Merge pull request #20524 from bernt-matthias/users (a55b61c5) · Commits · NDIP / Galaxy

lib/galaxy/webapps/galaxy/services/users.py

+5 −4

Original line number	Diff line number	Diff line
		@@ -202,6 +202,10 @@ class UsersService(ServiceBase):
		f_name: Optional[str],
		f_any: Optional[str],
		) -> List[MaybeLimitedUserModel]:
		# never give any info to non-authenticated users
		if not trans.user:
		raise glx_exceptions.AuthenticationRequired("Only registered users can view the list of users")

		# check for early return conditions
		if deleted:
		if not trans.user_is_admin:
		@@ -216,10 +220,7 @@ class UsersService(ServiceBase):
		and not trans.app.config.expose_user_name
		and not trans.app.config.expose_user_email
		):
		if trans.user:
		return [UserModel(**trans.user.to_dict())]
		else:
		return []

		users = get_users_for_index(
		trans.sa_session,

+5 −0

Original line number	Diff line number	Diff line
		@@ -47,6 +47,11 @@ class TestUsersApi(ApiTestCase):
		all_deleted_users = all_deleted_users_response_2.json()
		assert len([u for u in all_deleted_users if u["email"] == TEST_USER_EMAIL_INDEX_DELETED]) == 1

		def test_index_anon(self):
		with self._different_user(anon=True):
		all_users_response = self._get("users")
		self._assert_status_code_is(all_users_response, 403)

		@requires_new_user
		def test_index_only_self_for_nonadmins(self):
		self._setup_user(TEST_USER_EMAIL)