Beispiel #1
0
    def getUserRightsForJob(self, jobID):
        """ Get access rights to job with jobID for the user specified by
        userDN/userGroup
    """

        result = self.jobDB.getJobAttributes(jobID, ['OwnerDN', 'OwnerGroup'])

        if not result['OK']:
            return result
        elif result['Value']:
            owner = result['Value']['OwnerDN']
            group = result['Value']['OwnerGroup']
            result = getUsernameForDN(owner)
            ownerName = ''
            if result['OK']:
                ownerName = result['Value']

            result = self.getJobPolicy(owner, group)

            if self.userName and self.userName == ownerName and self.userGroup == group:
                result['UserIsOwner'] = True
            else:
                result['UserIsOwner'] = False
            return result
        else:
            return S_ERROR('Job not found')
Beispiel #2
0
    def getPilotMonitorSelectors(self):
        """ Get distinct values for the Pilot Monitor page selectors
    """

        paramNames = [
            'OwnerDN', 'OwnerGroup', 'GridType', 'Broker', 'Status',
            'DestinationSite', 'GridSite'
        ]

        resultDict = {}
        for param in paramNames:
            result = self.getDistinctAttributeValues('PilotAgents', param)
            if result['OK']:
                resultDict[param] = result['Value']
            else:
                resultDict = []

            if param == "OwnerDN":
                userList = []
                for dn in result['Value']:
                    resultUser = getUsernameForDN(dn)
                    if resultUser['OK']:
                        userList.append(resultUser['Value'])
                resultDict["Owner"] = userList

        return S_OK(resultDict)
Beispiel #3
0
  def getUserRightsForJob( self, jobID ):
    """ Get access rights to job with jobID for the user specified by
        userDN/userGroup
    """

    result = self.jobDB.getJobAttributes( jobID, [ 'OwnerDN', 'OwnerGroup' ] )

    if not result['OK']:
      return result
    elif result['Value']:
      owner = result['Value']['OwnerDN']
      group = result['Value']['OwnerGroup']
      result = getUsernameForDN(owner)
      ownerName = ''
      if result['OK']:
        ownerName = result['Value']
        
      result = self.getJobPolicy( owner, group )
      
      if self.userName and self.userName == ownerName and self.userGroup == group:
        result[ 'UserIsOwner' ] = True
      else:
        result[ 'UserIsOwner' ] = False
      return result
    else:
      return S_ERROR('Job not found')
Beispiel #4
0
    def __init__(self, userDN, userGroup, userProperties):

        self.userDN = userDN
        self.userName = ''
        result = getUsernameForDN(userDN)
        if result['OK']:
            self.userName = result['Value']
        self.userGroup = userGroup
        self.userProperties = userProperties
        self.jobDB = None
Beispiel #5
0
  def __init__( self, userDN, userGroup, userProperties ):

    self.userDN = userDN
    self.userName = ''
    result = getUsernameForDN(userDN)
    if result['OK']:
      self.userName = result['Value']
    self.userGroup = userGroup
    self.userProperties = userProperties
    self.jobDB = None
Beispiel #6
0
  def export_banSite(self, site,comment='No comment'):
    """ Ban the given site in the site mask
    """

    result = self.getRemoteCredentials()
    dn = result['DN']
    result = getUsernameForDN(dn)
    if result['OK']:
      author = result['Value']
    else:
      author = dn
    result = jobDB.banSiteInMask(site,author,comment)
    return result
    def export_banSite(self, site, comment='No comment'):
        """ Ban the given site in the site mask
    """

        result = self.getRemoteCredentials()
        dn = result['DN']
        result = getUsernameForDN(dn)
        if result['OK']:
            author = result['Value']
        else:
            author = dn
        result = jobDB.banSiteInMask(site, author, comment)
        return result
Beispiel #8
0
    def getJobPolicy(self, jobOwnerDN='', jobOwnerGroup=''):
        """ Get the job operations rights for a job owned by jobOwnerDN/jobOwnerGroup
        for a user with userDN/userGroup.
        Returns a dictionary of various operations rights
    """

        # Can not do anything by default
        permDict = {}
        for r in ALL_RIGHTS:
            permDict[r] = False

        # Anybody can get info about the jobs
        permDict[RIGHT_GET_INFO] = True

        # Give JobAdmin permission if needed
        if Properties.JOB_ADMINISTRATOR in self.userProperties:
            for r in PROPERTY_RIGHTS[Properties.JOB_ADMINISTRATOR]:
                permDict[r] = True

        # Give JobAdmin permission if needed
        if Properties.NORMAL_USER in self.userProperties:
            for r in PROPERTY_RIGHTS[Properties.NORMAL_USER]:
                permDict[r] = True

        # Give permissions of the generic pilot
        if Properties.GENERIC_PILOT in self.userProperties:
            for r in PROPERTY_RIGHTS[Properties.GENERIC_PILOT]:
                permDict[r] = True

        # Job Owner can do everything with his jobs
        result = getUsernameForDN(jobOwnerDN)
        jobOwnerName = ''
        if result['OK']:
            jobOwnerName = result['Value']
        if jobOwnerName and self.userName and jobOwnerName == self.userName:
            for r in OWNER_RIGHTS:
                permDict[r] = True

        # Members of the same group sharing their jobs can do everything
        if jobOwnerGroup == self.userGroup:
            if Properties.JOB_SHARING in self.userProperties:
                for right in GROUP_RIGHTS:
                    permDict[right] = True

        return S_OK(permDict)
Beispiel #9
0
  def getJobPolicy( self, jobOwnerDN = '', jobOwnerGroup = '' ):
    """ Get the job operations rights for a job owned by jobOwnerDN/jobOwnerGroup
        for a user with userDN/userGroup.
        Returns a dictionary of various operations rights
    """

    # Can not do anything by default
    permDict = {}
    for r in ALL_RIGHTS:
      permDict[r] = False

    # Anybody can get info about the jobs
    permDict[ RIGHT_GET_INFO ] = True

    # Give JobAdmin permission if needed
    if Properties.JOB_ADMINISTRATOR in self.userProperties:
      for r in PROPERTY_RIGHTS[ Properties.JOB_ADMINISTRATOR ]:
        permDict[ r ] = True

    # Give JobAdmin permission if needed
    if Properties.NORMAL_USER in self.userProperties:
      for r in PROPERTY_RIGHTS[ Properties.NORMAL_USER ]:
        permDict[ r ] = True
        
    # Give permissions of the generic pilot
    if Properties.GENERIC_PILOT in self.userProperties:
      for r in PROPERTY_RIGHTS[ Properties.GENERIC_PILOT ]:
        permDict[ r ] = True    

    # Job Owner can do everything with his jobs
    result = getUsernameForDN(jobOwnerDN)
    jobOwnerName = ''
    if result['OK']:
      jobOwnerName = result['Value']
    if jobOwnerName and self.userName and jobOwnerName == self.userName:
      for r in OWNER_RIGHTS:
        permDict[r] = True

    # Members of the same group sharing their jobs can do everything
    if jobOwnerGroup == self.userGroup:
      if Properties.JOB_SHARING in self.userProperties:
        for right in GROUP_RIGHTS:
          permDict[right] = True

    return S_OK( permDict )
Beispiel #10
0
  def getPilotMonitorSelectors(self):
    """ Get distinct values for the Pilot Monitor page selectors
    """

    paramNames = ['OwnerDN','OwnerGroup','GridType','Broker',
                  'Status','DestinationSite','GridSite']

    resultDict = {}
    for param in paramNames:
      result = self.getDistinctAttributeValues('PilotAgents',param)
      if result['OK']:
        resultDict[param] = result['Value']
      else:
        resultDict = []

      if param == "OwnerDN":
        userList = []
        for dn in result['Value']:
          resultUser =  getUsernameForDN(dn)
          if resultUser['OK']:
            userList.append(resultUser['Value'])
        resultDict["Owner"] = userList

    return S_OK(resultDict)