galaxy.security package

Galaxy Security

class galaxy.security.Action(action, description, model)[source]

Bases: object

__init__(action, description, model)[source]
class galaxy.security.GalaxyRBACAgent(model, permitted_actions=None)[source]

Bases: galaxy.security.RBACAgent

__init__(model, permitted_actions=None)[source]
allow_action(roles, action, item)[source]

Method for checking a permission for the current user ( based on roles ) to perform a specific action on an item, which must be one of: Dataset, Library, LibraryFolder, LibraryDataset, LibraryDatasetDatasetAssociation

allow_action_on_libitems(trans, user_roles, action, items)[source]

This should be the equivalent of allow_action defined on multiple items. It is meant to specifically replace allow_action for multiple LibraryDatasets, but it could be reproduced or modified for allow_action’s permitted classes - Dataset, Library, LibraryFolder, and LDDAs.

associate_action_dataset_role(action, dataset, role)[source]
associate_components(**kwd)[source]
associate_group_role(group, role)[source]
associate_user_group(user, group)[source]
associate_user_role(user, role)[source]
can_access_dataset(user_roles, dataset)[source]
can_access_library(roles, library)[source]
can_access_library_item(roles, item, user)[source]
can_access_request_type(roles, request_type)[source]
can_add_library_item(roles, item)[source]
can_manage_dataset(roles, dataset)[source]
can_manage_library_item(roles, item)[source]
can_modify_library_item(roles, item)[source]
check_folder_contents(user, roles, folder, hidden_folder_ids='')[source]

This method must always be sent an instance of LibraryFolder(). Recursive execution produces a comma-separated string of folder ids whose folders do NOT meet the criteria for showing. Along with the string, True is returned if the current user has permission to access folder. Otherwise, cycle through all sub-folders in folder until one is found that meets this criteria, if it exists. This method does not necessarily scan the entire library as it returns when it finds the first folder that is accessible to user.

copy_dataset_permissions(src, dst)[source]
copy_library_permissions(trans, source_library_item, target_library_item, user=None)[source]
create_private_user_role(user)[source]
dataset_access_mapping(trans, user_roles, datasets)[source]

For the given list of datasets, return a mapping of the datasets’ ids to whether they can be accessed by the user or not. The datasets input is expected to be a simple list of Dataset objects.

dataset_is_private_to_user(trans, dataset)[source]

If the LibraryDataset object has exactly one access role and that is the current user’s private role then we consider the dataset private.

dataset_is_public(dataset)[source]

A dataset is considered public if there are no “access” actions associated with it. Any other actions ( ‘manage permissions’, ‘edit metadata’ ) are irrelevant. Accessing dataset.actions will cause a query to be emitted.

dataset_is_unrestricted(trans, dataset)[source]

Different implementation of the method above with signature: def dataset_is_public( self, dataset )

dataset_permission_map_for_access(trans, user_roles, libitems)[source]

For a given list of library items (e.g., Datasets), return a map of the datasets’ ids to whether they can have permission to use that action (e.g., “access” or “modify”) on the dataset. The libitems input is expected to be a simple list of library items, such as Datasets or LibraryDatasets. NB: This is currently only usable for Datasets; it was intended to be used for any library item.

datasets_are_public(trans, datasets)[source]

Given a transaction object and a list of Datasets, return a mapping from Dataset ids to whether the Dataset is public or not. All Dataset ids should be returned in the mapping’s keys.

derive_roles_from_access(trans, item_id, cntrller, library=False, **kwd)[source]
folder_is_public(folder)[source]
folder_is_unrestricted(folder)[source]
get_accessible_libraries(trans, user)[source]

Return all data libraries that the received user can access

get_accessible_request_types(trans, user)[source]

Return all RequestTypes that the received user has permission to access.

get_actions_for_items(trans, action, permission_items)[source]
get_all_roles(trans, cntrller)[source]
get_component_associations(**kwd)[source]
get_item_actions(action, item)[source]
get_legitimate_roles(trans, item, cntrller)[source]

Return a sorted list of legitimate roles that can be associated with a permission on item where item is a Library or a Dataset. The cntrller param is the controller from which the request is sent. We cannot use trans.user_is_admin() because the controller is what is important since admin users do not necessarily have permission to do things on items outside of the admin view.

If cntrller is from the admin side ( e.g., library_admin ):

  • if item is public, all roles, including private roles, are legitimate.
  • if item is restricted, legitimate roles are derived from the users and groups associated with each role that is associated with the access permission ( i.e., DATASET_MANAGE_PERMISSIONS or LIBRARY_MANAGE ) on item. Legitimate roles will include private roles.

If cntrller is not from the admin side ( e.g., root, library ):

  • if item is public, all non-private roles, except for the current user’s private role, are legitimate.
  • if item is restricted, legitimate roles are derived from the users and groups associated with each role that is associated with the access permission on item. Private roles, except for the current user’s private role, will be excluded.
get_permissions(item)[source]

Return a dictionary containing the actions and associated roles on item where item is one of Library, LibraryFolder, LibraryDatasetDatasetAssociation, LibraryDataset, Dataset. The dictionary looks like: { Action : [ Role, Role ] }.

get_permitted_libraries(trans, user, actions)[source]

This method is historical (it is not currently used), but may be useful again at some point. It returns a dictionary whose keys are library objects and whose values are a comma-separated string of folder ids. This method works with the show_library_item() method below, and it returns libraries for which the received user has permission to perform the received actions. Here is an example call to this method to return all libraries for which the received user has LIBRARY_ADD permission:

libraries = trans.app.security_agent.get_permitted_libraries( trans, user,
    [ trans.app.security_agent.permitted_actions.LIBRARY_ADD ] )
get_private_user_role(user, auto_create=False)[source]
get_roles_for_action(item, action)[source]

Return a list containing the roles associated with given action on given item where item is one of Library, LibraryFolder, LibraryDatasetDatasetAssociation, LibraryDataset, Dataset.

get_sharing_roles(user)[source]
get_showable_folders(user, roles, library_item, actions_to_check, hidden_folder_ids=[], showable_folders=[])[source]

This method must be sent an instance of Library(), all the folders of which are scanned to determine if user is allowed to perform any action in actions_to_check. The param hidden_folder_ids, if passed, should contain a list of folder IDs which was generated when the library was previously scanned using the same actions_to_check. A list of showable folders is generated. This method scans the entire library.

get_valid_roles(trans, item, query=None, page=None, page_limit=None, is_library_access=False)[source]

This method retrieves the list of possible roles that user can select in the item permissions form. Admins can select any role so the results are paginated in order to save the bandwidth and to speed things up. Standard users can select their own private role, any of their sharing roles and any public role (not private and not sharing).

guess_derived_permissions_for_datasets(datasets=[])[source]

Returns a dict of { action : [ role, role, ... ] } for the output dataset based upon provided datasets

has_accessible_folders(trans, folder, user, roles, search_downward=True)[source]
has_accessible_library_datasets(trans, folder, user, roles, search_downward=True)[source]
history_get_default_permissions(history)[source]
history_set_default_permissions(history, permissions={}, dataset=False, bypass_manage_permission=False)[source]
item_permission_map_for_add(trans, user_roles, libitems)[source]
item_permission_map_for_manage(trans, user_roles, libitems)[source]
item_permission_map_for_modify(trans, user_roles, libitems)[source]
library_is_public(library, contents=False)[source]
library_is_unrestricted(library)[source]
make_dataset_public(dataset)[source]
make_folder_public(folder)[source]
make_library_public(library, contents=False)[source]
ok_to_display(user, role)[source]

Method for checking if: - a role is private and is the current user’s private role - a role is a sharing role and belongs to the current user

privately_share_dataset(dataset, users=[])[source]
sa_session

Returns a SQLAlchemy session

set_all_dataset_permissions(dataset, permissions={}, new=False, flush=True)[source]

Set new full permissions on a dataset, eliminating all current permissions. Permission looks like: { Action : [ Role, Role ] }

set_all_library_permissions(trans, library_item, permissions={})[source]
set_dataset_permission(dataset, permission={})[source]

Set a specific permission on a dataset, leaving all other current permissions on the dataset alone. Permission looks like: { Action.action : [ Role, Role ] }

set_entity_group_associations(groups=[], users=[], roles=[], delete_existing_assocs=True)[source]
set_entity_role_associations(roles=[], users=[], groups=[], delete_existing_assocs=True)[source]
set_entity_user_associations(users=[], roles=[], groups=[], delete_existing_assocs=True)[source]
set_library_item_permission(library_item, permission={})[source]

Set a specific permission on a library item, leaving all other current permissions on the item alone. Permission looks like: { Action.action : [ Role, Role ] }

set_request_type_permissions(request_type, permissions={})[source]
show_library_item(user, roles, library_item, actions_to_check, hidden_folder_ids='')[source]

This method must be sent an instance of Library() or LibraryFolder(). Recursive execution produces a comma-separated string of folder ids whose folders do NOT meet the criteria for showing. Along with the string, True is returned if the current user has permission to perform any 1 of actions_to_check on library_item. Otherwise, cycle through all sub-folders in library_item until one is found that meets this criteria, if it exists. This method does not necessarily scan the entire library as it returns when it finds the first library_item that allows user to perform any one action in actions_to_check.

sort_by_attr(seq, attr)[source]

Sort the sequence of objects by object’s attribute Arguments: seq - the list or any sequence (including immutable one) of objects to sort. attr - the name of attribute to sort by

user_get_default_permissions(user)[source]
user_set_default_permissions(user, permissions={}, history=False, dataset=False, bypass_manage_permission=False, default_access_private=False)[source]
class galaxy.security.HostAgent(model, permitted_actions=None)[source]

Bases: galaxy.security.RBACAgent

A simple security agent which allows access to datasets based on host. This exists so that externals sites such as UCSC can gain access to datasets which have permissions which would normally prevent such access.

__init__(model, permitted_actions=None)[source]
allow_action(addr, action, **kwd)[source]
sa_session

Returns a SQLAlchemy session

set_dataset_permissions(hda, user, site)[source]
sites = <galaxy.util.bunch.Bunch object>
class galaxy.security.RBACAgent[source]

Class that handles galaxy security

associate_components(**kwd)[source]
can_access_dataset(roles, dataset)[source]
can_access_library(roles, library)[source]
can_add_library_item(roles, item)[source]
can_manage_dataset(roles, dataset)[source]
can_manage_library_item(roles, item)[source]
can_modify_library_item(roles, item)[source]
components_are_associated(**kwd)[source]
convert_permitted_action_strings(permitted_action_strings)[source]

When getting permitted actions from an untrusted source like a form, ensure that they match our actual permitted actions.

create_private_user_role(user)[source]
dataset_is_public(dataset)[source]
derive_roles_from_access(trans, item_id, cntrller, library=False, **kwd)[source]
folder_is_public(library)[source]
get_accessible_libraries(trans, user)[source]
get_accessible_request_types(trans, user)[source]
get_action(name, default=None)[source]

Get a permitted action by its dict key or action name

get_actions()[source]

Get all permitted actions as a list of Action objects

get_all_roles(trans, cntrller)[source]
get_component_associations(**kwd)[source]
get_item_actions(action, item)[source]
get_legitimate_roles(trans, item, cntrller)[source]
get_permissions(library_dataset)[source]
get_permitted_libraries(trans, user, actions)[source]
get_private_user_role(user)[source]
guess_derived_permissions_for_datasets(datasets=[])[source]
history_set_default_permissions(history, permissions=None, dataset=False, bypass_manage_permission=False)[source]
library_is_public(library)[source]
make_dataset_public(dataset)[source]
make_folder_public(folder, count=0)[source]
make_library_public(library)[source]
permitted_actions = <galaxy.util.bunch.Bunch object>
set_all_dataset_permissions(dataset, permissions, new=False)[source]
set_all_library_permissions(trans, dataset, permissions)[source]
set_dataset_permission(dataset, permission)[source]
set_library_item_permission(library_item, permission)[source]
user_set_default_permissions(user, permissions={}, history=False, dataset=False)[source]
galaxy.security.get_permitted_actions(filter=None)[source]

Utility method to return a subset of RBACAgent’s permitted actions

Submodules

galaxy.security.passwords module

galaxy.security.passwords.check_password(guess, hashed)[source]

Check a hashed password. Supports either PBKDF2 if the hash is prefixed with that string, or sha1 otherwise.

galaxy.security.passwords.check_password_PBKDF2(guess, hashed)[source]
galaxy.security.passwords.hash_password(password)[source]

Hash a password, currently will use the PBKDF2 scheme.

galaxy.security.passwords.hash_password_PBKDF2(password)[source]
galaxy.security.passwords.pbkdf2_bin(data, salt, iterations=1000, keylen=24, hashfunc=None)[source]

Returns a binary digest for the PBKDF2 hash algorithm of data with the given salt. It iterates iterations time and produces a key of keylen bytes. By default SHA-1 is used as hash function, a different hashlib hashfunc can be provided.

galaxy.security.validate_user_input module

Utilities for validating inputs related to user objects.

The validate_* methods in this file return simple messages that do not contain user inputs - so these methods do not need to be escaped.

galaxy.security.validate_user_input.transform_publicname(trans, publicname, user=None)[source]
galaxy.security.validate_user_input.validate_email(trans, email, user=None, check_dup=True)[source]

Validates the email format, also checks whether the domain is blacklisted in the disposable domains configuration.

galaxy.security.validate_user_input.validate_password(trans, password, confirm)[source]
galaxy.security.validate_user_input.validate_publicname(trans, publicname, user=None)[source]