Warning
This document is for an old release of Galaxy. You can alternatively view this page in the latest release if it exists or view the top of the latest release's documentation.
Source code for galaxy.webapps.galaxy.api.roles
"""
API operations on Role objects.
"""
import logging
from sqlalchemy import false
from galaxy import web
from galaxy.web.base.controller import BaseAPIController, url_for
log = logging.getLogger(__name__)
[docs]class RoleAPIController(BaseAPIController):
[docs] @web.expose_api
def index(self, trans, **kwd):
"""
GET /api/roles
Displays a collection (list) of roles.
"""
rval = []
for role in trans.sa_session.query(trans.app.model.Role).filter(trans.app.model.Role.table.c.deleted == false()):
if trans.user_is_admin() or trans.app.security_agent.ok_to_display(trans.user, role):
item = role.to_dict(value_mapper={'id': trans.security.encode_id})
encoded_id = trans.security.encode_id(role.id)
item['url'] = url_for('role', id=encoded_id)
rval.append(item)
return rval
[docs] @web.expose_api
def show(self, trans, id, **kwd):
"""
GET /api/roles/{encoded_role_id}
Displays information about a role.
"""
role_id = id
try:
decoded_role_id = trans.security.decode_id(role_id)
except Exception:
trans.response.status = 400
return "Malformed role id ( %s ) specified, unable to decode." % str(role_id)
try:
role = trans.sa_session.query(trans.app.model.Role).get(decoded_role_id)
except Exception:
role = None
if not role or not (trans.user_is_admin() or trans.app.security_agent.ok_to_display(trans.user, role)):
trans.response.status = 400
return "Invalid role id ( %s ) specified." % str(role_id)
item = role.to_dict(view='element', value_mapper={'id': trans.security.encode_id})
item['url'] = url_for('role', id=role_id)
return item
[docs] @web.expose_api
def create(self, trans, payload, **kwd):
"""
POST /api/roles
Creates a new role.
"""
if not trans.user_is_admin():
trans.response.status = 403
return "You are not authorized to create a new role."
name = payload.get('name', None)
description = payload.get('description', None)
if not name or not description:
trans.response.status = 400
return "Enter a valid name and a description"
if trans.sa_session.query(trans.app.model.Role).filter(trans.app.model.Role.table.c.name == name).first():
trans.response.status = 400
return "A role with that name already exists"
role_type = trans.app.model.Role.types.ADMIN # TODO: allow non-admins to create roles
role = trans.app.model.Role(name=name, description=description, type=role_type)
trans.sa_session.add(role)
user_ids = payload.get('user_ids', [])
users = [trans.sa_session.query(trans.model.User).get(trans.security.decode_id(i)) for i in user_ids]
group_ids = payload.get('group_ids', [])
groups = [trans.sa_session.query(trans.model.Group).get(trans.security.decode_id(i)) for i in group_ids]
# Create the UserRoleAssociations
for user in users:
trans.app.security_agent.associate_user_role(user, role)
# Create the GroupRoleAssociations
for group in groups:
trans.app.security_agent.associate_group_role(group, role)
trans.sa_session.flush()
encoded_id = trans.security.encode_id(role.id)
item = role.to_dict(view='element', value_mapper={'id': trans.security.encode_id})
item['url'] = url_for('role', id=encoded_id)
return [item]