Restrict anonymous user from uploading data or running jobs not work.

istevenshen · December 31, 2020, 1:24am

I want my local Galaxy instance allow all users(anonymous and registered) free to browse around and see what’s available without registering, but only the registers can upload data or run jobs.

According to bgruening suggestion, I could set limits in my job_conf.xml file and configure resources for users that are not registered. Below is the configuration of my job_conf.xml file, but it doesn’t work. Could anyone help me see what went wrong?Thank you.

<?xml version="1.0"?>
<!-- A sample job config that explicitly configures job running the way it is
     configured by default (if there is no explicit config). -->
<job_conf>
    <plugins>
        <plugin id="local" type="runner" load="galaxy.jobs.runners.local:LocalJobRunner" workers="4"/>
    </plugins>
    <destinations>
        <destination id="local" runner="local"/>
    </destinations>
    <limits>
        <limit type="registered_user_concurrent_jobs">2</limit>
        <limit type="anonymous_user_concurrent_jobs" id="local">0</limit>
    </limits>
</job_conf>

istevenshen · January 5, 2021, 5:46am

I tried it with 1, it workd fine on my local Galaxy instance. I think it might be a bug with 0 on anonymous_user_concurrent_jobs , I hope someone can help fix it.

marten · January 5, 2021, 12:51pm

Have you considered enabling account activation? That way only registered and activated users can run jobs.

istevenshen · January 6, 2021, 12:49am

Yes, I tried.

If I set user_activation_on: true and require_login: false, the both anonymous and registered free to browse around and run jobs.
If I set user_activation_on: true and require_login: true, only registered and activated users can run jobs, but the anonymous can’t browse around and see what’s available. This seems to be a better method, but it is not what I really want.

What I really want is that the anonymous and registered users free to browse around and see what’s available without registering, but only the registers can upload data or run jobs.

nate · January 6, 2021, 4:53pm

It looks like there may be a bug with setting the limit to 0. In lieu of this, you can also create a dynamic job rule that will cause any jobs submitted by anonymous users to fail.

The job configuration would look like:

<?xml version="1.0"?>
<job_conf>
    <plugins>
        <plugin id="local" type="runner" load="galaxy.jobs.runners.local:LocalJobRunner" workers="4"/>
    </plugins>
    <destinations default="require_login">
        <destination id="local" runner="local"/>
        <destination id="require_login" runner="dynamic">
            <param id="type">python</param>
            <param id="function">require_login</param>
        </destination>
    </destinations>
    <limits>
        <limit type="registered_user_concurrent_jobs">2</limit>
    </limits>
</job_conf>

And then create a file <galaxy_root>/lib/galaxy/jobs/rules/require_login.py with contents:

from galaxy.jobs.mapper import JobMappingException


def require_login(user_email):
    if user_email is None:
        raise JobMappingException('Please register an account to use this tool')
    return 'local'

istevenshen · January 7, 2021, 12:46am

Great, it solved my problem perfectly. Thank you @nate.