Warning

This document is for an in-development version of Galaxy. You can alternatively view this page in the latest release if it exists or view the top of the latest release's documentation.

galaxy.security package

Galaxy Security

class galaxy.security.Action(action, description, model)[source]

Bases: object

__init__(action, description, model)[source]
class galaxy.security.RBACAgent[source]

Bases: object

Class that handles galaxy security

permitted_actions = <galaxy.util.bunch.Bunch object>
get_action(name, default=None)[source]

Get a permitted action by its dict key or action name

get_actions()[source]

Get all permitted actions as a list of Action objects

get_item_actions(action, item)[source]
guess_derived_permissions_for_datasets(datasets=None)[source]
can_access_dataset(roles, dataset)[source]
can_manage_dataset(roles, dataset)[source]
can_access_library(roles, library)[source]
can_add_library_item(roles, item)[source]
can_modify_library_item(roles, item)[source]
can_manage_library_item(roles, item)[source]
associate_components(**kwd)[source]
create_private_user_role(user)[source]
get_private_user_role(user)[source]
user_set_default_permissions(user, permissions=None, history=False, dataset=False)[source]
history_set_default_permissions(history, permissions=None, dataset=False, bypass_manage_permission=False)[source]
set_all_dataset_permissions(dataset, permissions, new=False)[source]
set_dataset_permission(dataset, permission)[source]
set_all_library_permissions(trans, dataset, permissions)[source]
set_library_item_permission(library_item, permission)[source]
library_is_public(library)[source]
make_library_public(library)[source]
get_accessible_libraries(trans, user)[source]
get_permitted_libraries(trans, user, actions)[source]
folder_is_public(library)[source]
make_folder_public(folder, count=0)[source]
dataset_is_public(dataset)[source]
make_dataset_public(dataset)[source]
get_permissions(library_dataset)[source]
get_all_roles(trans, cntrller)[source]
get_legitimate_roles(trans, item, cntrller)[source]
derive_roles_from_access(trans, item_id, cntrller, library=False, **kwd)[source]
get_component_associations(**kwd)[source]
components_are_associated(**kwd)[source]
convert_permitted_action_strings(permitted_action_strings)[source]

When getting permitted actions from an untrusted source like a form, ensure that they match our actual permitted actions.

galaxy.security.get_permitted_actions(filter=None)[source]

Utility method to return a subset of RBACAgent’s permitted actions

Submodules

galaxy.security.idencoding module

class galaxy.security.idencoding.IdEncodingHelper(**config)[source]

Bases: object

__init__(**config)[source]
encode_id(obj_id, kind=None)[source]
encode_dict_ids(a_dict, kind=None, skip_startswith=None)[source]

Encode all ids in dictionary. Ids are identified by (a) an ‘id’ key or (b) a key that ends with ‘_id’

encode_all_ids(rval, recursive=False)[source]

Encodes all integer values in the dict rval whose keys are ‘id’ or end with ‘_id’ excluding tool_id which are consumed and produced as is via the API.

decode_id(obj_id, kind=None, object_name: Optional[str] = None)[source]
encode_guid(session_key)[source]
decode_guid(session_key)[source]
get_new_guid()[source]

galaxy.security.passwords module

galaxy.security.passwords.hash_password(password)[source]

Hash a password, currently will use the PBKDF2 scheme.

galaxy.security.passwords.check_password(guess, hashed)[source]

Check a hashed password. Supports either PBKDF2 if the hash is prefixed with that string, or sha1 otherwise.

galaxy.security.passwords.hash_password_PBKDF2(password)[source]
galaxy.security.passwords.check_password_PBKDF2(guess, hashed)[source]
galaxy.security.passwords.pbkdf2_bin(data, salt, iterations=100000, keylen=24, hashfunc='sha256')[source]

Returns a binary digest for the PBKDF2 hash algorithm of data with the given salt. It iterates iterations time and produces a key of keylen bytes. By default SHA-256 is used as hash function, a different hashlib hashfunc can be provided.

galaxy.security.validate_user_input module

Utilities for validating inputs related to user objects.

The validate_* methods in this file return simple messages that do not contain user inputs - so these methods do not need to be escaped.

galaxy.security.validate_user_input.validate_email_str(email)[source]

Validates a string containing an email address.

galaxy.security.validate_user_input.validate_password_str(password)[source]
galaxy.security.validate_user_input.validate_publicname_str(publicname)[source]

Validates a string containing a public username.

galaxy.security.validate_user_input.validate_email(trans, email, user=None, check_dup=True, allow_empty=False, validate_domain=False)[source]

Validates the email format, also checks whether the domain is blocklisted in the disposable domains configuration.

galaxy.security.validate_user_input.validate_domain_resolves(domain)[source]
galaxy.security.validate_user_input.extract_domain(email, base_only=False)[source]
galaxy.security.validate_user_input.validate_publicname(trans, publicname, user=None)[source]

Check that publicname respects the minimum and maximum string length, the allowed characters, and that the username is not taken already.

galaxy.security.validate_user_input.transform_publicname(publicname)[source]

Transform publicname to respect the minimum and maximum string length, and the allowed characters. FILL_CHAR is used to extend or replace characters.

galaxy.security.validate_user_input.validate_password(trans, password, confirm)[source]