Warning

This document is for an in-development version of Galaxy. You can alternatively view this page in the latest release if it exists or view the top of the latest release's documentation.

galaxy.security package

Galaxy Security

class galaxy.security.Action(action, description, model)[source]

Bases: object

__init__(action, description, model)[source]
class galaxy.security.RBACAgent[source]

Bases: object

Class that handles galaxy security

associate_components(**kwd)[source]
can_access_dataset(roles, dataset)[source]
can_access_library(roles, library)[source]
can_add_library_item(roles, item)[source]
can_manage_dataset(roles, dataset)[source]
can_manage_library_item(roles, item)[source]
can_modify_library_item(roles, item)[source]
components_are_associated(**kwd)[source]
convert_permitted_action_strings(permitted_action_strings)[source]

When getting permitted actions from an untrusted source like a form, ensure that they match our actual permitted actions.

create_private_user_role(user)[source]
dataset_is_public(dataset)[source]
derive_roles_from_access(trans, item_id, cntrller, library=False, **kwd)[source]
folder_is_public(library)[source]
get_accessible_libraries(trans, user)[source]
get_action(name, default=None)[source]

Get a permitted action by its dict key or action name

get_actions()[source]

Get all permitted actions as a list of Action objects

get_all_roles(trans, cntrller)[source]
get_component_associations(**kwd)[source]
get_item_actions(action, item)[source]
get_legitimate_roles(trans, item, cntrller)[source]
get_permissions(library_dataset)[source]
get_permitted_libraries(trans, user, actions)[source]
get_private_user_role(user)[source]
guess_derived_permissions_for_datasets(datasets=None)[source]
history_set_default_permissions(history, permissions=None, dataset=False, bypass_manage_permission=False)[source]
library_is_public(library)[source]
make_dataset_public(dataset)[source]
make_folder_public(folder, count=0)[source]
make_library_public(library)[source]
permitted_actions = <galaxy.util.bunch.Bunch object>
set_all_dataset_permissions(dataset, permissions, new=False)[source]
set_all_library_permissions(trans, dataset, permissions)[source]
set_dataset_permission(dataset, permission)[source]
set_library_item_permission(library_item, permission)[source]
user_set_default_permissions(user, permissions=None, history=False, dataset=False)[source]
galaxy.security.get_permitted_actions(filter=None)[source]

Utility method to return a subset of RBACAgent’s permitted actions

Submodules

galaxy.security.idencoding module

class galaxy.security.idencoding.IdEncodingHelper(**config)[source]

Bases: object

__init__(**config)[source]
decode_guid(session_key)[source]
decode_id(obj_id, kind=None, object_name: typing.Optional[str] = None)[source]
encode_all_ids(rval, recursive=False)[source]

Encodes all integer values in the dict rval whose keys are ‘id’ or end with ‘_id’ excluding tool_id which are consumed and produced as is via the API.

encode_dict_ids(a_dict, kind=None, skip_startswith=None)[source]

Encode all ids in dictionary. Ids are identified by (a) an ‘id’ key or (b) a key that ends with ‘_id’

encode_guid(session_key)[source]
encode_id(obj_id, kind=None)[source]
get_new_guid()[source]

galaxy.security.passwords module

galaxy.security.passwords.check_password(guess, hashed)[source]

Check a hashed password. Supports either PBKDF2 if the hash is prefixed with that string, or sha1 otherwise.

galaxy.security.passwords.check_password_PBKDF2(guess, hashed)[source]
galaxy.security.passwords.hash_password(password)[source]

Hash a password, currently will use the PBKDF2 scheme.

galaxy.security.passwords.hash_password_PBKDF2(password)[source]
galaxy.security.passwords.pbkdf2_bin(data, salt, iterations=100000, keylen=24, hashfunc='sha256')[source]

Returns a binary digest for the PBKDF2 hash algorithm of data with the given salt. It iterates iterations time and produces a key of keylen bytes. By default SHA-256 is used as hash function, a different hashlib hashfunc can be provided.

galaxy.security.validate_user_input module

Utilities for validating inputs related to user objects.

The validate_* methods in this file return simple messages that do not contain user inputs - so these methods do not need to be escaped.

galaxy.security.validate_user_input.extract_domain(email, base_only=False)[source]
galaxy.security.validate_user_input.transform_publicname(publicname)[source]

Transform publicname to respect the minimum and maximum string length, and the allowed characters. FILL_CHAR is used to extend or replace characters.

galaxy.security.validate_user_input.validate_email(trans, email, user=None, check_dup=True, allow_empty=False)[source]

Validates the email format, also checks whether the domain is blocklisted in the disposable domains configuration.

galaxy.security.validate_user_input.validate_email_str(email)[source]

Validates a string containing an email address.

galaxy.security.validate_user_input.validate_password(trans, password, confirm)[source]
galaxy.security.validate_user_input.validate_password_str(password)[source]
galaxy.security.validate_user_input.validate_publicname(trans, publicname, user=None)[source]

Check that publicname respects the minimum and maximum string length, the allowed characters, and that the username is not taken already.

galaxy.security.validate_user_input.validate_publicname_str(publicname)[source]

Validates a string containing a public username.