galaxy.security package¶

Galaxy Security

class galaxy.security.Action(action, description, model)[source]¶

Bases: object

__init__(action, description, model)[source]¶

class galaxy.security.RBACAgent[source]¶

Bases: object

Class that handles galaxy security

permitted_actions = <galaxy.util.bunch.Bunch object>¶

get_action(name, default=None)[source]¶: Get a permitted action by its dict key or action name

get_actions()[source]¶: Get all permitted actions as a list of Action objects

get_item_actions(action, item)[source]¶

guess_derived_permissions_for_datasets(datasets=[])[source]¶

can_access_dataset(roles, dataset)[source]¶

can_manage_dataset(roles, dataset)[source]¶

can_access_library(roles, library)[source]¶

can_add_library_item(roles, item)[source]¶

can_modify_library_item(roles, item)[source]¶

can_manage_library_item(roles, item)[source]¶

associate_components(**kwd)[source]¶

create_private_user_role(user)[source]¶

get_private_user_role(user)[source]¶

user_set_default_permissions(user, permissions={}, history=False, dataset=False)[source]¶

history_set_default_permissions(history, permissions=None, dataset=False, bypass_manage_permission=False)[source]¶

set_all_dataset_permissions(dataset, permissions, new=False)[source]¶

set_dataset_permission(dataset, permission)[source]¶

set_all_library_permissions(trans, dataset, permissions)[source]¶

set_library_item_permission(library_item, permission)[source]¶

library_is_public(library)[source]¶

make_library_public(library)[source]¶

get_accessible_libraries(trans, user)[source]¶

get_permitted_libraries(trans, user, actions)[source]¶

folder_is_public(library)[source]¶

make_folder_public(folder, count=0)[source]¶

dataset_is_public(dataset)[source]¶

make_dataset_public(dataset)[source]¶

get_permissions(library_dataset)[source]¶

get_all_roles(trans, cntrller)[source]¶

get_legitimate_roles(trans, item, cntrller)[source]¶

derive_roles_from_access(trans, item_id, cntrller, library=False, **kwd)[source]¶

get_component_associations(**kwd)[source]¶

components_are_associated(**kwd)[source]¶

convert_permitted_action_strings(permitted_action_strings)[source]¶: When getting permitted actions from an untrusted source like a form, ensure that they match our actual permitted actions.

class galaxy.security.GalaxyRBACAgent(model, permitted_actions=None)[source]¶

Bases: galaxy.security.RBACAgent

__init__(model, permitted_actions=None)[source]¶

sa_session¶: Returns a SQLAlchemy session

sort_by_attr(seq, attr)[source]¶: Sort the sequence of objects by object’s attribute Arguments: seq - the list or any sequence (including immutable one) of objects to sort. attr - the name of attribute to sort by

get_all_roles(trans, cntrller)[source]¶

get_roles_for_action(item, action)[source]¶: Return a list containing the roles associated with given action on given item where item is one of Library, LibraryFolder, LibraryDatasetDatasetAssociation, LibraryDataset, Dataset.

get_valid_roles(trans, item, query=None, page=None, page_limit=None, is_library_access=False)[source]¶: This method retrieves the list of possible roles that user can select in the item permissions form. Admins can select any role so the results are paginated in order to save the bandwidth and to speed things up. Standard users can select their own private role, any of their sharing roles and any public role (not private and not sharing).

get_legitimate_roles(trans, item, cntrller)[source]¶

Return a sorted list of legitimate roles that can be associated with a permission on item where item is a Library or a Dataset. The cntrller param is the controller from which the request is sent. We cannot use trans.user_is_admin because the controller is what is important since admin users do not necessarily have permission to do things on items outside of the admin view.

If cntrller is from the admin side ( e.g., library_admin ):

if item is public, all roles, including private roles, are legitimate.

if item is restricted, legitimate roles are derived from the users and groups associated with each role that is associated with the access permission ( i.e., DATASET_MANAGE_PERMISSIONS or LIBRARY_MANAGE ) on item. Legitimate roles will include private roles.

If cntrller is not from the admin side ( e.g., root, library ):

if item is public, all non-private roles, except for the current user’s private role, are legitimate.

if item is restricted, legitimate roles are derived from the users and groups associated with each role that is associated with the access permission on item. Private roles, except for the current user’s private role, will be excluded.

ok_to_display(user, role)[source]¶: Method for checking if: - a role is private and is the current user’s private role - a role is a sharing role and belongs to the current user

allow_action(roles, action, item)[source]¶: Method for checking a permission for the current user ( based on roles ) to perform a specific action on an item, which must be one of: Dataset, Library, LibraryFolder, LibraryDataset, LibraryDatasetDatasetAssociation

get_actions_for_items(trans, action, permission_items)[source]¶

allow_action_on_libitems(trans, user_roles, action, items)[source]¶: This should be the equivalent of allow_action defined on multiple items. It is meant to specifically replace allow_action for multiple LibraryDatasets, but it could be reproduced or modified for allow_action’s permitted classes - Dataset, Library, LibraryFolder, and LDDAs.

dataset_access_mapping(trans, user_roles, datasets)[source]¶: For the given list of datasets, return a mapping of the datasets’ ids to whether they can be accessed by the user or not. The datasets input is expected to be a simple list of Dataset objects.

dataset_permission_map_for_access(trans, user_roles, libitems)[source]¶: For a given list of library items (e.g., Datasets), return a map of the datasets’ ids to whether they can have permission to use that action (e.g., “access” or “modify”) on the dataset. The libitems input is expected to be a simple list of library items, such as Datasets or LibraryDatasets. NB: This is currently only usable for Datasets; it was intended to be used for any library item.

item_permission_map_for_modify(trans, user_roles, libitems)[source]¶

item_permission_map_for_manage(trans, user_roles, libitems)[source]¶

item_permission_map_for_add(trans, user_roles, libitems)[source]¶

can_access_dataset(user_roles, dataset)[source]¶

can_access_datasets(user_roles, action_tuples)[source]¶

can_manage_dataset(roles, dataset)[source]¶

can_access_library(roles, library)[source]¶

get_accessible_libraries(trans, user)[source]¶: Return all data libraries that the received user can access

has_accessible_folders(trans, folder, user, roles, search_downward=True)[source]¶

has_accessible_library_datasets(trans, folder, user, roles, search_downward=True)[source]¶

can_access_library_item(roles, item, user)[source]¶

can_add_library_item(roles, item)[source]¶

can_modify_library_item(roles, item)[source]¶

can_manage_library_item(roles, item)[source]¶

get_item_actions(action, item)[source]¶

guess_derived_permissions_for_datasets(datasets=[])[source]¶: Returns a dict of { action : [ role, role, … ] } for the output dataset based upon provided datasets

guess_derived_permissions(all_input_permissions)[source]¶

Returns a dict of { action : [ role_id, role_id, … ] } for the output dataset based upon input dataset permissions.

all_input_permissions should be of the form {action_name: set(role_ids)}

associate_components(**kwd)[source]¶

associate_user_group(user, group)[source]¶

associate_user_role(user, role)[source]¶

associate_group_role(group, role)[source]¶

associate_action_dataset_role(action, dataset, role)[source]¶

create_private_user_role(user)[source]¶

get_private_user_role(user, auto_create=False)[source]¶

get_role(name, type=None)[source]¶

create_role(name, description, in_users, in_groups, create_group_for_role=False, type=None)[source]¶

get_sharing_roles(user)[source]¶

user_set_default_permissions(user, permissions={}, history=False, dataset=False, bypass_manage_permission=False, default_access_private=False)[source]¶

user_get_default_permissions(user)[source]¶

history_set_default_permissions(history, permissions={}, dataset=False, bypass_manage_permission=False)[source]¶

history_get_default_permissions(history)[source]¶

set_all_dataset_permissions(dataset, permissions={}, new=False, flush=True)[source]¶: Set new full permissions on a dataset, eliminating all current permissions. Permission looks like: { Action : [ Role, Role ] }

set_dataset_permission(dataset, permission={})[source]¶: Set a specific permission on a dataset, leaving all other current permissions on the dataset alone. Permission looks like: { Action.action : [ Role, Role ] }

get_permissions(item)[source]¶: Return a dictionary containing the actions and associated roles on item where item is one of Library, LibraryFolder, LibraryDatasetDatasetAssociation, LibraryDataset, Dataset. The dictionary looks like: { Action : [ Role, Role ] }.

copy_dataset_permissions(src, dst)[source]¶

privately_share_dataset(dataset, users=[])[source]¶

set_all_library_permissions(trans, library_item, permissions={})[source]¶

set_library_item_permission(library_item, permission={})[source]¶: Set a specific permission on a library item, leaving all other current permissions on the item alone. Permission looks like: { Action.action : [ Role, Role ] }

library_is_public(library, contents=False)[source]¶

library_is_unrestricted(library)[source]¶

make_library_public(library, contents=False)[source]¶

folder_is_public(folder)[source]¶

folder_is_unrestricted(folder)[source]¶

make_folder_public(folder)[source]¶

dataset_is_public(dataset)[source]¶: A dataset is considered public if there are no “access” actions associated with it. Any other actions ( ‘manage permissions’, ‘edit metadata’ ) are irrelevant. Accessing dataset.actions will cause a query to be emitted.

dataset_is_unrestricted(trans, dataset)[source]¶: Different implementation of the method above with signature: def dataset_is_public( self, dataset )

dataset_is_private_to_user(trans, dataset)[source]¶: If the Dataset object has exactly one access role and that is the current user’s private role then we consider the dataset private.

datasets_are_public(trans, datasets)[source]¶: Given a transaction object and a list of Datasets, return a mapping from Dataset ids to whether the Dataset is public or not. All Dataset ids should be returned in the mapping’s keys.

make_dataset_public(dataset)[source]¶

derive_roles_from_access(trans, item_id, cntrller, library=False, **kwd)[source]¶

copy_library_permissions(trans, source_library_item, target_library_item, user=None)[source]¶

get_permitted_libraries(trans, user, actions)[source]¶

This method is historical (it is not currently used), but may be useful again at some point. It returns a dictionary whose keys are library objects and whose values are a comma-separated string of folder ids. This method works with the show_library_item() method below, and it returns libraries for which the received user has permission to perform the received actions. Here is an example call to this method to return all libraries for which the received user has LIBRARY_ADD permission:

libraries = trans.app.security_agent.get_permitted_libraries( trans, user,
    [ trans.app.security_agent.permitted_actions.LIBRARY_ADD ] )

show_library_item(user, roles, library_item, actions_to_check, hidden_folder_ids='')[source]¶: This method must be sent an instance of Library() or LibraryFolder(). Recursive execution produces a comma-separated string of folder ids whose folders do NOT meet the criteria for showing. Along with the string, True is returned if the current user has permission to perform any 1 of actions_to_check on library_item. Otherwise, cycle through all sub-folders in library_item until one is found that meets this criteria, if it exists. This method does not necessarily scan the entire library as it returns when it finds the first library_item that allows user to perform any one action in actions_to_check.

get_showable_folders(user, roles, library_item, actions_to_check, hidden_folder_ids=[], showable_folders=[])[source]¶: This method must be sent an instance of Library(), all the folders of which are scanned to determine if user is allowed to perform any action in actions_to_check. The param hidden_folder_ids, if passed, should contain a list of folder IDs which was generated when the library was previously scanned using the same actions_to_check. A list of showable folders is generated. This method scans the entire library.

set_entity_user_associations(users=[], roles=[], groups=[], delete_existing_assocs=True)[source]¶

set_entity_group_associations(groups=[], users=[], roles=[], delete_existing_assocs=True)[source]¶

set_entity_role_associations(roles=[], users=[], groups=[], delete_existing_assocs=True)[source]¶

get_component_associations(**kwd)[source]¶

check_folder_contents(user, roles, folder, hidden_folder_ids='')[source]¶: This method must always be sent an instance of LibraryFolder(). Recursive execution produces a comma-separated string of folder ids whose folders do NOT meet the criteria for showing. Along with the string, True is returned if the current user has permission to access folder. Otherwise, cycle through all sub-folders in folder until one is found that meets this criteria, if it exists. This method does not necessarily scan the entire library as it returns when it finds the first folder that is accessible to user.

class galaxy.security.HostAgent(model, permitted_actions=None)[source]¶

Bases: galaxy.security.RBACAgent

A simple security agent which allows access to datasets based on host. This exists so that externals sites such as UCSC can gain access to datasets which have permissions which would normally prevent such access.

sites = <galaxy.util.bunch.Bunch object>¶

__init__(model, permitted_actions=None)[source]¶

sa_session¶: Returns a SQLAlchemy session

allow_action(addr, action, **kwd)[source]¶

set_dataset_permissions(hda, user, site)[source]¶

galaxy.security.get_permitted_actions(filter=None)[source]¶: Utility method to return a subset of RBACAgent’s permitted actions

Submodules¶

galaxy.security.passwords module¶

galaxy.security.passwords.hash_password(password)[source]¶: Hash a password, currently will use the PBKDF2 scheme.

galaxy.security.passwords.check_password(guess, hashed)[source]¶: Check a hashed password. Supports either PBKDF2 if the hash is prefixed with that string, or sha1 otherwise.

galaxy.security.passwords.hash_password_PBKDF2(password)[source]¶

galaxy.security.passwords.check_password_PBKDF2(guess, hashed)[source]¶

galaxy.security.passwords.pbkdf2_bin(data, salt, iterations=1000, keylen=24, hashfunc=None)[source]¶: Returns a binary digest for the PBKDF2 hash algorithm of data with the given salt. It iterates iterations time and produces a key of keylen bytes. By default SHA-1 is used as hash function, a different hashlib hashfunc can be provided.

galaxy.security.validate_user_input module¶

Utilities for validating inputs related to user objects.

The validate_* methods in this file return simple messages that do not contain user inputs - so these methods do not need to be escaped.

galaxy.security.validate_user_input.validate_email(trans, email, user=None, check_dup=True, allow_empty=False)[source]¶: Validates the email format, also checks whether the domain is blacklisted in the disposable domains configuration.

galaxy.security.validate_user_input.validate_publicname(trans, publicname, user=None)[source]¶

galaxy.security.validate_user_input.transform_publicname(trans, publicname, user=None)[source]¶

galaxy.security.validate_user_input.validate_password(trans, password, confirm)[source]¶