Merge pull request #6176 from dannon/user_grid_impersonate

Add impersonate to main user grid when it's enabled

client/galaxy/scripts/apps/admin.js

@@ -9,7 +9,6 @@ import QueryStringParsing from "utils/query-string-parsing";
 import Router from "layout/router";
 import Utils from "utils/utils";
 import Page from "layout/page";
-import UserAPIKeys from "components/admin/UserAPIKeys.vue";
 import DataTables from "components/admin/DataTables.vue";
 import Vue from "vue";
 
@@ -28,7 +27,6 @@ window.app = function app(options, bootstrapped) {
             "(/)admin(/)repositories": "show_repositories",
             "(/)admin(/)forms": "show_forms",
             "(/)admin(/)form(/)(:form_id)": "show_form",
-            "(/)admin/api_keys": "show_user_api_keys",
             "(/)admin/data_tables": "show_data_tables"
         },
 
@@ -90,12 +88,6 @@ window.app = function app(options, bootstrapped) {
             );
         },
 
-        show_user_api_keys: function() {
-            var vueMount = document.createElement("div");
-            this.page.display(vueMount);
-            new Vue(UserAPIKeys).$mount(vueMount);
-        },
-
         show_data_tables: function() {
             var vueMount = document.createElement("div");
             this.page.display(vueMount);

client/galaxy/scripts/apps/panels/admin-panel.js

@@ -82,12 +82,6 @@ var AdminPanel = Backbone.View.extend({
                         url: "admin/api_keys",
                         target: "__use_router__",
                         id: "admin-link-api-keys"
-                    },
-                    {
-                        title: _l("Impersonate a user"),
-                        url: "admin/impersonate",
-                        enabled: self.config.allow_user_impersonation,
-                        id: "admin-link-impersonate"
                     }
                 ]
             },

lib/galaxy/webapps/galaxy/controllers/admin.py

@@ -97,6 +97,13 @@ def get_value(self, trans, grid, user):
             else:
                 return 'N'
 
+    class APIKeyColumn(grids.GridColumn):
+        def get_value(self, trans, grid, user):
+            if user.api_keys:
+                return user.api_keys[0].key
+            else:
+                return ""
+
     # Grid definition
     title = "Users"
     title_id = "users-grid"
@@ -122,6 +129,7 @@ def get_value(self, trans, grid, user):
         StatusColumn("Status", attach_popup=False),
         TimeCreatedColumn("Created", attach_popup=False),
         ActivatedColumn("Activated", attach_popup=False),
+        APIKeyColumn("API Key", attach_popup=False),
         # Columns that are valid for filtering but are not visible.
         grids.DeletedColumn("Deleted", key="deleted", visible=False, filterable="advanced")
     ]
@@ -149,7 +157,11 @@ def get_value(self, trans, grid, user):
                             target="top"),
         grids.GridOperation("Recalculate Disk Usage",
                             condition=(lambda item: not item.deleted),
-                            allow_multiple=False)
+                            allow_multiple=False),
+        grids.GridOperation("Generate New API Key",
+                            allow_multiple=False,
+                            async_compatible=True)
+
     ]
     standard_filters = [
         grids.GridColumnFilter("Active", args=dict(deleted=False)),
@@ -517,6 +529,11 @@ class AdminGalaxy(controller.JSAppLauncher, AdminActions, UsesQuotaMixin, QuotaP
     delete_operation = grids.GridOperation("Delete", condition=(lambda item: not item.deleted), allow_multiple=True)
     undelete_operation = grids.GridOperation("Undelete", condition=(lambda item: item.deleted and not item.purged), allow_multiple=True)
     purge_operation = grids.GridOperation("Purge", condition=(lambda item: item.deleted and not item.purged), allow_multiple=True)
+    impersonate_operation = grids.GridOperation(
+        "Impersonate",
+        url_args=dict(controller="admin", action="impersonate"),
+        allow_multiple=False
+    )
 
     @web.expose
     @web.require_admin
@@ -576,13 +593,18 @@ def users_list(self, trans, **kwd):
                 message, status = self._purge_user(trans, ids)
             elif operation == 'recalculate disk usage':
                 message, status = self._recalculate_user(trans, id)
+            elif operation == 'generate new api key':
+                message, status = self._new_user_apikey(trans, id)
         if trans.app.config.allow_user_deletion:
             if self.delete_operation not in self.user_list_grid.operations:
                 self.user_list_grid.operations.append(self.delete_operation)
             if self.undelete_operation not in self.user_list_grid.operations:
                 self.user_list_grid.operations.append(self.undelete_operation)
             if self.purge_operation not in self.user_list_grid.operations:
                 self.user_list_grid.operations.append(self.purge_operation)
+        if trans.app.config.allow_user_impersonation:
+            if self.impersonate_operation not in self.user_list_grid.operations:
+                self.user_list_grid.operations.append(self.impersonate_operation)
         if message and status:
             kwd['message'] = util.sanitize_text(message)
             kwd['status'] = status
@@ -788,25 +810,23 @@ def set_quota_default(self, trans, payload=None, **kwd):
 
     @web.expose
     @web.require_admin
-    def impersonate(self, trans, email=None, **kwd):
+    def impersonate(self, trans, **kwd):
         if not trans.app.config.allow_user_impersonation:
             return trans.show_error_message("User impersonation is not enabled in this instance of Galaxy.")
-        message = ''
-        status = 'done'
-        emails = None
-        if email is not None:
-            user = trans.sa_session.query(trans.app.model.User).filter_by(email=email).first()
-            if user:
-                trans.handle_user_logout()
-                trans.handle_user_login(user)
-                message = 'You are now logged in as %s, <a target="_top" href="%s">return to the home page</a>' % (email, url_for(controller='root'))
-                emails = []
-            else:
-                message = 'Invalid user selected'
-                status = 'error'
-        if emails is None:
-            emails = [u.email for u in trans.sa_session.query(trans.app.model.User).enable_eagerloads(False).all()]
-        return trans.fill_template('admin/impersonate.mako', emails=emails, message=message, status=status)
+        user = None
+        user_id = kwd.get('id', None)
+        if user_id is not None:
+            try:
+                user = trans.sa_session.query(trans.app.model.User).get(trans.security.decode_id(user_id))
+                if user:
+                    trans.handle_user_logout()
+                    trans.handle_user_login(user)
+                    return trans.show_message('You are now logged in as %s, <a target="_top" href="%s">return to the home page</a>' % (user.email, url_for(controller='root')), use_panels=True)
+            except Exception:
+                log.exception("Error fetching user for impersonation")
+        return trans.response.send_redirect(web.url_for(controller='admin',
+                                                        action='users',
+                                                        message="Invalid user selected", status="error"))
 
     def check_for_tool_dependencies(self, trans, migration_stage):
         # Get the 000x_tools.xml file associated with migration_stage.
@@ -1545,6 +1565,18 @@ def _recalculate_user(self, trans, user_id):
             message = 'Usage has changed by %s to %s.' % (nice_size(new - current), nice_size(new))
         return (message, 'done')
 
+    def _new_user_apikey(self, trans, user_id):
+        user = trans.sa_session.query(trans.model.User).get(trans.security.decode_id(user_id))
+        if not user:
+            return ('User not found for id (%s)' % sanitize_text(str(user_id)), 'error')
+        new_key = trans.app.model.APIKeys(
+            user_id=trans.security.decode_id(user_id),
+            key=trans.app.security.get_new_guid()
+        )
+        trans.sa_session.add(new_key)
+        trans.sa_session.flush()
+        return ("New key '%s' generated for requested user '%s'." % (new_key.key, user.email), "done")
+
     @web.expose_api
     @web.require_admin
     def manage_roles_and_groups_for_user(self, trans, payload=None, **kwd):

templates/webapps/galaxy/admin/center.mako

@@ -30,7 +30,7 @@ Please visit <a href="https://galaxyproject.org/admin" target="_blank">the Galax
         <h4>User Management</h4>
             <ul>
                 <li>
-                    <strong>Users</strong> - A view of all users and all groups and non-private roles associated with each user.
+                    <strong>Users</strong> - The primary user management interface, displaying information associated with each user and providing operations for resetting passwords, updating user information, impersonating a user, and more.
                 </li>
             %if trans.app.config.enable_quotas:
                 <li>
@@ -47,14 +47,6 @@ Please visit <a href="https://galaxyproject.org/admin" target="_blank">the Galax
                 <li>
                     <strong>Forms</strong> - Manage local form definitions.
                 </li>
-                <li>
-                    <strong>API keys</strong> - A view of all generated API keys with an option to re-generate.
-                </li>
-            %if trans.app.config.allow_user_impersonation:
-                <li>
-                    <strong>Impersonate a user</strong> - Allows to view Galaxy as another user in order to help troubleshoot issues.
-                </li>
-            %endif
             </ul>
 
         <h4>Tool Management</h4>