Hi, I'm new to Galaxy. It looks pretty impressive, but I'm having a hard time to understand the logic in how user accounts are managed. I created two accounts manually. They are identified using e-mail adresses, but lets refer to them as A and B to keep it short. Then I've setup my galaxy installation to use external authentication with the ldap server of our university. To test whether automatic creation of new accounts works I deleted account A. I also purged the deleted accounts. In the database both accounts are still present. Account A has a 1 in the columns for "deleted" and "purged". Now if I try to login with again the same e-mail address as for A, I would expect a new account will be created, but that is not the case. I can login with account A, but I do not see a new third account popup in the galaxy_user table. Using the admin page from the web interface I can see only one account: B. So somehow the old account is still used although it is no longer visible in the web interface. If I now list the details for account B, I can see that a role with the same name as account A still exists. I can assign this role to B. When I click save and go back to the list of users, the role column for account B is updated from 1 -> 2. I assume this is to indicate that user B now has two roles, although one of them belongs to an account that should not exist. When I go back to the details for account B and remove role A, click save and go back to the overview of users, the column "roles" lists "3" for account B. Going back to the details for B reveals role A was not removed. Trying again won't help to remove role A from user B, but each time I try the amount of roles for user B is incremented with 1 in the overview of users... Therefore I have two questions: Is this the way it is supposed to work? I noticed there are scripts to delete userless histories, purge histories and purge datasets, but how do I really really delete a user? Cheers, Pieter ------------------------------------------------------------- Biomolecular Mass Spectrometry and Proteomics Utrecht University Visiting address: H.R. Kruyt building room Z609 Padualaan 8 3584 CH Utrecht The Netherlands Mail address: P.O. box 80.082 3508 TB Utrecht The Netherlands phone: +31 (0)6-143 66 783 email: pieter.neerincx@gmail.com skype: pieter.online ------------------------------------------------------------
Pieter Neerincx wrote:
Therefore I have two questions: Is this the way it is supposed to work? I noticed there are scripts to delete userless histories, purge histories and purge datasets, but how do I really really delete a user?
Hi Pieter, "deleted" and "purged" have a slightly different meaning than what it might seem. "deleted" is more like "disabled" but is so named to fit with the naming convention of columns on other tables. Deleting a user will disable the account, but keep the user's histories and datasets. "purged" is used to indicate that all datasets and histories belonging to the user have been removed (or more accurately, marked as 'deleted' in their respective tables). A user must then be "undeleted" to be allowed to log in. Since the 'email' column in the 'galaxy_user' table is unique, a new record cannot be created with the same email. The correct way to handle this situation is to undelete the account. However, there was a bug preventing disabled users from being denied access, which I have now fixed in the repo. This should hopefully solve the issue you reported. Thanks, --nate
Hi Nate, Thanks! It's more clear now. I've enabled the account in MySQL and it works fine again. Still I'm a bit puzzled though by how the assignment of roles works. I can not remove a role. If I remove a role and click save the changes won't stick... and the number for roles in the overview is incremented with every unsuccessful un-assignment... I don't have mercurial, so I fetched a gzipped tarball. It does not seem to have a version number. Therefore I was wondering how often are these updated? Does that happen with a cron job overnight or just once every while?... Thanks, Pi On 7•Jul•2009, at 2:50 AM, Nate Coraor wrote:
Pieter Neerincx wrote:
Therefore I have two questions: Is this the way it is supposed to work? I noticed there are scripts to delete userless histories, purge histories and purge datasets, but how do I really really delete a user?
Hi Pieter,
"deleted" and "purged" have a slightly different meaning than what it might seem. "deleted" is more like "disabled" but is so named to fit with the naming convention of columns on other tables. Deleting a user will disable the account, but keep the user's histories and datasets.
"purged" is used to indicate that all datasets and histories belonging to the user have been removed (or more accurately, marked as 'deleted' in their respective tables).
A user must then be "undeleted" to be allowed to log in. Since the 'email' column in the 'galaxy_user' table is unique, a new record cannot be created with the same email. The correct way to handle this situation is to undelete the account.
However, there was a bug preventing disabled users from being denied access, which I have now fixed in the repo. This should hopefully solve the issue you reported.
Thanks, --nate
------------------------------------------------------------- Biomolecular Mass Spectrometry and Proteomics Utrecht University Visiting address: H.R. Kruyt building room Z609 Padualaan 8 3584 CH Utrecht The Netherlands Mail address: P.O. box 80.082 3508 TB Utrecht The Netherlands phone: +31 (0)6-143 66 783 email: pieter.neerincx@gmail.com skype: pieter.online ------------------------------------------------------------
Hello Pieter, I'm not sure when the tarball is updated, but I believe it is nightly - I'll let Nate confirm. The dataset security features are fairly new, and we're still working out a few remaining issues. This is yet another bug that you've uncovered, and it has been fixed in change set 2465, which is available for download. Roles that are named the same as a user's Galaxy account ( their email ) are "private" roles associated with the user. There is a 1 to 1 mapping between a user and a private role, and user A should not be permitted to be associated with user B's private role. Also, it should not be possible for a user to be dis-associated with their private role. Both of these issues have been corrected in the change set. In addition, yet another bug was corrected, where a user's private role could be associated more than 1 time with the same user. Thanks very much for reporting these issues. Greg Von Kuster Galaxy development Team Pieter Neerincx wrote:
Hi Nate,
Thanks! It's more clear now. I've enabled the account in MySQL and it works fine again. Still I'm a bit puzzled though by how the assignment of roles works. I can not remove a role. If I remove a role and click save the changes won't stick... and the number for roles in the overview is incremented with every unsuccessful un-assignment...
I don't have mercurial, so I fetched a gzipped tarball. It does not seem to have a version number. Therefore I was wondering how often are these updated? Does that happen with a cron job overnight or just once every while?...
Thanks,
Pi
Hi Greg, Thanks for the fixes! This results in one more question though: how do I know what version of Galaxy I have? When I download tarballs, I get folders starting with "galaxy-" followed by what appears to be a random string like for example 3bbb2d2caa5f. That string is of the "node" mentioned in .hg_archival.txt, but how do I map that to a changeset number? There is a Revision file, but as far as I can tell that is related to SVN and outdated as Galaxy switched to mercurial. Would it be possible to replace those random strings in the foldernames to change set numbers in the future? Cheers, Pi On 7•Jul•2009, at 10:04 PM, Greg Von Kuster wrote:
Hello Pieter,
I'm not sure when the tarball is updated, but I believe it is nightly - I'll let Nate confirm.
The dataset security features are fairly new, and we're still working out a few remaining issues. This is yet another bug that you've uncovered, and it has been fixed in change set 2465, which is available for download.
Roles that are named the same as a user's Galaxy account ( their email ) are "private" roles associated with the user. There is a 1 to 1 mapping between a user and a private role, and user A should not be permitted to be associated with user B's private role. Also, it should not be possible for a user to be dis-associated with their private role. Both of these issues have been corrected in the change set. In addition, yet another bug was corrected, where a user's private role could be associated more than 1 time with the same user.
Thanks very much for reporting these issues.
Greg Von Kuster Galaxy development Team
Pieter Neerincx wrote:
Hi Nate,
Thanks! It's more clear now. I've enabled the account in MySQL and it works fine again. Still I'm a bit puzzled though by how the assignment of roles works. I can not remove a role. If I remove a role and click save the changes won't stick... and the number for roles in the overview is incremented with every unsuccessful un- assignment...
I don't have mercurial, so I fetched a gzipped tarball. It does not seem to have a version number. Therefore I was wondering how often are these updated? Does that happen with a cron job overnight or just once every while?...
Thanks,
Pi
------------------------------------------------------------- Biomolecular Mass Spectrometry and Proteomics Utrecht University Visiting address: H.R. Kruyt building room O607 Padualaan 8 3584 CH Utrecht The Netherlands Mail address: P.O. box 80.082 3508 TB Utrecht The Netherlands phone: +31 (0)6-143 66 783 email: pieter.neerincx@gmail.com skype: pieter.online ------------------------------------------------------------
Hi Pieter, Mercurial uses these changeset ID strings since changeset numbers can vary from repository to repository (depending on any local commits). Without having an actual clone of the repo and the 'hg' commandline tool, the best option is to use the hgweb url, like so: http://www.bx.psu.edu/hg/galaxy/rev/3bbb2d2caa5f From this page, you can see that you have changeset 2465. Pieter Neerincx wrote:
Hi Greg,
Thanks for the fixes!
This results in one more question though: how do I know what version of Galaxy I have? When I download tarballs, I get folders starting with "galaxy-" followed by what appears to be a random string like for example 3bbb2d2caa5f. That string is of the "node" mentioned in .hg_archival.txt, but how do I map that to a changeset number? There is a Revision file, but as far as I can tell that is related to SVN and outdated as Galaxy switched to mercurial. Would it be possible to replace those random strings in the foldernames to change set numbers in the future?
Cheers,
Pi
On 7•Jul•2009, at 10:04 PM, Greg Von Kuster wrote:
Hello Pieter,
I'm not sure when the tarball is updated, but I believe it is nightly - I'll let Nate confirm.
The dataset security features are fairly new, and we're still working out a few remaining issues. This is yet another bug that you've uncovered, and it has been fixed in change set 2465, which is available for download.
Roles that are named the same as a user's Galaxy account ( their email ) are "private" roles associated with the user. There is a 1 to 1 mapping between a user and a private role, and user A should not be permitted to be associated with user B's private role. Also, it should not be possible for a user to be dis-associated with their private role. Both of these issues have been corrected in the change set. In addition, yet another bug was corrected, where a user's private role could be associated more than 1 time with the same user.
Thanks very much for reporting these issues.
Greg Von Kuster Galaxy development Team
Pieter Neerincx wrote:
Hi Nate,
Thanks! It's more clear now. I've enabled the account in MySQL and it works fine again. Still I'm a bit puzzled though by how the assignment of roles works. I can not remove a role. If I remove a role and click save the changes won't stick... and the number for roles in the overview is incremented with every unsuccessful un- assignment...
I don't have mercurial, so I fetched a gzipped tarball. It does not seem to have a version number. Therefore I was wondering how often are these updated? Does that happen with a cron job overnight or just once every while?...
Thanks,
Pi
------------------------------------------------------------- Biomolecular Mass Spectrometry and Proteomics Utrecht University
Visiting address: H.R. Kruyt building room O607 Padualaan 8 3584 CH Utrecht The Netherlands
Mail address: P.O. box 80.082 3508 TB Utrecht The Netherlands
phone: +31 (0)6-143 66 783 email: pieter.neerincx@gmail.com skype: pieter.online ------------------------------------------------------------
_______________________________________________ galaxy-user mailing list galaxy-user@bx.psu.edu http://mail.bx.psu.edu/cgi-bin/mailman/listinfo/galaxy-user
Hi Nate, Good to know, thanks for the info! Pi On 13•Jul•2009, at 3:18 PM, Nate Coraor wrote:
Hi Pieter,
Mercurial uses these changeset ID strings since changeset numbers can vary from repository to repository (depending on any local commits). Without having an actual clone of the repo and the 'hg' commandline tool, the best option is to use the hgweb url, like so:
http://www.bx.psu.edu/hg/galaxy/rev/3bbb2d2caa5f
From this page, you can see that you have changeset 2465.
Pieter Neerincx wrote:
Hi Greg, Thanks for the fixes! This results in one more question though: how do I know what version of Galaxy I have? When I download tarballs, I get folders starting with "galaxy-" followed by what appears to be a random string like for example 3bbb2d2caa5f. That string is of the "node" mentioned in .hg_archival.txt, but how do I map that to a changeset number? There is a Revision file, but as far as I can tell that is related to SVN and outdated as Galaxy switched to mercurial. Would it be possible to replace those random strings in the foldernames to change set numbers in the future? Cheers, Pi On 7•Jul•2009, at 10:04 PM, Greg Von Kuster wrote:
Hello Pieter,
I'm not sure when the tarball is updated, but I believe it is nightly - I'll let Nate confirm.
The dataset security features are fairly new, and we're still working out a few remaining issues. This is yet another bug that you've uncovered, and it has been fixed in change set 2465, which is available for download.
Roles that are named the same as a user's Galaxy account ( their email ) are "private" roles associated with the user. There is a 1 to 1 mapping between a user and a private role, and user A should not be permitted to be associated with user B's private role. Also, it should not be possible for a user to be dis- associated with their private role. Both of these issues have been corrected in the change set. In addition, yet another bug was corrected, where a user's private role could be associated more than 1 time with the same user.
Thanks very much for reporting these issues.
Greg Von Kuster Galaxy development Team
Pieter Neerincx wrote:
Hi Nate,
Thanks! It's more clear now. I've enabled the account in MySQL and it works fine again. Still I'm a bit puzzled though by how the assignment of roles works. I can not remove a role. If I remove a role and click save the changes won't stick... and the number for roles in the overview is incremented with every unsuccessful un- assignment...
I don't have mercurial, so I fetched a gzipped tarball. It does not seem to have a version number. Therefore I was wondering how often are these updated? Does that happen with a cron job overnight or just once every while?...
Thanks,
Pi
Biomolecular Mass Spectrometry and Proteomics Utrecht University Visiting address: H.R. Kruyt building room O607 Padualaan 8 3584 CH Utrecht The Netherlands Mail address: P.O. box 80.082 3508 TB Utrecht The Netherlands phone: +31 (0)6-143 66 783 email: pieter.neerincx@gmail.com skype: pieter.online ------------------------------------------------------------ _______________________________________________ galaxy-user mailing list galaxy-user@bx.psu.edu http://mail.bx.psu.edu/cgi-bin/mailman/listinfo/galaxy-user
------------------------------------------------------------- Biomolecular Mass Spectrometry and Proteomics Utrecht University Visiting address: H.R. Kruyt building room O607 Padualaan 8 3584 CH Utrecht The Netherlands Mail address: P.O. box 80.082 3508 TB Utrecht The Netherlands phone: +31 (0)6-143 66 783 email: pieter.neerincx@gmail.com skype: pieter.online ------------------------------------------------------------
participants (3)
-
Greg Von Kuster
-
Nate Coraor
-
Pieter Neerincx