diff --git a/lib/galaxy/webapps/galaxy/api/histories.py b/lib/galaxy/webapps/galaxy/api/histories.py index 812634fd9352..6c28784c4cdc 100644 --- a/lib/galaxy/webapps/galaxy/api/histories.py +++ b/lib/galaxy/webapps/galaxy/api/histories.py @@ -348,6 +348,7 @@ def create(self, trans, payload, **kwd): else: new_history = self.manager.create(user=trans.user, name=hist_name) + trans.app.security_agent.history_set_default_permissions(new_history) trans.sa_session.add(new_history) trans.sa_session.flush() diff --git a/lib/galaxy_test/api/test_history_contents.py b/lib/galaxy_test/api/test_history_contents.py index e959fc63bae3..65c0f9aa3046 100644 --- a/lib/galaxy_test/api/test_history_contents.py +++ b/lib/galaxy_test/api/test_history_contents.py @@ -128,13 +128,18 @@ def _verify_dataset_permissions(self, api_endpoint): def _assert_other_user_cannot_access(self, history_content_id): with self._different_user(): - contents_response = self._get(f"histories/{self.history_id}/contents/{history_content_id}").json() - assert "name" not in contents_response + contents_response = self.dataset_populator.get_history_dataset_details_raw( + history_id=self.history_id, dataset_id=history_content_id + ) + assert contents_response.status_code == 403 def _assert_other_user_can_access(self, history_content_id): with self._different_user(): - contents_response = self._get(f"histories/{self.history_id}/contents/{history_content_id}").json() - assert "name" in contents_response + contents_response = self.dataset_populator.get_history_dataset_details_raw( + history_id=self.history_id, dataset_id=history_content_id + ) + contents_response.raise_for_status() + assert "name" in contents_response.json() def test_index_hda_all_details(self): hda1 = self._new_dataset(self.history_id) diff --git a/lib/galaxy_test/base/api.py b/lib/galaxy_test/base/api.py index 4e9d862dffbb..a9c4fdbcd5d9 100644 --- a/lib/galaxy_test/base/api.py +++ b/lib/galaxy_test/base/api.py @@ -62,8 +62,8 @@ def _setup_user_get_key(self, email, password=None, is_admin=True): def _different_user(self, email=OTHER_USER): """ Use in test cases to switch get/post operations to act as new user, - with self._different_user( "other_user@bx.psu.edu" ): - self._get( "histories" ) # Gets other_user@bx.psu.edu histories. + with self._different_user("other_user@bx.psu.edu"): + self._get("histories") # Gets other_user@bx.psu.edu histories. """ original_api_key = self.user_api_key original_interactor_key = self.galaxy_interactor.api_key diff --git a/lib/galaxy_test/base/populators.py b/lib/galaxy_test/base/populators.py index 625719c05d3d..4c29b96d3526 100644 --- a/lib/galaxy_test/base/populators.py +++ b/lib/galaxy_test/base/populators.py @@ -443,10 +443,14 @@ def get_history_dataset_content(self, history_id, wait=True, filename=None, type def get_history_dataset_details(self, history_id, **kwds): dataset_id = self.__history_content_id(history_id, **kwds) - details_response = self._get_contents_request(history_id, "/datasets/%s" % dataset_id) - assert details_response.status_code == 200 + details_response = self.get_history_dataset_details_raw(history_id, dataset_id) + details_response.raise_for_status() return details_response.json() + def get_history_dataset_details_raw(self, history_id, dataset_id): + details_response = self._get_contents_request(history_id, f"/datasets/{dataset_id}") + return details_response + def get_history_dataset_extra_files(self, history_id, **kwds): dataset_id = self.__history_content_id(history_id, **kwds) details_response = self._get_contents_request(history_id, "/%s/extra_files" % dataset_id) diff --git a/test/integration/test_default_permissions.py b/test/integration/test_default_permissions.py new file mode 100644 index 000000000000..cf6287b0b741 --- /dev/null +++ b/test/integration/test_default_permissions.py @@ -0,0 +1,36 @@ +from galaxy_test.base.populators import ( + DatasetPopulator +) +from galaxy_test.driver import integration_util + + +class DefaultPermissionsIntegrationTestCase(integration_util.IntegrationTestCase): + expected_access_status_code = 200 + + def setUp(self): + super().setUp() + self.dataset_populator = DatasetPopulator(self.galaxy_interactor) + self.history_id = self.dataset_populator.new_history() + + @classmethod + def handle_galaxy_config_kwds(cls, config): + if hasattr(cls, "new_user_dataset_access_role_default_private"): + config["new_user_dataset_access_role_default_private"] = cls.new_user_dataset_access_role_default_private + + def test_setting(self): + hda = self.dataset_populator.new_dataset(self.history_id, wait=True) + with self._different_user(): + details_response = self.dataset_populator.get_history_dataset_details_raw( + history_id=self.history_id, dataset_id=hda["id"] + ) + assert details_response.status_code == self.expected_access_status_code, details_response.content + + +class PrivateDefaultPermissionsIntegrationTestCase(DefaultPermissionsIntegrationTestCase): + new_user_dataset_access_role_default_private = True + expected_access_status_code = 403 + + +class PublicDefaultPermissionsIntegrationTestCase(DefaultPermissionsIntegrationTestCase): + new_user_dataset_access_role_default_private = False + expected_access_status_code = 200