Project

Profile

Help

Story #5422

closed

As a user Galaxy V3 user, I can submit expected_namespace, expected_name, expected_version and if the metadata doesn't match it fails

Added by bmbouter over 5 years ago. Updated about 4 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
Yes
Sprint Candidate:
No
Tags:
Sprint:
Sprint 58
Quarter:

Description

Problem

There is a use case where the user is Galaxy and submitting data it received from a user it does not trust. The problem is that the actual metadata isn't known until the tarball is extracted, but by then regardless of what it is, it's imported and live.

Solution

Have the Galaxy v3/artifacts/collections/ endpoint take 3 optional arguments: 'expected_namespace', 'expected_name', 'expected_version'. If set, validate that the uploaded Collection is asserting these values.

If they do not match, fail the import task and delete the Artifact since it was not appropriate to be saved.

Also available in: Atom PDF