Mercurial > repos > fubar > brokenandnotdeletablebyowneroradmin

--- a/README.txt	Wed Jun 06 12:05:25 2012 +1000
+++ b/README.txt	Wed Jun 06 14:16:25 2012 +1000
@@ -11,21 +11,24 @@
 a local toolshed.

 *The good news* If it can be trivially scripted, it can be running safely in your
-local Galaxy via your own local toolshed.
+local Galaxy via your own local toolshed in a few minutes.
+
 That's what this tool does. You paste a simple script and the tool returns
 a new, real Galaxy tool, ready to be installed from the local toolshed to local servers.
 Scripts can be wrapped and online literally within minutes.

-*To fully and safely exploit the awesome power* of Galaxy with this tool installed
-you should be a developer installing this tool on a
-personal/scratch local instance - ie a private site
-because then, if you break it, you get to keep all the pieces
+*To fully and safely exploit the awesome power* of this tool, Galaxy and the ToolShed,
+you should be a developer installing this tool on a private/personal/scratch local instance where you are an admin_user.
+Then, if you break it, you get to keep all the pieces
 see https://bitbucket.org/fubar/galaxytoolfactory/wiki/Home

-*To make the tool work* Ghostscript and imagemagick MUST be installed, and if not already there, please add:
+*To make the tool work* R, python, perl etc are needed on your path if you want to run scripts using those interpreters.
+The HTML file code to shrink R's gross pdfs requires Ghostscript and imagemagick must be installed for generating the thumbnails.
+If not already there (I just added it to datatypes_conf.xml.sample), please add:
 <datatype extension="toolshed.gz" type="galaxy.datatypes.binary:Binary" mimetype="multipart/x-gzip" subclass="True" />
-to your local data_types_conf.xml and PUT some real IDs in the list in the XML before you restart Galaxy to load this new tool please
-otherwise, the tool won't run for anybody.
+to your local data_types_conf.xml.
+
+**Note that ONLY admin_users can run this tool**

 *What it does* This is a tool factory for simple scripts in python, R or whatever ails ye.
 LIMITED to simple scripts that read one input from the history.
--- a/rgToolFactory.py	Wed Jun 06 12:05:25 2012 +1000
+++ b/rgToolFactory.py	Wed Jun 06 14:16:25 2012 +1000
@@ -38,10 +38,7 @@
 #   Totally insecure. So, trusted users only
 #
 # preferred model is a developer using their throw away workstation instance - ie a private site.
-# no real risk.
-# a list in the xml source file is searched for users permitted to run this tool.
-# PUT some IDs in the list in the XML before you restart Galaxy to load this new tool please
-# otherwise, the tool won't run for anybody.
+# no real risk. The universe_wsgi.ini admin_users string is checked - only admin users are permitted to run this tool.
 #

 #
@@ -407,7 +404,7 @@
     a('--tool_desc',default=None)
     a('--new_tool',default=None)
     opts, args = op.parse_args()
-    assert not opts.bad_user,'%s is NOT authorized to use this tool. Please ask your friendly admin to add their ID to %s.xml' % (opts.bad_user,os.path.splitext(self.myname)[0])
+    assert not opts.bad_user,'%s is NOT authorized to use this tool. Please ask your friendly admin to add their ID to admin_users in universe_wsgi.ini' % (opts.bad_user)
     assert opts.tool_name,'## Tool Factory expects a tool name - eg --tool_name=DESeq'
     assert opts.interpreter,'## Tool Factory wrapper expects an interpreter - eg --interpreter=Rscript'
     assert os.path.isfile(opts.script_path),'## Tool Factory wrapper expects a script path - eg --script_path=foo.R'
--- a/rgToolFactory.xml	Wed Jun 06 12:05:25 2012 +1000
+++ b/rgToolFactory.xml	Wed Jun 06 14:16:25 2012 +1000
@@ -1,7 +1,7 @@
 <tool id="rgTF" name="Tool Factory" version="0.05">
   <description>Makes scripts into tools</description>
   <command interpreter="python">
-#if ( $__user_email__ not in ['yourID@email','ross.lazarus@gmail.com'] ):
+#if ( $__user_email__ not in $__admin_users__ ):
      rgToolFactory.py --bad_user $__user_email__
   #else:
     rgToolFactory.py --script_path "$runme" --interpreter "$interpreter"
@@ -111,6 +111,11 @@
 </configfile>
 </configfiles>
 <help>
+
+.. class:: warningmark
+
+**Local Admins ONLY** Only users whose IDs found in the local admin_user configuration setting in universe_wsgi.ini can run this tool.
+
 **What it does** This tool enables a user to paste and submit an arbitrary R/python/perl script to Galaxy.

 **Input options** This version is limited to simple transformation or reporting requiring only a single input file selected from the history.
@@ -121,14 +126,13 @@
 **Tool Generation option** Once the script is working with test data, this tool will optionally generate a new Galaxy tool in a gzip file
 ready to upload to your local toolshed for sharing and installation.

-**Permission to to use this tool** must be explicitly granted by an administrator adding approved Galaxy user IDs to the local tool XML list of permitted users.  *It will not run otherwise*
-
 .. class:: warningmark

-**Note to system administrators** This tool offers *NO* built in protection against malicious scripts and should only be installed on private/personnal Galaxy instances.
-Under no circumstances should you allow any user to use this tool unless you really, really trust them with the power to do what they want as the Galaxy user.
+**Note to system administrators** This tool offers *NO* built in protection against malicious scripts. It should only be installed on private/personnal Galaxy instances.
+Admin_users will have the power to do anything they want as the Galaxy user if you install this tool.

 The tools generated by this tool will run just as securely as any other normal installed Galaxy tool but like any other new tools, should always be checked carefully before installation.
+We recommend that you follow the good code hygiene practices associated with safe toolshed.

 .. class:: warningmark