diff --git a/lib/galaxy/managers/users.py b/lib/galaxy/managers/users.py index bd739a169ffe..8a3ce9cba072 100644 --- a/lib/galaxy/managers/users.py +++ b/lib/galaxy/managers/users.py @@ -37,6 +37,10 @@ ) from galaxy.model import UserQuotaUsage from galaxy.model.base import transaction +from galaxy.model.repositories.user import ( + get_user_by_email, + get_user_by_username, +) from galaxy.security.validate_user_input import ( VALID_EMAIL_RE, validate_email, @@ -354,7 +358,7 @@ def get_user_by_identity(self, identity): user = None if VALID_EMAIL_RE.match(identity): # VALID_PUBLICNAME and VALID_EMAIL do not overlap, so 'identity' here is an email address - user = self.session().query(self.model_class).filter(self.model_class.table.c.email == identity).first() + user = get_user_by_email(self.session(), identity, self.model_class) if not user: # Try a case-insensitive match on the email user = ( @@ -364,7 +368,7 @@ def get_user_by_identity(self, identity): .first() ) else: - user = self.session().query(self.model_class).filter(self.model_class.table.c.username == identity).first() + user = get_user_by_username(self.session(), identity, self.model_class) return user # ---- current @@ -527,7 +531,7 @@ def __get_activation_token(self, trans, email): """ Check for the activation token. Create new activation token and store it in the database if no token found. """ - user = trans.sa_session.query(self.app.model.User).filter(self.app.model.User.table.c.email == email).first() + user = get_user_by_email(trans.sa_session, email, self.app.model.User) activation_token = user.activation_token if activation_token is None: activation_token = util.hash_util.new_secure_hash_v2(str(random.getrandbits(256))) @@ -571,9 +575,7 @@ def send_reset_email(self, trans, payload, **kwd): return "Failed to produce password reset token. User not found." def get_reset_token(self, trans, email): - reset_user = ( - trans.sa_session.query(self.app.model.User).filter(self.app.model.User.table.c.email == email).first() - ) + reset_user = get_user_by_email(trans.sa_session, email, self.app.model.User) if not reset_user and email != email.lower(): reset_user = ( trans.sa_session.query(self.app.model.User) @@ -617,12 +619,7 @@ def get_or_create_remote_user(self, remote_user_email): return None if getattr(self.app.config, "normalize_remote_user_email", False): remote_user_email = remote_user_email.lower() - user = ( - self.session() - .query(self.app.model.User) - .filter(self.app.model.User.table.c.email == remote_user_email) - .first() - ) + user = get_user_by_email(self.session(), remote_user_email, self.app.model.User) if user: # GVK: June 29, 2009 - This is to correct the behavior of a previous bug where a private # role and default user / history permissions were not set for remote users. When a diff --git a/lib/galaxy/visualization/genomes.py b/lib/galaxy/visualization/genomes.py index 95cbb31b4654..1dacf5e87362 100644 --- a/lib/galaxy/visualization/genomes.py +++ b/lib/galaxy/visualization/genomes.py @@ -6,13 +6,13 @@ from typing import Dict from bx.seq.twobit import TwoBitFile -from sqlalchemy import select from galaxy.exceptions import ( ObjectNotFound, ReferenceDataError, ) from galaxy.model.repositories.hda import HistoryDatasetAssociationRepository as hda_repo +from galaxy.model.repositories.user import get_user_by_username from galaxy.structured_app import StructuredApp from galaxy.util.bunch import Bunch @@ -293,7 +293,7 @@ def chroms(self, trans, dbkey=None, num=None, chrom=None, low=None): # If there is no dbkey owner, default to current user. dbkey_owner, dbkey = decode_dbkey(dbkey) if dbkey_owner: - dbkey_user = self._get_dbkey_user(trans, dbkey_owner) + dbkey_user = get_user_by_username(trans.sa_session, dbkey_owner) else: dbkey_user = trans.user @@ -370,7 +370,7 @@ def reference(self, trans, dbkey, chrom, low, high): # If there is no dbkey owner, default to current user. dbkey_owner, dbkey = decode_dbkey(dbkey) if dbkey_owner: - dbkey_user = self._get_dbkey_user(trans, dbkey_owner) + dbkey_user = get_user_by_username(trans.sa_session, dbkey_owner) else: dbkey_user = trans.user @@ -405,7 +405,3 @@ def _get_reference_data(twobit_file_name, chrom, low, high): if chrom in twobit: seq_data = twobit[chrom].get(int(low), int(high)) return GenomeRegion(chrom=chrom, start=low, end=high, sequence=seq_data) - - def _get_dbkey_user(self, trans, dbkey_owner): - stmt = select(trans.app.model.User).filter_by(username=dbkey_owner).limit(1) - return trans.sa_session.scalars(stmt).first() diff --git a/lib/galaxy/webapps/galaxy/controllers/user.py b/lib/galaxy/webapps/galaxy/controllers/user.py index 193255a0b59a..31a43eb3c31e 100644 --- a/lib/galaxy/webapps/galaxy/controllers/user.py +++ b/lib/galaxy/webapps/galaxy/controllers/user.py @@ -18,6 +18,7 @@ ) from galaxy.exceptions import Conflict from galaxy.managers import users +from galaxy.model.repositories.user import get_user_by_email from galaxy.security.validate_user_input import ( validate_email, validate_publicname, @@ -293,9 +294,7 @@ def activate(self, trans, **kwd): ) else: # Find the user - user = ( - trans.sa_session.query(trans.app.model.User).filter(trans.app.model.User.table.c.email == email).first() - ) + user = get_user_by_email(trans.sa_session, email) if not user: # Probably wrong email address return trans.show_error_message( diff --git a/lib/galaxy/webapps/galaxy/services/quotas.py b/lib/galaxy/webapps/galaxy/services/quotas.py index 292ebd424161..33b3a7b1b720 100644 --- a/lib/galaxy/webapps/galaxy/services/quotas.py +++ b/lib/galaxy/webapps/galaxy/services/quotas.py @@ -6,7 +6,7 @@ from galaxy.managers.quotas import QuotaManager from galaxy.model.repositories.group import GroupRepository from galaxy.model.repositories.quota import QuotaRepository -from galaxy.model.repositories.user import UserRepository +from galaxy.model.repositories.user import get_user_by_email from galaxy.quota._schema import ( CreateQuotaParams, CreateQuotaResult, @@ -118,7 +118,7 @@ def get_user_id(item): try: return trans.security.decode_id(item) except Exception: - return user_repo.get_by_email(item).id + return get_user_by_email(trans.sa_session, item).id def get_group_id(item): try: @@ -129,7 +129,6 @@ def get_group_id(item): new_in_users = [] new_in_groups = [] invalid = [] - user_repo = UserRepository(trans.sa_session) group_repo = GroupRepository(trans.sa_session) for item in util.listify(payload.get("in_users", [])): try: diff --git a/lib/galaxy/webapps/reports/controllers/jobs.py b/lib/galaxy/webapps/reports/controllers/jobs.py index 791485ef256f..c6e64fe068d8 100644 --- a/lib/galaxy/webapps/reports/controllers/jobs.py +++ b/lib/galaxy/webapps/reports/controllers/jobs.py @@ -18,7 +18,6 @@ and_, not_, or_, - select, ) from galaxy import ( @@ -26,6 +25,7 @@ util, ) from galaxy.model.repositories.job import JobRepository +from galaxy.model.repositories.user import get_user_by_email from galaxy.web.legacy_framework import grids from galaxy.webapps.base.controller import ( BaseUIController, @@ -1306,8 +1306,7 @@ def get_monitor_id(trans, monitor_email): A convenience method to obtain the monitor job id. """ monitor_user_id = None - stmt = select(trans.model.User.id).filter(trans.model.User.email == monitor_email).limit(1) - monitor_row = trans.sa_session.scalars(stmt).first() + monitor_row = get_user_by_email(trans.sa_session, monitor_email) if monitor_row is not None: monitor_user_id = monitor_row[0] return monitor_user_id diff --git a/lib/tool_shed/webapp/model/repositories.py b/lib/tool_shed/webapp/model/repositories.py deleted file mode 100644 index 67f83430e389..000000000000 --- a/lib/tool_shed/webapp/model/repositories.py +++ /dev/null @@ -1,9 +0,0 @@ -from sqlalchemy import select -from tool_shed.webapp.model import User - - -class UserRepository: - - def get_by_username(self, session, username: str): - stmt = select(User).filter(User.username == username).limit(1) - return session.scalars(stmt).first() diff --git a/test/integration/test_user_preferences.py b/test/integration/test_user_preferences.py index 84dd304b643c..e6f758a3600e 100644 --- a/test/integration/test_user_preferences.py +++ b/test/integration/test_user_preferences.py @@ -7,8 +7,8 @@ get, put, ) -from sqlalchemy import select +from galaxy.model.repositories.user import get_user_by_email from galaxy_test.driver import integration_util TEST_USER_EMAIL = "test_user_preferences@bx.psu.edu" @@ -19,8 +19,8 @@ def test_user_theme(self): user = self._setup_user(TEST_USER_EMAIL) url = self._api_url(f"users/{user['id']}/theme/test_theme", params=dict(key=self.master_api_key)) app = cast(Any, self._test_driver.app if self._test_driver else None) - stmt = select(app.model.User).filter(app.model.User.email == user["email"]).limit(1) - db_user = app.model.session.scalars(stmt).first() + + db_user = get_user_by_email(app.model.session, user["email"]) # create some initial data put(url) diff --git a/test/integration/test_vault_extra_prefs.py b/test/integration/test_vault_extra_prefs.py index 4599d2decbe5..b1ad24643766 100644 --- a/test/integration/test_vault_extra_prefs.py +++ b/test/integration/test_vault_extra_prefs.py @@ -9,8 +9,8 @@ get, put, ) -from sqlalchemy import select +from galaxy.model.repositories.user import get_user_by_email from galaxy_test.driver import integration_util TEST_USER_EMAIL = "vault_test_user@bx.psu.edu" @@ -133,5 +133,4 @@ def __url(self, action, user): return self._api_url(f"users/{user['id']}/{action}", params=dict(key=self.master_api_key)) def _get_dbuser(self, app, user): - stmt = select(app.model.User).filter(app.model.User.email == user["email"]).limit(1) - return app.model.session.scalars(stmt).first() + return get_user_by_email(app.model.session, user["email"]) diff --git a/test/integration/test_vault_file_source.py b/test/integration/test_vault_file_source.py index ab6295058ff9..af58c069de4a 100644 --- a/test/integration/test_vault_file_source.py +++ b/test/integration/test_vault_file_source.py @@ -1,8 +1,7 @@ import os import tempfile -from sqlalchemy import select - +from galaxy.model.repositories.user import get_user_by_email from galaxy.security.vault import UserVaultWrapper from galaxy_test.base import api_asserts from galaxy_test.base.populators import DatasetPopulator @@ -36,7 +35,7 @@ def test_vault_secret_per_user_in_file_source(self): app = self._app with self._different_user(email=self.USER_1_APP_VAULT_ENTRY): - user = self._get_user_by_email(self.USER_1_APP_VAULT_ENTRY) + user = get_user_by_email(self._app.model.session, self.USER_1_APP_VAULT_ENTRY) user_vault = UserVaultWrapper(app.vault, user) # use a valid symlink path so the posix list succeeds user_vault.write_secret("posix/root_path", app.config.user_library_import_symlink_allowlist[0]) @@ -48,7 +47,7 @@ def test_vault_secret_per_user_in_file_source(self): print(remote_files) with self._different_user(email=self.USER_2_APP_VAULT_ENTRY): - user = self._get_user_by_email(self.USER_2_APP_VAULT_ENTRY) + user = get_user_by_email(self._app.model.session, self.USER_2_APP_VAULT_ENTRY) user_vault = UserVaultWrapper(app.vault, user) # use an invalid symlink path so the posix list fails user_vault.write_secret("posix/root_path", "/invalid/root") @@ -69,7 +68,7 @@ def test_vault_secret_per_app_in_file_source(self): app.vault.write_secret("posix/root_path", app.config.user_library_import_symlink_allowlist[0]) with self._different_user(email=self.USER_1_APP_VAULT_ENTRY): - user = self._get_user_by_email(self.USER_1_APP_VAULT_ENTRY) + user = get_user_by_email(self._app.model.session, self.USER_1_APP_VAULT_ENTRY) user_vault = UserVaultWrapper(app.vault, user) # use a valid symlink path so the posix list succeeds user_vault.write_secret("posix/root_path", app.config.user_library_import_symlink_allowlist[0]) @@ -81,7 +80,7 @@ def test_vault_secret_per_app_in_file_source(self): print(remote_files) with self._different_user(email=self.USER_2_APP_VAULT_ENTRY): - user = self._get_user_by_email(self.USER_2_APP_VAULT_ENTRY) + user = get_user_by_email(self._app.model.session, self.USER_2_APP_VAULT_ENTRY) user_vault = UserVaultWrapper(app.vault, user) # use an invalid symlink path so the posix list would fail if used user_vault.write_secret("posix/root_path", "/invalid/root") @@ -95,7 +94,7 @@ def test_vault_secret_per_app_in_file_source(self): def test_upload_file_from_remote_source(self): with self._different_user(email=self.USER_1_APP_VAULT_ENTRY): app = self._app - user = self._get_user_by_email(self.USER_1_APP_VAULT_ENTRY) + user = get_user_by_email(self._app.model.session, self.USER_1_APP_VAULT_ENTRY) user_vault = UserVaultWrapper(app.vault, user) # use a valid symlink path so the posix list succeeds user_vault.write_secret("posix/root_path", app.config.user_library_import_symlink_allowlist[0]) @@ -120,7 +119,3 @@ def test_upload_file_from_remote_source(self): new_dataset = self.dataset_populator.fetch(payload, assert_ok=True).json()["outputs"][0] content = self.dataset_populator.get_history_dataset_content(history_id, dataset=new_dataset) assert content == "I require access to the vault", content - - def _get_user_by_email(self, email): - stmt = select(self._app.model.User).filter(self._app.model.User.email == email).limit(1) - return self._app.model.session.scalars(stmt).first()