[24.0] Fix anonymous user job retrieval logic

lib/galaxy/managers/jobs.py

@@ -127,13 +127,6 @@ def index_query(
         search = payload.search
         order_by = payload.order_by
 
-        if trans.user is None:
-            # If the user is anonymous we can only return jobs for the current session history
-            if trans.galaxy_session and trans.galaxy_session.current_history_id:
-                history_id = trans.galaxy_session.current_history_id
-            else:
-                return None
-
         def build_and_apply_filters(stmt, objects, filter_func):
             if objects is not None:
                 if isinstance(objects, (str, date, datetime)):
@@ -220,9 +213,14 @@ def add_search_criteria(stmt):
             if user_details:
                 stmt = stmt.outerjoin(Job.user)
         else:
-            if history_id is None and invocation_id is None and implicit_collection_jobs_id is None and trans.user:
-                stmt = stmt.where(Job.user_id == trans.user.id)
-            # caller better check security
+            if history_id is None and invocation_id is None and implicit_collection_jobs_id is None:
+                # If we're not filtering on history, invocation or collection we filter the jobs owned by the current user
+                if trans.user:
+                    stmt = stmt.where(Job.user_id == trans.user.id)
+                elif trans.galaxy_session:
+                    stmt = stmt.where(Job.session_id == trans.galaxy_session.id)
+                else:
+                    return None
 
         stmt = build_and_apply_filters(stmt, payload.states, lambda s: model.Job.state == s)
         stmt = build_and_apply_filters(stmt, payload.tool_ids, lambda t: model.Job.tool_id == t)