Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expose more user properties to admins via the API. #4274

Merged
merged 4 commits into from Jul 5, 2017

Conversation

Projects
None yet
4 participants
@jmchilton
Copy link
Member

commented Jul 4, 2017

This is an extension of #4255 - merging this PR will merge that one. See that PR for details.

This PR extends it to include a test case regarding what we are exposing via the API for non-admin users and it tweaks the users API endpoint to not expose the new attributes in #4255 to non-admin users.

return [u["id"] for u in self.galaxy_interactor.get("users").json()]

def new_users(self, original_ids):
print self.galaxy_interactor.get("users").json()

This comment has been minimized.

Copy link
@nsoranzo

nsoranzo Jul 4, 2017

Member

print should be a function for Python3 compatibility.

This comment has been minimized.

Copy link
@nsoranzo

nsoranzo Jul 4, 2017

Member

Or maybe these are just debugging statements you forgot to remove.

This comment has been minimized.

Copy link
@jmchilton

jmchilton Jul 5, 2017

Author Member

Yup - I just forgot to remove these. One second...

Tweak exposing user attributes to use an include list instead of excl…
…ude list.

This allows for the addition of new dictifiable attributes on user like in 55956fe without exposing these attributes to non-admin users.

@jmchilton jmchilton force-pushed the jmchilton:users_api branch from 78c9741 to d960768 Jul 5, 2017

@jmchilton

This comment has been minimized.

Copy link
Member Author

commented Jul 5, 2017

Rebased to remote the stray print debugging statements. Thanks 🦅👀 !

@XDtim

This comment has been minimized.

Copy link
Contributor

commented Jul 5, 2017

I was concerned about the parms being exposed to non-admin users too.

It seemed like in my testing (which was done on the command line with Parsec and Bioblend), if I was using a non-admin key, I would only see user data about the user that API key had auth to, and when I used an admin key, I would see a list of all users.

Thanks for showing me how to implement something like this properly in the API.

@nsoranzo nsoranzo merged commit dab07a6 into galaxyproject:dev Jul 5, 2017

5 checks passed

api test Build finished. 279 tests run, 0 skipped, 0 failed.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
framework test Build finished. 150 tests run, 0 skipped, 0 failed.
Details
integration test Build finished. 37 tests run, 0 skipped, 0 failed.
Details
toolshed test Build finished. 579 tests run, 0 skipped, 0 failed.
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.