Loading lib/galaxy/managers/roles.py +3 −10 Original line number Diff line number Diff line Loading @@ -5,10 +5,7 @@ Manager and Serializer for Roles. import logging from typing import List from sqlalchemy import ( false, select, ) from sqlalchemy import select from sqlalchemy.exc import ( MultipleResultsFound, NoResultFound, Loading @@ -26,6 +23,7 @@ from galaxy.managers import base from galaxy.managers.context import ProvidesUserContext from galaxy.model import Role from galaxy.model.base import transaction from galaxy.model.db.role import get_displayable_roles from galaxy.schema.schema import RoleDefinitionModel from galaxy.util import unicodify Loading Loading @@ -71,12 +69,7 @@ class RoleManager(base.ModelManager[model.Role]): return role def list_displayable_roles(self, trans: ProvidesUserContext) -> List[Role]: roles = [] stmt = select(Role).where(Role.deleted == false()) for role in trans.sa_session.scalars(stmt): if trans.user_is_admin or trans.app.security_agent.ok_to_display(trans.user, role): roles.append(role) return roles return get_displayable_roles(trans.sa_session, trans.user, trans.user_is_admin, trans.app.security_agent) def create_role(self, trans: ProvidesUserContext, role_definition_model: RoleDefinitionModel) -> model.Role: name = role_definition_model.name Loading lib/galaxy/model/db/role.py +9 −0 Original line number Diff line number Diff line Loading @@ -41,3 +41,12 @@ def get_private_user_role(user, session): def get_roles_by_ids(session: galaxy_scoped_session, role_ids): stmt = select(Role).where(Role.id.in_(role_ids)) return session.scalars(stmt).all() def get_displayable_roles(session, trans_user, user_is_admin, security_agent): roles = [] stmt = select(Role).where(Role.deleted == false()) for role in session.scalars(stmt): if user_is_admin or security_agent.ok_to_display(trans_user, role): roles.append(role) return roles test/unit/data/model/db/test_role.py +20 −0 Original line number Diff line number Diff line from galaxy.model import Role from galaxy.model.db.role import ( get_displayable_roles, get_npns_roles, get_private_user_role, get_roles_by_ids, Loading Loading @@ -139,3 +140,22 @@ def test_get_valid_roles_exposed(session, make_user_and_role, make_user, make_ro search_query = "admin role%" roles = _get_valid_roles_exposed(session, search_query, is_admin, limit, page, page_limit) assert len(roles) == 0 def test_get_displayable_roles(session, make_role, make_user_and_role): # make users with private roles user1, private_role1 = make_user_and_role(email="user1@example.com") user2, private_role2 = make_user_and_role(email="user2@example.com") # make 2 non-private roles, one is deleted, so it should not be returned admin_role1 = make_role(type="admin", name="admin-role-1", description="Description of admin-role1") make_role(type="admin", description="Description of admin-role1", deleted=True) user_is_admin, security_agent = True, None roles = get_displayable_roles(session, user1, user_is_admin, security_agent) assert len(roles) == 3 assert roles[0].id == private_role1.id assert roles[1].id == private_role2.id assert roles[2].id == admin_role1.id assert roles[0].name == "private role" assert roles[1].name == "private role" assert roles[2].name == "admin-role-1" Loading
lib/galaxy/managers/roles.py +3 −10 Original line number Diff line number Diff line Loading @@ -5,10 +5,7 @@ Manager and Serializer for Roles. import logging from typing import List from sqlalchemy import ( false, select, ) from sqlalchemy import select from sqlalchemy.exc import ( MultipleResultsFound, NoResultFound, Loading @@ -26,6 +23,7 @@ from galaxy.managers import base from galaxy.managers.context import ProvidesUserContext from galaxy.model import Role from galaxy.model.base import transaction from galaxy.model.db.role import get_displayable_roles from galaxy.schema.schema import RoleDefinitionModel from galaxy.util import unicodify Loading Loading @@ -71,12 +69,7 @@ class RoleManager(base.ModelManager[model.Role]): return role def list_displayable_roles(self, trans: ProvidesUserContext) -> List[Role]: roles = [] stmt = select(Role).where(Role.deleted == false()) for role in trans.sa_session.scalars(stmt): if trans.user_is_admin or trans.app.security_agent.ok_to_display(trans.user, role): roles.append(role) return roles return get_displayable_roles(trans.sa_session, trans.user, trans.user_is_admin, trans.app.security_agent) def create_role(self, trans: ProvidesUserContext, role_definition_model: RoleDefinitionModel) -> model.Role: name = role_definition_model.name Loading
lib/galaxy/model/db/role.py +9 −0 Original line number Diff line number Diff line Loading @@ -41,3 +41,12 @@ def get_private_user_role(user, session): def get_roles_by_ids(session: galaxy_scoped_session, role_ids): stmt = select(Role).where(Role.id.in_(role_ids)) return session.scalars(stmt).all() def get_displayable_roles(session, trans_user, user_is_admin, security_agent): roles = [] stmt = select(Role).where(Role.deleted == false()) for role in session.scalars(stmt): if user_is_admin or security_agent.ok_to_display(trans_user, role): roles.append(role) return roles
test/unit/data/model/db/test_role.py +20 −0 Original line number Diff line number Diff line from galaxy.model import Role from galaxy.model.db.role import ( get_displayable_roles, get_npns_roles, get_private_user_role, get_roles_by_ids, Loading Loading @@ -139,3 +140,22 @@ def test_get_valid_roles_exposed(session, make_user_and_role, make_user, make_ro search_query = "admin role%" roles = _get_valid_roles_exposed(session, search_query, is_admin, limit, page, page_limit) assert len(roles) == 0 def test_get_displayable_roles(session, make_role, make_user_and_role): # make users with private roles user1, private_role1 = make_user_and_role(email="user1@example.com") user2, private_role2 = make_user_and_role(email="user2@example.com") # make 2 non-private roles, one is deleted, so it should not be returned admin_role1 = make_role(type="admin", name="admin-role-1", description="Description of admin-role1") make_role(type="admin", description="Description of admin-role1", deleted=True) user_is_admin, security_agent = True, None roles = get_displayable_roles(session, user1, user_is_admin, security_agent) assert len(roles) == 3 assert roles[0].id == private_role1.id assert roles[1].id == private_role2.id assert roles[2].id == admin_role1.id assert roles[0].name == "private role" assert roles[1].name == "private role" assert roles[2].name == "admin-role-1"
