From 181e5519eebec5d67d0d98c51c0bc4f8a78b247b Mon Sep 17 00:00:00 2001 From: John Davis Date: Mon, 2 Sep 2024 11:57:10 -0400 Subject: [PATCH] Handle private role ids for setting user roles --- lib/galaxy/model/security.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/lib/galaxy/model/security.py b/lib/galaxy/model/security.py index 1ec9193ae96a..2accd46cf5fb 100644 --- a/lib/galaxy/model/security.py +++ b/lib/galaxy/model/security.py @@ -1518,8 +1518,21 @@ def _set_user_roles(self, user, role_ids): delete_stmt = delete_stmt.where(UserRoleAssociation.role_id != private_role.id) except AttributeError: log.warning("User %s does not have a private role assigned", user) - insert_values = [{"user_id": user.id, "role_id": role_id} for role_id in role_ids] - self._set_associations(user, UserRoleAssociation, delete_stmt, insert_values) + role_ids = self._filter_private_roles(role_ids) + if role_ids: + insert_values = [{"user_id": user.id, "role_id": role_id} for role_id in role_ids] + self._set_associations(user, UserRoleAssociation, delete_stmt, insert_values) + + def _filter_private_roles(self, role_ids): + """Filter out IDs of private roles""" + # TODO role_ids (payload from the UI) include user's private role; that shoudl not be the case. + filtered = [] + for role_id in role_ids: + stmt = select(Role.id).where(Role.id == role_id).where(Role.type == Role.types.PRIVATE) + is_private = bool(self.sa_session.scalars(stmt).all()) + if not is_private: + filtered.append(role_id) + return filtered def _set_group_users(self, group, user_ids): delete_stmt = delete(UserGroupAssociation).where(UserGroupAssociation.group_id == group.id)