Warning

This document is for an old release of Galaxy. You can alternatively view this page in the latest release if it exists or view the top of the latest release's documentation.

Source code for galaxy.webapps.galaxy.api.roles

"""
API operations on Role objects.
"""
import logging

from sqlalchemy import false

from galaxy import web
from galaxy.web.base.controller import BaseAPIController, url_for

log = logging.getLogger(__name__)


[docs]class RoleAPIController(BaseAPIController):
[docs] @web.expose_api def index(self, trans, **kwd): """ GET /api/roles Displays a collection (list) of roles. """ rval = [] for role in trans.sa_session.query(trans.app.model.Role).filter(trans.app.model.Role.table.c.deleted == false()): if trans.user_is_admin() or trans.app.security_agent.ok_to_display(trans.user, role): item = role.to_dict(value_mapper={'id': trans.security.encode_id}) encoded_id = trans.security.encode_id(role.id) item['url'] = url_for('role', id=encoded_id) rval.append(item) return rval
[docs] @web.expose_api def show(self, trans, id, **kwd): """ GET /api/roles/{encoded_role_id} Displays information about a role. """ role_id = id try: decoded_role_id = trans.security.decode_id(role_id) except Exception: trans.response.status = 400 return "Malformed role id ( %s ) specified, unable to decode." % str(role_id) try: role = trans.sa_session.query(trans.app.model.Role).get(decoded_role_id) except Exception: role = None if not role or not (trans.user_is_admin() or trans.app.security_agent.ok_to_display(trans.user, role)): trans.response.status = 400 return "Invalid role id ( %s ) specified." % str(role_id) item = role.to_dict(view='element', value_mapper={'id': trans.security.encode_id}) item['url'] = url_for('role', id=role_id) return item
[docs] @web.expose_api def create(self, trans, payload, **kwd): """ POST /api/roles Creates a new role. """ if not trans.user_is_admin(): trans.response.status = 403 return "You are not authorized to create a new role." name = payload.get('name', None) description = payload.get('description', None) if not name or not description: trans.response.status = 400 return "Enter a valid name and a description" if trans.sa_session.query(trans.app.model.Role).filter(trans.app.model.Role.table.c.name == name).first(): trans.response.status = 400 return "A role with that name already exists" role_type = trans.app.model.Role.types.ADMIN # TODO: allow non-admins to create roles role = trans.app.model.Role(name=name, description=description, type=role_type) trans.sa_session.add(role) user_ids = payload.get('user_ids', []) users = [trans.sa_session.query(trans.model.User).get(trans.security.decode_id(i)) for i in user_ids] group_ids = payload.get('group_ids', []) groups = [trans.sa_session.query(trans.model.Group).get(trans.security.decode_id(i)) for i in group_ids] # Create the UserRoleAssociations for user in users: trans.app.security_agent.associate_user_role(user, role) # Create the GroupRoleAssociations for group in groups: trans.app.security_agent.associate_group_role(group, role) trans.sa_session.flush() encoded_id = trans.security.encode_id(role.id) item = role.to_dict(view='element', value_mapper={'id': trans.security.encode_id}) item['url'] = url_for('role', id=encoded_id) return [item]