details:
http://www.bx.psu.edu/hg/galaxy/rev/f06777cbd5bb
changeset: 2509:f06777cbd5bb
user: Dan Blankenberg <dan(a)bx.psu.edu>
date: Thu Jul 30 11:05:03 2009 -0400
description:
Add a new config setting to universe_wsgi.ini:
new_user_dataset_access_role_default_private.
When set to True, new users will have default dataset access permissions for histories set
to their Private role. Default is False (original behavior); datasets are left as public.
Resolves ticket #111.
4 file(s) affected in this change:
lib/galaxy/config.py
lib/galaxy/security/__init__.py
lib/galaxy/web/controllers/user.py
universe_wsgi.ini.sample
diffs (58 lines):
diff -r e01bfc281e09 -r f06777cbd5bb lib/galaxy/config.py
--- a/lib/galaxy/config.py Tue Jul 28 14:16:19 2009 -0400
+++ b/lib/galaxy/config.py Thu Jul 30 11:05:03 2009 -0400
@@ -46,6 +46,7 @@
self.require_login = string_as_bool( kwargs.get( "require_login",
"False" ) )
self.allow_user_creation = string_as_bool( kwargs.get(
"allow_user_creation", "True" ) )
self.allow_user_deletion = string_as_bool( kwargs.get(
"allow_user_deletion", "False" ) )
+ self.new_user_dataset_access_role_default_private = string_as_bool( kwargs.get(
"new_user_dataset_access_role_default_private", "False" ) )
self.template_path = resolve_path( kwargs.get( "template_path",
"templates" ), self.root )
self.template_cache = resolve_path( kwargs.get( "template_cache_path",
"database/compiled_templates" ), self.root )
self.local_job_queue_workers = int( kwargs.get(
"local_job_queue_workers", "5" ) )
diff -r e01bfc281e09 -r f06777cbd5bb lib/galaxy/security/__init__.py
--- a/lib/galaxy/security/__init__.py Tue Jul 28 14:16:19 2009 -0400
+++ b/lib/galaxy/security/__init__.py Thu Jul 30 11:05:03 2009 -0400
@@ -206,12 +206,16 @@
else:
return None
return role
- def user_set_default_permissions( self, user, permissions={}, history=False,
dataset=False, bypass_manage_permission=False ):
+ def user_set_default_permissions( self, user, permissions={}, history=False,
dataset=False, bypass_manage_permission=False, default_access_private = False ):
# bypass_manage_permission is used to change permissions of datasets in a
userless history when logging in
if user is None:
return None
if not permissions:
- permissions = { self.permitted_actions.DATASET_MANAGE_PERMISSIONS : [
self.get_private_user_role( user, auto_create=True ) ] }
+ #default permissions
+ permissions = { self.permitted_actions.DATASET_MANAGE_PERMISSIONS : [
self.get_private_user_role( user, auto_create=True ) ] }
+ #new_user_dataset_access_role_default_private is set as True in config file
+ if default_access_private:
+ permissions[ self.permitted_actions.DATASET_ACCESS ] =
permissions.values()[ 0 ]
# Delete all of the current default permissions for the user
for dup in user.default_permissions:
dup.delete()
diff -r e01bfc281e09 -r f06777cbd5bb lib/galaxy/web/controllers/user.py
--- a/lib/galaxy/web/controllers/user.py Tue Jul 28 14:16:19 2009 -0400
+++ b/lib/galaxy/web/controllers/user.py Thu Jul 30 11:05:03 2009 -0400
@@ -157,7 +157,7 @@
user.flush()
trans.app.security_agent.create_private_user_role( user )
# We set default user permissions, before we log in and set the default
history permissions
- trans.app.security_agent.user_set_default_permissions( user )
+ trans.app.security_agent.user_set_default_permissions( user,
default_access_private = trans.app.config.new_user_dataset_access_role_default_private )
# The handle_user_login() method has a call to the
history_set_default_permissions() method
# (needed when logging in with a history), user needs to have default
permissions set before logging in
trans.handle_user_login( user )
diff -r e01bfc281e09 -r f06777cbd5bb universe_wsgi.ini.sample
--- a/universe_wsgi.ini.sample Tue Jul 28 14:16:19 2009 -0400
+++ b/universe_wsgi.ini.sample Thu Jul 30 11:05:03 2009 -0400
@@ -156,6 +156,9 @@
# Can an admin user delete user accounts?
#allow_user_deletion = False
+# Should default dataset access permissions be private for new users; default is False
(datasets are public)
+new_user_dataset_access_role_default_private = False
+
# ---- Job Execution --------------------------------------------------------
# Number of concurrent jobs to run (local job runner)