From 4e03914bccb2527e2677011283966ce1359c56eb Mon Sep 17 00:00:00 2001
From: davelopez <46503462+davelopez@users.noreply.github.com>
Date: Wed, 22 May 2024 11:49:27 +0200
Subject: [PATCH 1/5] Raise appropriate API exceptions in `history` controller

Instead of the legacy ones.
---
 lib/galaxy/webapps/galaxy/controllers/history.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/galaxy/webapps/galaxy/controllers/history.py b/lib/galaxy/webapps/galaxy/controllers/history.py
index fd3f1a036f20..4d81338d3b08 100644
--- a/lib/galaxy/webapps/galaxy/controllers/history.py
+++ b/lib/galaxy/webapps/galaxy/controllers/history.py
@@ -123,7 +123,7 @@ def display_by_username_and_slug(self, trans, username, slug, **kwargs):
             )
         )
 
-    @web.legacy_expose_api
+    @web.expose_api
     @web.require_login("changing default permissions")
     def permissions(self, trans, payload=None, **kwd):
         """
@@ -131,7 +131,7 @@ def permissions(self, trans, payload=None, **kwd):
         """
         history_id = kwd.get("id")
         if not history_id:
-            return self.message_exception(trans, f"Invalid history id ({str(history_id)}) received")
+            raise exceptions.RequestParameterMissingException("No history id received")
         history = self.history_manager.get_owned(self.decode_id(history_id), trans.user, current_history=trans.history)
         if trans.request.method == "GET":
             inputs = []
@@ -166,7 +166,7 @@ def permissions(self, trans, payload=None, **kwd):
             trans.app.security_agent.history_set_default_permissions(history, permissions)
             return {"message": "Default history '%s' dataset permissions have been changed." % history.name}
 
-    @web.legacy_expose_api
+    @web.expose_api
     @web.require_login("make datasets private")
     def make_private(self, trans, history_id=None, all_histories=False, **kwd):
         """
@@ -184,7 +184,7 @@ def make_private(self, trans, history_id=None, all_histories=False, **kwd):
             if history:
                 histories.append(history)
         if not histories:
-            return self.message_exception(trans, "Invalid history or histories specified.")
+            raise exceptions.RequestParameterMissingException("No history or histories specified.")
         private_role = trans.app.security_agent.get_private_user_role(trans.user)
         user_roles = trans.user.all_roles()
         private_permissions = {
@@ -256,12 +256,12 @@ def resume_paused_jobs(self, trans, current=False, ids=None, **kwargs):
         return trans.show_ok_message("Your jobs have been resumed.", refresh_frames=refresh_frames)
         # TODO: used in index.mako
 
-    @web.legacy_expose_api
+    @web.expose_api
     @web.require_login("rename histories")
     def rename(self, trans, payload=None, **kwd):
         id = kwd.get("id")
         if not id:
-            return self.message_exception(trans, "No history id received for renaming.")
+            raise exceptions.RequestParameterMissingException("No history id received for renaming.")
         user = trans.get_user()
         id = listify(id)
         histories = []

From 994be2f49aae86b362c91ea930f07b0a68f839ec Mon Sep 17 00:00:00 2001
From: davelopez <46503462+davelopez@users.noreply.github.com>
Date: Wed, 22 May 2024 11:59:00 +0200
Subject: [PATCH 2/5] Do not fail hard when one history fails to be made
 private

---
 .../webapps/galaxy/controllers/history.py     | 32 +++++++++++--------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/lib/galaxy/webapps/galaxy/controllers/history.py b/lib/galaxy/webapps/galaxy/controllers/history.py
index 4d81338d3b08..1511cde700a4 100644
--- a/lib/galaxy/webapps/galaxy/controllers/history.py
+++ b/lib/galaxy/webapps/galaxy/controllers/history.py
@@ -192,20 +192,24 @@ def make_private(self, trans, history_id=None, all_histories=False, **kwd):
             trans.app.security_agent.permitted_actions.DATASET_ACCESS: [private_role],
         }
         for history in histories:
-            self.history_manager.error_unless_mutable(history)
-            # Set default role for history to private
-            trans.app.security_agent.history_set_default_permissions(history, private_permissions)
-            # Set private role for all datasets
-            for hda in history.datasets:
-                if (
-                    not hda.dataset.library_associations
-                    and not trans.app.security_agent.dataset_is_private_to_user(trans, hda.dataset)
-                    and trans.app.security_agent.can_manage_dataset(user_roles, hda.dataset)
-                ):
-                    # If it's not private to me, and I can manage it, set fixed private permissions.
-                    trans.app.security_agent.set_all_dataset_permissions(hda.dataset, private_permissions)
-                    if not trans.app.security_agent.dataset_is_private_to_user(trans, hda.dataset):
-                        raise exceptions.InternalServerError("An error occurred and the dataset is NOT private.")
+            try:
+                self.history_manager.error_unless_mutable(history)
+                # Set default role for history to private
+                trans.app.security_agent.history_set_default_permissions(history, private_permissions)
+                # Set private role for all datasets
+                for hda in history.datasets:
+                    if (
+                        not hda.dataset.library_associations
+                        and not trans.app.security_agent.dataset_is_private_to_user(trans, hda.dataset)
+                        and trans.app.security_agent.can_manage_dataset(user_roles, hda.dataset)
+                    ):
+                        # If it's not private to me, and I can manage it, set fixed private permissions.
+                        trans.app.security_agent.set_all_dataset_permissions(hda.dataset, private_permissions)
+                        if not trans.app.security_agent.dataset_is_private_to_user(trans, hda.dataset):
+                            raise exceptions.InternalServerError("An error occurred and the dataset is NOT private.")
+            except Exception:
+                log.exception("Error making datasets private.")
+                continue
         return {
             "message": f"Success, requested permissions have been changed in {'all histories' if all_histories else history.name}."
         }

From f3c63541c6a3ccb97ecfefd034a14f9d00e274aa Mon Sep 17 00:00:00 2001
From: davelopez <46503462+davelopez@users.noreply.github.com>
Date: Wed, 22 May 2024 12:20:49 +0200
Subject: [PATCH 3/5] Allow to make private purged and archived histories

---
 client/src/components/User/UserPreferences.vue   | 2 +-
 lib/galaxy/webapps/galaxy/controllers/history.py | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/client/src/components/User/UserPreferences.vue b/client/src/components/User/UserPreferences.vue
index 0eb8a0c4d5e2..b186dac1092b 100644
--- a/client/src/components/User/UserPreferences.vue
+++ b/client/src/components/User/UserPreferences.vue
@@ -243,7 +243,7 @@ export default {
                     _l(
                         "WARNING: This will make all datasets (excluding library datasets) for which you have " +
                             "'management' permissions, in all of your histories " +
-                            "private, and will set permissions such that all " +
+                            "private (including archived and purged), and will set permissions such that all " +
                             "of your new data in these histories is created as private.  Any " +
                             "datasets within that are currently shared will need " +
                             "to be re-shared or published.  Are you sure you " +
diff --git a/lib/galaxy/webapps/galaxy/controllers/history.py b/lib/galaxy/webapps/galaxy/controllers/history.py
index 1511cde700a4..9d20adfed4c8 100644
--- a/lib/galaxy/webapps/galaxy/controllers/history.py
+++ b/lib/galaxy/webapps/galaxy/controllers/history.py
@@ -193,7 +193,6 @@ def make_private(self, trans, history_id=None, all_histories=False, **kwd):
         }
         for history in histories:
             try:
-                self.history_manager.error_unless_mutable(history)
                 # Set default role for history to private
                 trans.app.security_agent.history_set_default_permissions(history, private_permissions)
                 # Set private role for all datasets

From c1a8fd48950d077d4157c6aa4d8bdd94c91c9cb1 Mon Sep 17 00:00:00 2001
From: davelopez <46503462+davelopez@users.noreply.github.com>
Date: Wed, 22 May 2024 14:58:42 +0200
Subject: [PATCH 4/5] Drop redundant check after setting dataset permissions

---
 lib/galaxy/webapps/galaxy/controllers/history.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/lib/galaxy/webapps/galaxy/controllers/history.py b/lib/galaxy/webapps/galaxy/controllers/history.py
index 9d20adfed4c8..2dbe94cb44ef 100644
--- a/lib/galaxy/webapps/galaxy/controllers/history.py
+++ b/lib/galaxy/webapps/galaxy/controllers/history.py
@@ -204,8 +204,6 @@ def make_private(self, trans, history_id=None, all_histories=False, **kwd):
                     ):
                         # If it's not private to me, and I can manage it, set fixed private permissions.
                         trans.app.security_agent.set_all_dataset_permissions(hda.dataset, private_permissions)
-                        if not trans.app.security_agent.dataset_is_private_to_user(trans, hda.dataset):
-                            raise exceptions.InternalServerError("An error occurred and the dataset is NOT private.")
             except Exception:
                 log.exception("Error making datasets private.")
                 continue

From ec2bd513747eadbb8b9c5bfba0e60847b977f9a3 Mon Sep 17 00:00:00 2001
From: davelopez <46503462+davelopez@users.noreply.github.com>
Date: Wed, 22 May 2024 15:22:46 +0200
Subject: [PATCH 5/5] Remove unnecessary catch all

---
 .../webapps/galaxy/controllers/history.py     | 26 ++++++++-----------
 1 file changed, 11 insertions(+), 15 deletions(-)

diff --git a/lib/galaxy/webapps/galaxy/controllers/history.py b/lib/galaxy/webapps/galaxy/controllers/history.py
index 2dbe94cb44ef..5a7824fd3129 100644
--- a/lib/galaxy/webapps/galaxy/controllers/history.py
+++ b/lib/galaxy/webapps/galaxy/controllers/history.py
@@ -192,21 +192,17 @@ def make_private(self, trans, history_id=None, all_histories=False, **kwd):
             trans.app.security_agent.permitted_actions.DATASET_ACCESS: [private_role],
         }
         for history in histories:
-            try:
-                # Set default role for history to private
-                trans.app.security_agent.history_set_default_permissions(history, private_permissions)
-                # Set private role for all datasets
-                for hda in history.datasets:
-                    if (
-                        not hda.dataset.library_associations
-                        and not trans.app.security_agent.dataset_is_private_to_user(trans, hda.dataset)
-                        and trans.app.security_agent.can_manage_dataset(user_roles, hda.dataset)
-                    ):
-                        # If it's not private to me, and I can manage it, set fixed private permissions.
-                        trans.app.security_agent.set_all_dataset_permissions(hda.dataset, private_permissions)
-            except Exception:
-                log.exception("Error making datasets private.")
-                continue
+            # Set default role for history to private
+            trans.app.security_agent.history_set_default_permissions(history, private_permissions)
+            # Set private role for all datasets
+            for hda in history.datasets:
+                if (
+                    not hda.dataset.library_associations
+                    and not trans.app.security_agent.dataset_is_private_to_user(trans, hda.dataset)
+                    and trans.app.security_agent.can_manage_dataset(user_roles, hda.dataset)
+                ):
+                    # If it's not private to me, and I can manage it, set fixed private permissions.
+                    trans.app.security_agent.set_all_dataset_permissions(hda.dataset, private_permissions)
         return {
             "message": f"Success, requested permissions have been changed in {'all histories' if all_histories else history.name}."
         }