Re: [galaxy-dev] Fwd: tool restrict access
Hi Jeremy, sorry for bother you again. I do some tests and the problem seems not in the semi-colons (the cheetah manual is not very clear in this sense, I put them but it did not solve the problem), but in the display tag which is simply incorrect in that position, a call to a python script is needed instead. May you suggest me how to sketch a simple python script that prints in the central section of the galaxy window a message like you are not authorized to execute this tool ? In this way maintainers of local instances of Galaxy can change the command section of the xml tools they want to hide like this: command #if $__user_email__ == not_auth.py #else data_source.py $output $__app__.config.output_size_limit #end if /command Cheers, I. Ivan, tool name=UCSC Main id=ucsc_table_direct1 tool_type=data_source descriptiontable browser/description command interpreter=python #if $__user_email__ == displayYou are not authorized to use this tool/display #else data_source.py $output $__app__.config.output_size_limit #end if /command ... and I got the error below, which seems connected to the cheetah syntax. Any idea of what I'm doing wrong? As is tradition in python, you need to put semi-colons after conditionals. E.g. -- #if $__user_email__ == : displayYou are not authorized to use this tool/display #else: data_source.py $output $__app__.config.output_size_limit #end if -- J. ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
Re: [galaxy-dev] Fwd: tool restrict access
May you suggest me how to sketch a simple python script that prints in the central section of the galaxy window a message like you are not authorized to execute this tool ? This isn't possible right now, hence my reference to the open Bitbucket issue regarding this limitation. The best you can do right now is (a) restrict tool access to non-anonymous users or (b) cause the tool not to run by manipulating the command line in the template and, by printing to stderr, cause Galaxy to report the job failed. Best, J.___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
Re: [galaxy-dev] Fwd: tool restrict access
Hi Jeremy, thank you for your answer. I followed your hint modifyng (for example) the ucsc_tablebrowser.xml as follows (not sure about the display tag to have a simple error message, but this is another problem): tool name=UCSC Main id=ucsc_table_direct1 tool_type=data_source descriptiontable browser/description command interpreter=python #if $__user_email__ == displayYou are not authorized to use this tool/display #else data_source.py $output $__app__.config.output_size_limit #end if /command ... and I got the error below, which seems connected to the cheetah syntax. Any idea of what I'm doing wrong? Cheers, I. Traceback (most recent call last): File /home/galaxy/galaxy-dist/lib/galaxy/jobs/runners/local.py, line 58, in run_job job_wrapper.prepare() File /home/galaxy/galaxy-dist/lib/galaxy/jobs/__init__.py, line 411, in prepare self.command_line = self.tool.build_command_line( param_dict ) File /home/galaxy/galaxy-dist/lib/galaxy/tools/__init__.py, line 1691, in build_command_line command_line = fill_template( self.command, context=param_dict ) File /home/galaxy/galaxy-dist/lib/galaxy/util/template.py, line 9, in fill_template return str( Template( source=template_text, searchList=[context] ) ) File /home/galaxy/galaxy-dist/eggs/Cheetah-2.2.2-py2.5-linux-x86_64-ucs4.egg/Cheetah/Template.py, line 1244, in __init__ self._compile(source, file, compilerSettings=compilerSettings) File /home/galaxy/galaxy-dist/eggs/Cheetah-2.2.2-py2.5-linux-x86_64-ucs4.egg/Cheetah/Template.py, line 1538, in _compile keepRefToGeneratedCode=True) File /home/galaxy/galaxy-dist/eggs/Cheetah-2.2.2-py2.5-linux-x86_64-ucs4.egg/Cheetah/Template.py, line 745, in compile compiler.compile() File /home/galaxy/galaxy-dist/eggs/Cheetah-2.2.2-py2.5-linux-x86_64-ucs4.egg/Cheetah/Compiler.py, line 1670, in compile self._parser.parse() File /home/galaxy/galaxy-dist/eggs/Cheetah-2.2.2-py2.5-linux-x86_64-ucs4.egg/Cheetah/Parser.py, line 1496, in parse self.assertEmptyOpenDirectivesStack() File /home/galaxy/galaxy-dist/eggs/Cheetah-2.2.2-py2.5-linux-x86_64-ucs4.egg/Cheetah/Parser.py, line 2658, in assertEmptyOpenDirectivesStack raise ParseError(self, msg=errorMsg) ParseError: Some #directives are missing their corresponding #end ___ tag: if Line 2, column 8 Line|Cheetah Code |- 2 | ^ Ivan, #if $__user_email__ == displayYou are not authorized to use this tool/display #else command interpreter=python data_source.py $output $__app__.config.output_size_limit /command To make this approach work, the email check should go in the command tag. More information: If you're looking to require users to login before using any tools, you can use this flag in the universe config file: # Force everyone to log in (disable anonymous access). #require_login = False If you're looking to implement tool-based access control, the best approach is probably to use the same role-based approach that libraries use: https://bitbucket.org/galaxy/galaxy-central/issue/269/use-galaxy-security-to-restrict-tool Thanks, J. ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
Re: [galaxy-dev] Fwd: tool restrict access
Ivan, tool name=UCSC Main id=ucsc_table_direct1 tool_type=data_source descriptiontable browser/description command interpreter=python #if $__user_email__ == displayYou are not authorized to use this tool/display #else data_source.py $output $__app__.config.output_size_limit #end if /command ... and I got the error below, which seems connected to the cheetah syntax. Any idea of what I'm doing wrong? As is tradition in python, you need to put semi-colons after conditionals. E.g. -- #if $__user_email__ == : displayYou are not authorized to use this tool/display #else: data_source.py $output $__app__.config.output_size_limit #end if -- J. ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
Re: [galaxy-dev] Fwd: tool restrict access
Ivan, #if $__user_email__ == displayYou are not authorized to use this tool/display #else command interpreter=python data_source.py $output $__app__.config.output_size_limit /command To make this approach work, the email check should go in the command tag. More information: If you're looking to require users to login before using any tools, you can use this flag in the universe config file: # Force everyone to log in (disable anonymous access). #require_login = False If you're looking to implement tool-based access control, the best approach is probably to use the same role-based approach that libraries use: https://bitbucket.org/galaxy/galaxy-central/issue/269/use-galaxy-security-to-restrict-tool Thanks, J. ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
[galaxy-dev] Fwd: tool restrict access
Hi, in order to restrict the access of a tool to logged users I'm trying to use Cheetah for editing the xml config file. I was wondering if a solution like the one below should work. Although no errors are reported while loading the tool it does not perform the check on the email address and anonymous users still see the tool. Any ideas of what it's wrong with this solution? Cheers, I. ?xml version=1.0? tool name=RSS site id=rss1 tool_type=data_source descriptionRSS site/description #if $__user_email__ == displayYou are not authorized to use this tool/display #else command interpreter=python data_source.py $output $__app__.config.output_size_limit /command options sanitize=False refresh=True/ #end if /tool Messaggio originale Oggetto: [galaxy-dev] tool restrict access Data: Mon, 02 Jan 2012 18:36:53 +0100 Mittente: Ivan Merelli ivan.mere...@itb.cnr.it A: galaxy-dev@lists.bx.psu.edu galaxy-dev@lists.bx.psu.edu Hi, how can I restrict the access of a Galaxy tool to a specific user in an login free instance of Galaxy? I see a suggestion in this post http://gmod.827538.n3.nabble.com/Galaxy-Tool-permission-Access-td3348890.html but it's really workround, I was seeking for a cleaner solution... Thanks, Ivan ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
