Skip to content

Commit

Permalink
Merge pull request #18192 from ahmedhamidawan/prevent_anon_users_run_…
Browse files Browse the repository at this point in the history
…workflow

[24.0] Prevent anonymous and inactive users from running workflows
  • Loading branch information
nsoranzo authored May 23, 2024
2 parents 1c11fe1 + 538570b commit 7ab7475
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 0 deletions.
3 changes: 3 additions & 0 deletions lib/galaxy/webapps/galaxy/services/workflows.py
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,9 @@ def invoke_workflow(
workflow_id,
payload: InvokeWorkflowPayload,
) -> Union[WorkflowInvocationResponse, List[WorkflowInvocationResponse]]:
if trans.anonymous:
raise exceptions.AuthenticationRequired("You need to be logged in to run workflows.")
trans.check_user_activation()
# Get workflow + accessibility check.
by_stored_id = not payload.instance
stored_workflow = self._workflows_manager.get_stored_accessible_workflow(trans, workflow_id, by_stored_id)
Expand Down
8 changes: 8 additions & 0 deletions lib/galaxy_test/api/test_workflows.py
Original file line number Diff line number Diff line change
Expand Up @@ -5444,6 +5444,14 @@ def test_cannot_run_against_other_users_history(self):
run_workflow_response = self._post(f"workflows/{workflow_id}/invocations", data=workflow_request, json=True)
self._assert_status_code_is(run_workflow_response, 403)

def test_cannot_run_workflow_as_anon(self):
workflow = self.workflow_populator.load_workflow(name="test_for_run_anon_user")
workflow_request, _, workflow_id = self._setup_workflow_run(workflow)
with self._different_user(anon=True):
run_workflow_response = self._post(f"workflows/{workflow_id}/invocations", data=workflow_request, json=True)
self._assert_status_code_is(run_workflow_response, 403)
self._assert_error_code_is(run_workflow_response, error_codes.error_codes_by_name["USER_NO_API_KEY"])

def test_cannot_run_bootstrap_admin_workflow(self):
workflow = self.workflow_populator.load_workflow(name="test_bootstrap_admin_cannot_run")
workflow_request, *_ = self._setup_workflow_run(workflow)
Expand Down

0 comments on commit 7ab7475

Please sign in to comment.