Merge pull request #6952 from dannon/history_privacy

Quick 'make all datasets private' implementation.
galaxyproject · Dec 7, 2018 · e8d2b33 · e8d2b33
2 parents bddfe38 + 4894ab9
commit e8d2b33
Show file tree

Hide file tree

Showing 3 changed files with 90 additions and 1 deletion.
diff --git a/client/galaxy/scripts/mvc/history/options-menu.js b/client/galaxy/scripts/mvc/history/options-menu.js
@@ -98,7 +98,25 @@ var menu = [
             }
         }
     },
-
+    {
+        html: _l("Make Data Private"),
+        anon: true,
+        func: function() {
+            if (
+                Galaxy &&
+                Galaxy.currHistoryPanel &&
+                confirm(
+                    _l(
+                        "This will make all the data in this history private (excluding library datasets), and will set permissions such that all new data is created as private.  Any datasets within that are currently shared will need to be re-shared or published.  Are you sure you want to do this?"
+                    )
+                )
+            ) {
+                $.post(`${Galaxy.root}history/make_private`, { history_id: Galaxy.currHistoryPanel.model.id }, () => {
+                    Galaxy.currHistoryPanel.loadCurrentHistory();
+                });
+            }
+        }
+    },
     {
         html: _l("Dataset Actions"),
         header: true,

diff --git a/client/galaxy/scripts/mvc/user/user-preferences.js b/client/galaxy/scripts/mvc/user/user-preferences.js
@@ -48,6 +48,40 @@ var Model = Backbone.Model.extend({
                 submit_title: "Save permissions",
                 redirect: "user"
             },
+            make_data_private: {
+                title: _l("Make all data private"),
+                description: _l("Click here to make all data private."),
+                icon: "fa-lock",
+                onclick: function() {
+                    if (
+                        confirm(
+                            _l(
+                                "WARNING: This will make all datasets (excluding library datasets) for which you have " +
+                                    "'management' permissions, in all of your histories " +
+                                    "private, and will set permissions such that all " +
+                                    "of your new data in these histories is created as private.  Any " +
+                                    "datasets within that are currently shared will need " +
+                                    "to be re-shared or published.  Are you sure you " +
+                                    "want to do this?"
+                            )
+                        )
+                    ) {
+                        $.post(`${Galaxy.root}history/make_private`, { all_histories: true }, () => {
+                            Galaxy.modal.show({
+                                title: _l("Datasets are now private"),
+                                body: `All of your histories and datsets have been made private.  If you'd like to make all *future* histories private please use the <a href="${
+                                    Galaxy.root
+                                }user/permissions">User Permissions</a> interface.`,
+                                buttons: {
+                                    Close: function() {
+                                        Galaxy.modal.hide();
+                                    }
+                                }
+                            });
+                        });
+                    }
+                }
+            },
             api_key: {
                 title: _l("Manage API key"),
                 description: _l("Access your current API key or create a new one."),
@@ -138,6 +172,7 @@ var View = Backbone.View.extend({
             }
             self._addLink("custom_builds");
             self._addLink("permissions");
+            self._addLink("make_data_private");
             self._addLink("api_key");
             if (config.has_user_tool_filters) {
                 self._addLink("toolbox_filters");

diff --git a/lib/galaxy/webapps/galaxy/controllers/history.py b/lib/galaxy/webapps/galaxy/controllers/history.py
@@ -693,6 +693,42 @@ def permissions(self, trans, payload=None, **kwd):
             trans.app.security_agent.history_set_default_permissions(history, permissions)
             return {'message': 'Default history \'%s\' dataset permissions have been changed.' % history.name}
 
+    @web.expose_api
+    @web.require_login("make datasets private")
+    def make_private(self, trans, history_id=None, all_histories=False, **kwd):
+        """
+        Sets the datasets within a history to private.  Also sets the default
+        permissions for the history to private, for future datasets.
+        """
+        histories = []
+        if all_histories:
+            histories = trans.user.histories
+        elif history_id:
+            history = self.history_manager.get_owned(self.decode_id(history_id), trans.user, current_history=trans.history)
+            if history:
+                histories.append(history)
+        if not histories:
+            return self.message_exception(trans, 'Invalid history or histories specified.')
+        private_role = trans.app.security_agent.get_private_user_role(trans.user)
+        user_roles = trans.user.all_roles()
+        private_permissions = {
+            trans.app.security_agent.permitted_actions.DATASET_MANAGE_PERMISSIONS: [private_role],
+            trans.app.security_agent.permitted_actions.DATASET_ACCESS: [private_role],
+        }
+        for history in histories:
+            # Set default role for history to private
+            trans.app.security_agent.history_set_default_permissions(history, private_permissions)
+            # Set private role for all datasets
+            for hda in history.datasets:
+                if (not hda.dataset.library_associations
+                        and not trans.app.security_agent.dataset_is_private_to_user(trans, hda.dataset)
+                        and trans.app.security_agent.can_manage_dataset(user_roles, hda.dataset)):
+                    # If it's not private to me, and I can manage it, set fixed private permissions.
+                    trans.app.security_agent.set_all_dataset_permissions(hda.dataset, private_permissions)
+                    if not trans.app.security_agent.dataset_is_private_to_user(trans, hda.dataset):
+                        raise exceptions.InternalServerError('An error occurred and the dataset is NOT private.')
+        return {'message': 'Success, requested permissions have been changed in %s.' % ("all histories" if all_histories else history.name)}
+
     @web.expose
     @web.require_login("share histories with other users")
     def share(self, trans, id=None, email="", **kwd):