galaxy.security package

Galaxy Security

class galaxy.security.Action(action, description, model)[source]

Bases: object

__init__(action, description, model)[source]
class galaxy.security.RBACAgent[source]

Bases: object

Class that handles galaxy security

permitted_actions = <galaxy.util.bunch.Bunch object>
get_action(name, default=None)[source]

Get a permitted action by its dict key or action name

get_actions()[source]

Get all permitted actions as a list of Action objects

get_item_actions(action, item)[source]
guess_derived_permissions_for_datasets(datasets=[])[source]
can_access_dataset(roles, dataset)[source]
can_manage_dataset(roles, dataset)[source]
can_access_library(roles, library)[source]
can_add_library_item(roles, item)[source]
can_modify_library_item(roles, item)[source]
can_manage_library_item(roles, item)[source]
associate_components(**kwd)[source]
create_private_user_role(user)[source]
get_private_user_role(user)[source]
user_set_default_permissions(user, permissions={}, history=False, dataset=False)[source]
history_set_default_permissions(history, permissions=None, dataset=False, bypass_manage_permission=False)[source]
set_all_dataset_permissions(dataset, permissions, new=False)[source]
set_dataset_permission(dataset, permission)[source]
set_all_library_permissions(trans, dataset, permissions)[source]
set_library_item_permission(library_item, permission)[source]
library_is_public(library)[source]
make_library_public(library)[source]
get_accessible_libraries(trans, user)[source]
get_permitted_libraries(trans, user, actions)[source]
folder_is_public(library)[source]
make_folder_public(folder, count=0)[source]
dataset_is_public(dataset)[source]
make_dataset_public(dataset)[source]
get_permissions(library_dataset)[source]
get_all_roles(trans, cntrller)[source]
get_legitimate_roles(trans, item, cntrller)[source]
derive_roles_from_access(trans, item_id, cntrller, library=False, **kwd)[source]
get_component_associations(**kwd)[source]
components_are_associated(**kwd)[source]
convert_permitted_action_strings(permitted_action_strings)[source]

When getting permitted actions from an untrusted source like a form, ensure that they match our actual permitted actions.

galaxy.security.get_permitted_actions(filter=None)[source]

Utility method to return a subset of RBACAgent’s permitted actions

Submodules

galaxy.security.passwords module

galaxy.security.passwords.hash_password(password)[source]

Hash a password, currently will use the PBKDF2 scheme.

galaxy.security.passwords.check_password(guess, hashed)[source]

Check a hashed password. Supports either PBKDF2 if the hash is prefixed with that string, or sha1 otherwise.

galaxy.security.passwords.hash_password_PBKDF2(password)[source]
galaxy.security.passwords.check_password_PBKDF2(guess, hashed)[source]
galaxy.security.passwords.pbkdf2_bin(data, salt, iterations=1000, keylen=24, hashfunc=None)[source]

Returns a binary digest for the PBKDF2 hash algorithm of data with the given salt. It iterates iterations time and produces a key of keylen bytes. By default SHA-1 is used as hash function, a different hashlib hashfunc can be provided.

galaxy.security.validate_user_input module

Utilities for validating inputs related to user objects.

The validate_* methods in this file return simple messages that do not contain user inputs - so these methods do not need to be escaped.

galaxy.security.validate_user_input.validate_email(trans, email, user=None, check_dup=True, allow_empty=False)[source]

Validates the email format, also checks whether the domain is blacklisted in the disposable domains configuration.

galaxy.security.validate_user_input.validate_publicname(trans, publicname, user=None)[source]
galaxy.security.validate_user_input.transform_publicname(trans, publicname, user=None)[source]
galaxy.security.validate_user_input.validate_password(trans, password, confirm)[source]