Loading lib/galaxy/webapps/galaxy/controllers/page.py +3 −1 Original line number Diff line number Diff line Loading @@ -377,8 +377,9 @@ class PageController(BaseUIController, SharableMixin, UsesStoredWorkflowMixin, U operation = kwargs["operation"].lower() ids = util.listify(kwargs["id"]) for id in ids: item = session.query(model.Page).get(self.decode_id(id)) if operation == "delete": item = session.query(model.Page).get(self.decode_id(id)) self.security_check(trans, item, check_ownership=True) item.deleted = True session.flush() Loading Loading @@ -485,6 +486,7 @@ class PageController(BaseUIController, SharableMixin, UsesStoredWorkflowMixin, U decoded_id = self.decode_id(id) user = trans.get_user() p = trans.sa_session.query(model.Page).get(decoded_id) p = self.security_check(trans, p, check_ownership=True) if trans.request.method == "GET": if p.slug is None: self.slug_builder.create_item_slug(trans.sa_session, p) Loading lib/galaxy/webapps/galaxy/controllers/visualization.py +3 −3 Original line number Diff line number Diff line Loading @@ -358,8 +358,8 @@ class VisualizationController( operation = kwargs["operation"].lower() ids = util.listify(kwargs["id"]) for id in ids: item = session.query(model.Visualization).get(self.decode_id(id)) if operation == "delete": item = self.get_visualization(trans, id) item.deleted = True if operation == "copy": self.copy(trans, **kwargs) Loading Loading @@ -400,7 +400,7 @@ class VisualizationController( @web.expose @web.require_login() def copy(self, trans, id, **kwargs): visualization = self.get_visualization(trans, id, check_ownership=False) visualization = self.get_visualization(trans, id, check_ownership=False, check_accessible=True) user = trans.get_user() owner = visualization.user == user new_title = f"Copy of '{visualization.title}'" Loading Loading @@ -463,7 +463,7 @@ class VisualizationController( # Do import. session = trans.sa_session visualization = self.get_visualization(trans, id, check_ownership=False) visualization = self.get_visualization(trans, id, check_ownership=False, check_accessible=True) if visualization.importable is False: return trans.show_error_message( f"The owner of this visualization has disabled imports via this link.<br>You can {referer_message}", Loading Loading
lib/galaxy/webapps/galaxy/controllers/page.py +3 −1 Original line number Diff line number Diff line Loading @@ -377,8 +377,9 @@ class PageController(BaseUIController, SharableMixin, UsesStoredWorkflowMixin, U operation = kwargs["operation"].lower() ids = util.listify(kwargs["id"]) for id in ids: item = session.query(model.Page).get(self.decode_id(id)) if operation == "delete": item = session.query(model.Page).get(self.decode_id(id)) self.security_check(trans, item, check_ownership=True) item.deleted = True session.flush() Loading Loading @@ -485,6 +486,7 @@ class PageController(BaseUIController, SharableMixin, UsesStoredWorkflowMixin, U decoded_id = self.decode_id(id) user = trans.get_user() p = trans.sa_session.query(model.Page).get(decoded_id) p = self.security_check(trans, p, check_ownership=True) if trans.request.method == "GET": if p.slug is None: self.slug_builder.create_item_slug(trans.sa_session, p) Loading
lib/galaxy/webapps/galaxy/controllers/visualization.py +3 −3 Original line number Diff line number Diff line Loading @@ -358,8 +358,8 @@ class VisualizationController( operation = kwargs["operation"].lower() ids = util.listify(kwargs["id"]) for id in ids: item = session.query(model.Visualization).get(self.decode_id(id)) if operation == "delete": item = self.get_visualization(trans, id) item.deleted = True if operation == "copy": self.copy(trans, **kwargs) Loading Loading @@ -400,7 +400,7 @@ class VisualizationController( @web.expose @web.require_login() def copy(self, trans, id, **kwargs): visualization = self.get_visualization(trans, id, check_ownership=False) visualization = self.get_visualization(trans, id, check_ownership=False, check_accessible=True) user = trans.get_user() owner = visualization.user == user new_title = f"Copy of '{visualization.title}'" Loading Loading @@ -463,7 +463,7 @@ class VisualizationController( # Do import. session = trans.sa_session visualization = self.get_visualization(trans, id, check_ownership=False) visualization = self.get_visualization(trans, id, check_ownership=False, check_accessible=True) if visualization.importable is False: return trans.show_error_message( f"The owner of this visualization has disabled imports via this link.<br>You can {referer_message}", Loading
