Warning
This document is for an in-development version of Galaxy. You can alternatively view this page in the latest release if it exists or view the top of the latest release's documentation.
Source code for galaxy.security
"""
Galaxy Security
"""
from typing import (
List,
Optional,
)
from typing_extensions import Literal
from galaxy.util.bunch import Bunch
ActionModel = Literal["grant", "restrict"]
[docs]class Action:
action: str
description: str
model: ActionModel
[docs] def __init__(self, action: str, description: str, model: ActionModel):
self.action = action
self.description = description
self.model = model
[docs]class RBACAgent:
"""Class that handles galaxy security"""
permitted_actions = Bunch(
DATASET_MANAGE_PERMISSIONS=Action(
"manage permissions",
"Users having associated role can manage the roles associated with permissions on this dataset.",
"grant",
),
DATASET_ACCESS=Action(
"access",
"Users having all associated roles can import this dataset into their history for analysis.",
"restrict",
),
LIBRARY_ACCESS=Action(
"access library", "Restrict access to this library to only users having associated role", "restrict"
),
LIBRARY_ADD=Action(
"add library item", "Users having associated role can add library items to this library item", "grant"
),
LIBRARY_MODIFY=Action(
"modify library item", "Users having associated role can modify this library item", "grant"
),
LIBRARY_MANAGE=Action(
"manage library permissions",
"Users having associated role can manage roles associated with permissions on this library item",
"grant",
),
)
[docs] def get_action(self, name: str, default: Optional[Action] = None) -> Optional[Action]:
"""Get a permitted action by its dict key or action name"""
for k, v in self.permitted_actions.items():
if k == name or v.action == name:
return v
return default
[docs] def get_actions(self) -> List[Action]:
"""Get all permitted actions as a list of Action objects"""
return list(self.permitted_actions.__dict__.values())
[docs] def get_item_actions(self, action, item):
raise Exception(f"No valid method of retrieving action ({action}) for item {item}.")
[docs] def guess_derived_permissions_for_datasets(self, datasets=None):
datasets = datasets or []
raise Exception("Unimplemented Method")
[docs] def user_set_default_permissions(self, user, permissions=None, history=False, dataset=False):
permissions = permissions or {}
raise Exception("Unimplemented Method")
[docs] def history_set_default_permissions(self, history, permissions=None, dataset=False, bypass_manage_permission=False):
raise Exception("Unimplemented Method")
[docs] def set_all_dataset_permissions(self, dataset, permissions, new=False):
raise Exception("Unimplemented Method")
[docs] def set_dataset_permission(self, dataset, permission):
raise Exception("Unimplemented Method")
[docs] def set_all_library_permissions(self, trans, dataset, permissions):
raise Exception("Unimplemented Method")
[docs] def set_library_item_permission(self, library_item, permission):
raise Exception("Unimplemented Method")
[docs] def get_permitted_libraries(self, trans, user, actions):
raise Exception("Unimplemented Method")
[docs] def get_legitimate_roles(self, trans, item, cntrller):
raise Exception("Unimplemented Method")
[docs] def derive_roles_from_access(self, trans, item_id, cntrller, library=False, **kwd):
raise Exception("Unimplemented Method")
[docs] def components_are_associated(self, **kwd):
return bool(self.get_component_associations(**kwd))
[docs] def convert_permitted_action_strings(self, permitted_action_strings):
"""
When getting permitted actions from an untrusted source like a
form, ensure that they match our actual permitted actions.
"""
return [
_
for _ in [self.permitted_actions.get(action_string) for action_string in permitted_action_strings]
if _ is not None
]
[docs]def get_permitted_actions(filter=None):
"""Utility method to return a subset of RBACAgent's permitted actions"""
if filter is None:
return RBACAgent.permitted_actions
tmp_bunch = Bunch()
[tmp_bunch.dict().__setitem__(k, v) for k, v in RBACAgent.permitted_actions.items() if k.startswith(filter)]
return tmp_bunch