Skip to content

Commit

Permalink
respect expose_user_email when offering roles to datalib permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@martenson
martenson committed Sep 13, 2017
1 parent 0320716 commit 0d6a71d
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 30 deletions.
2 changes: 1 addition & 1 deletion client/galaxy/scripts/mvc/library/library-dataset-view.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -343,7 +343,7 @@ var LibraryDatasetView = Backbone.View.extend({
data: function (term, page) { // page is the one-based page number tracked by Select2
return {
q: term, //search term
page_limit: 10, // page size
page_limit: 10, // page size, should be same as used in 'more' variable below
page: page // page number
};
},
Expand Down
37 changes: 18 additions & 19 deletions lib/galaxy/security/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -238,20 +238,17 @@ def get_valid_roles(self, trans, item, query=None, page=None, page_limit=None, i
sharing roles and any public role (not private and not sharing).
"""
roles = []
if query is not None:
query = query.replace('_', '/_').replace('%', '/%').replace('/', '//')
if query not in [None, '']:
query = query.strip().replace('_', '/_').replace('%', '/%').replace('/', '//')
search_query = query + '%'
log.debug('search_query: ' + str(search_query))

else:
search_query = None
# Limit the query only to get the page needed
if page is not None and page_limit is not None:
paginated = True
limit = page * page_limit
else:
paginated = False

limit = None
total_count = None

if isinstance(item, self.model.Library) and self.library_is_public(item):
is_public_item = True
elif isinstance(item, self.model.Dataset) and self.dataset_is_public(item):
Expand All @@ -260,27 +257,30 @@ def get_valid_roles(self, trans, item, query=None, page=None, page_limit=None, i
is_public_item = True
else:
is_public_item = False

# For public items and for library access admins can choose from all roles
if trans.user_is_admin() and (is_public_item or is_library_access):
# Add all non-deleted roles that fit the query
db_query = trans.sa_session.query(trans.app.model.Role).filter(self.model.Role.table.c.deleted == false())
if query is not None:
# Admins can always choose from all non-deleted roles
if trans.user_is_admin() or trans.app.config.expose_user_email:
if trans.user_is_admin():
db_query = trans.sa_session.query(trans.app.model.Role).filter(self.model.Role.table.c.deleted == false())
else:
# User is not an admin but the configuration exposes all private roles to all users.
db_query = trans.sa_session.query(trans.app.model.Role) \
.filter(and_(self.model.Role.table.c.deleted == false(),
self.model.Role.table.c.type == self.model.Role.types.PRIVATE))
if search_query:
db_query = db_query.filter(self.model.Role.table.c.name.like(search_query, escape='/'))
total_count = db_query.count()
if paginated:
if limit is not None:
# Takes the least number of results from beginning that includes the requested page
roles = db_query.order_by(self.model.Role.table.c.name).limit(limit).all()
page_start = (page * page_limit) - page_limit
page_end = page_start + page_limit
if total_count < page_start:
if total_count < page_start + 1:
# Return empty list if there are less results than the requested position
roles = []
else:
roles = roles[page_start:page_end]
else:
roles = db_query.order_by(self.model.Role.table.c.name)

# Non-admin and public item
elif is_public_item:
# Add the current user's private role
Expand All @@ -291,8 +291,7 @@ def get_valid_roles(self, trans, item, query=None, page=None, page_limit=None, i
# Add all remaining non-private, non-sharing roles
for role in self._get_npns_roles(trans):
roles.append(role)
# User is not admin and item is not public
# User will see all the roles derived from the access roles on the item
# User will see all the roles derived from the access roles on the item
else:
# If item has roles associated with the access permission, we need to start with them.
access_roles = item.get_access_roles(trans)
Expand Down
12 changes: 2 additions & 10 deletions lib/galaxy/webapps/galaxy/api/library_datasets.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,34 +105,26 @@ def show_roles(self, trans, encoded_dataset_id, **kwd):
current_user_roles = trans.get_current_user_roles()
library_dataset = self.ld_manager.get(trans, managers_base.decode_id(self.app, encoded_dataset_id))
dataset = library_dataset.library_dataset_dataset_association.dataset

# User has to have manage permissions permission in order to see the roles.
can_manage = trans.app.security_agent.can_manage_dataset(current_user_roles, dataset) or trans.user_is_admin()
if not can_manage:
raise exceptions.InsufficientPermissionsException('You do not have proper permission to access permissions.')

scope = kwd.get('scope', None)
if scope == 'current' or scope is None:
if scope in ['current', None]:
return self._get_current_roles(trans, library_dataset)

# Return roles that are available to select.
elif scope == 'available':
elif scope in ['available']:
page = kwd.get('page', None)
if page is not None:
page = int(page)
else:
page = 1

page_limit = kwd.get('page_limit', None)
if page_limit is not None:
page_limit = int(page_limit)
else:
page_limit = 10

query = kwd.get('q', None)

roles, total_roles = trans.app.security_agent.get_valid_roles(trans, dataset, query, page, page_limit)

return_roles = []
for role in roles:
role_id = trans.security.encode_id(role.id)
Expand Down

0 comments on commit 0d6a71d

Please sign in to comment.