Galaxy Security

class, description, model)[source]

Bases: object

__init__(action, description, model)[source]

Bases: object

Class that handles galaxy security

permitted_actions = <galaxy.util.bunch.Bunch object>
get_action(name, default=None)[source]

Get a permitted action by its dict key or action name


Get all permitted actions as a list of Action objects

get_item_actions(action, item)[source]
can_access_dataset(roles, dataset)[source]
can_manage_dataset(roles, dataset)[source]
can_access_library(roles, library)[source]
can_add_library_item(roles, item)[source]
can_modify_library_item(roles, item)[source]
can_manage_library_item(roles, item)[source]
user_set_default_permissions(user, permissions={}, history=False, dataset=False)[source]
history_set_default_permissions(history, permissions=None, dataset=False, bypass_manage_permission=False)[source]
set_all_dataset_permissions(dataset, permissions, new=False)[source]
set_dataset_permission(dataset, permission)[source]
set_all_library_permissions(trans, dataset, permissions)[source]
set_library_item_permission(library_item, permission)[source]
get_accessible_libraries(trans, user)[source]
get_permitted_libraries(trans, user, actions)[source]
make_folder_public(folder, count=0)[source]
get_all_roles(trans, cntrller)[source]
get_legitimate_roles(trans, item, cntrller)[source]
derive_roles_from_access(trans, item_id, cntrller, library=False, **kwd)[source]

When getting permitted actions from an untrusted source like a form, ensure that they match our actual permitted actions.[source]

Utility method to return a subset of RBACAgent’s permitted actions

Submodules module


Bases: object

encode_id(obj_id, kind=None)[source]
encode_dict_ids(a_dict, kind=None, skip_startswith=None)[source]

Encode all ids in dictionary. Ids are identified by (a) an ‘id’ key or (b) a key that ends with ‘_id’

encode_all_ids(rval, recursive=False)[source]

Encodes all integer values in the dict rval whose keys are ‘id’ or end with ‘_id’ excluding tool_id which are consumed and produced as is via the API.

decode_id(obj_id, kind=None)[source]
get_new_guid()[source] module[source]

Hash a password, currently will use the PBKDF2 scheme., hashed)[source]

Check a hashed password. Supports either PBKDF2 if the hash is prefixed with that string, or sha1 otherwise.[source], hashed)[source], salt, iterations=100000, keylen=24, hashfunc='sha256')[source]

Returns a binary digest for the PBKDF2 hash algorithm of data with the given salt. It iterates iterations time and produces a key of keylen bytes. By default SHA-256 is used as hash function, a different hashlib hashfunc can be provided. module

Utilities for validating inputs related to user objects.

The validate_* methods in this file return simple messages that do not contain user inputs - so these methods do not need to be escaped.[source]

Validates a string containing an email address.[source][source]

Validates a string containing a public username., email, user=None, check_dup=True, allow_empty=False)[source]

Validates the email format, also checks whether the domain is blacklisted in the disposable domains configuration., publicname, user=None)[source]

Check that publicname respects the minimum and maximum string length, the allowed characters, and that the username is not taken already.[source]

Transform publicname to respect the minimum and maximum string length, and the allowed characters. FILL_CHAR is used to extend or replace characters., password, confirm)[source]