Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only check access permissions in /api/{history_dataset_collection_id}/contents/{dataset_collection_id} #17444

Merged
merged 3 commits into from
Feb 13, 2024
Merged

Only check access permissions in /api/{history_dataset_collection_id}/contents/{dataset_collection_id} #17444

merged 3 commits into from
Feb 13, 2024

Conversation

ahmedhamidawan
Copy link
Member

Only check ownership in __get_history_collection_instance if:
collection_instance.history.published = False

Fixes #17252
Closes #15917

-

Is this currently the right way to go about this or do we also need to add a published param to the api as well to add context?...

How to test the changes?

(Select all options that apply)

  • I've included appropriate automated tests.
  • This is a refactoring of components with existing test coverage.
  • Instructions for manual testing are as follows:
    1. [add testing steps and prerequisites here if you didn't write automated tests covering all your changes]

License

  • I agree to license these and all my past contributions to the core galaxy codebase under the MIT license.

@ahmedhamidawan
fix published history collections are empty on expand
1e8e885 
Only check ownership in `__get_history_collection_instance` if:
`collection_instance.history.published` = False
@ahmedhamidawan ahmedhamidawan added this to the 23.0 milestone Feb 8, 2024
@ahmedhamidawan ahmedhamidawan changed the base branch from release_23.0 to dev February 8, 2024 19:26
@mvdbeek
Copy link
Member

mvdbeek commented Feb 8, 2024

I don't think you want to target 23.0 ?

@ahmedhamidawan ahmedhamidawan changed the title [23.0] Only check ownership for HDCAs in non-public histories Only check ownership for HDCAs in non-public histories Feb 8, 2024
@ahmedhamidawan ahmedhamidawan removed this from the 23.0 milestone Feb 8, 2024
@ahmedhamidawan
Copy link
Member Author

I don't think you want to target 23.0 ?

Sorry, I changed the base to dev

@ahmedhamidawan
remove check_ownership from dataset_collections.contents
f4d5e9c 
... since this api only needs to `check_accessible` as it is not modifying a collection
mvdbeek
mvdbeek approved these changes Feb 10, 2024
View reviewed changes
Copy link
Member

@mvdbeek mvdbeek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, looks good, thank you! Any chance you could add an API test ?
First part of that test could just look like https://github.com/mvdbeek/galaxy/blob/b7652623b424506363183393795e851476574856/lib/galaxy_test/api/test_dataset_collections.py#L413-L420, and then publish the history with self.dataset_populatior.make_public(history_id) and check that a different user can list the contents ?

@ahmedhamidawan ahmedhamidawan marked this pull request as ready for review February 12, 2024 16:30
@github-actions github-actions bot added this to the 24.0 milestone Feb 12, 2024
@mvdbeek mvdbeek merged commit be90acc into galaxyproject:dev Feb 13, 2024
54 checks passed
@mvdbeek mvdbeek mentioned this pull request Feb 13, 2024
Merged
4 tasks
@mvdbeek mvdbeek changed the title Only check ownership for HDCAs in non-public histories Only check access permissions in /api/{history_dataset_collection_id}/contents/{dataset_collection_id} Feb 13, 2024
@mvdbeek mvdbeek changed the title Only check access permissions in /api/{history_dataset_collection_id}/contents/{dataset_collection_id} Only check access permissions in /api/{history_dataset_collection_id}/contents/{dataset_collection_id} Feb 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mvdbeek mvdbeek mvdbeek approved these changes

Assignees
No one assigned
Labels
area/API area/backend kind/bug
Projects
None yet
Milestone
24.0
Development

Successfully merging this pull request may close these issues.

Rework dataset collection contents API for public histories Published Histories Bugs
2 participants
@ahmedhamidawan @mvdbeek