Skip to content

Commit

Permalink
Merge pull request #17459 from mvdbeek/backport_public_hdca_check
Browse files Browse the repository at this point in the history
[23.1] Only check access permissions in `/api/{history_dataset_collection_id}/contents/{dataset_collection_id}`
  • Loading branch information
mvdbeek authored Feb 13, 2024
2 parents c94ec0d + d18003e commit 91d9d49
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/galaxy/webapps/galaxy/services/dataset_collections.py
Original file line number Diff line number Diff line change
Expand Up @@ -250,7 +250,7 @@ def contents(
"Parameter instance_type not being 'history' is not yet implemented."
)
hdca: "HistoryDatasetCollectionAssociation" = self.collection_manager.get_dataset_collection_instance(
trans, "history", hdca_id, check_ownership=True
trans, "history", hdca_id
)

# check to make sure the dsc is part of the validated hdca
Expand Down
12 changes: 12 additions & 0 deletions lib/galaxy_test/api/test_dataset_collections.py
Original file line number Diff line number Diff line change
Expand Up @@ -418,6 +418,18 @@ def test_collection_contents_security(self, history_id):
contents_response = self._get(contents_url)
self._assert_status_code_is(contents_response, 403)

@requires_new_user
def test_published_collection_contents_accessible(self, history_id):
# request contents on an hdca that is in a published history
hdca, contents_url = self._create_collection_contents_pair(history_id)
with self._different_user():
contents_response = self._get(contents_url)
self._assert_status_code_is(contents_response, 403)
self.dataset_populator.make_public(history_id)
with self._different_user():
contents_response = self._get(contents_url)
self._assert_status_code_is(contents_response, 200)

def test_collection_contents_invalid_collection(self, history_id):
# request an invalid collection from a valid hdca, should get 404
hdca, contents_url = self._create_collection_contents_pair(history_id)
Expand Down

0 comments on commit 91d9d49

Please sign in to comment.