cache = resolve_path( kwargs.get( "template_cache_path", "database/compiled_templates" ), self.root )
         self.local_job_queue_workers = int( kwargs.get( "local_job_queue_workers", "5" ) )
diff -r e01bfc281e09 -r f06777cbd5bb lib/galaxy/security/__init__.py
--- a/lib/galaxy/security/__init__.py	Tue Jul 28 14:16:19 2009 -0400
+++ b/lib/galaxy/security/__init__.py	Thu Jul 30 11:05:03 2009 -0400
@@ -206,12 +206,16 @@
             else:
                 return None
         return role
-    def user_set_default_permissions( self, user, permissions={}, history=False, dataset=False, bypass_manage_permission=False ):
+    def user_set_default_permissions( self, user, permissions={}, history=False, dataset=False, bypass_manage_permission=False, default_access_private = False ):
         # bypass_manage_permission is used to change permissions of datasets in a userless history when logging in
         if user is None:
             return None
         if not permissions:
-            permissions = { self.permitted_actions.DATASET_MANAGE_PERMISSIONS : [ self.get_private_user_role( user, auto_create=True ) ] }
+            #default permissions
+            permissions = { self.permitted_actions.DATASET_MANAGE_PERMISSIONS : [ self.get_private_user_role( user, auto_create=True ) ] }
+            #new_user_dataset_access_role_default_private is set as True in config file
+            if default_access_private:
+                permissions[ self.permitted_actions.DATASET_ACCESS ] = permissions.values()[ 0 ]
         # Delete all of the current default permissions for the user
         for dup in user.default_permissions:
             dup.delete()
diff -r e01bfc281e09 -r f06777cbd5bb lib/galaxy/web/controllers/user.py
--- a/lib/galaxy/web/controllers/user.py	Tue Jul 28 14:16:19 2009 -0400
+++ b/lib/galaxy/web/controllers/user.py	Thu Jul 30 11:05:03 2009 -0400
@@ -157,7 +157,7 @@
                 user.flush()
                 trans.app.security_agent.create_private_user_role( user )
                 # We set default user permissions, before we log in and set the default history permissions
-                trans.app.security_agent.user_set_default_permissions( user )
+                trans.app.security_agent.user_set_default_permissions( user, default_access_private = trans.app.config.new_user_dataset_access_role_default_private )
                 # The handle_user_login() method has a call to the history_set_default_permissions() method
                 # (needed when logging in with a history), user needs to have default permissions set before logging in
                 trans.handle_user_login( user )
diff -r e01bfc281e09 -r f06777cbd5bb universe_wsgi.ini.sample
--- a/universe_wsgi.ini.sample	Tue Jul 28 14:16:19 2009 -0400
+++ b/universe_wsgi.ini.sample	Thu Jul 30 11:05:03 2009 -0400
@@ -156,6 +156,9 @@
 # Can an admin user delete user accounts?
 #allow_user_deletion = False
+# Should default dataset access permissions be private for new users; default is False (datasets are public)
+new_user_dataset_access_role_default_private = False
+
 # ---- Job Execution --------------------------------------------------------
# Number of concurrent jobs to run (local job runner)

    