def getUserRightsForJob(self, jobID):
""" Get access rights to job with jobID for the user specified by
userDN/userGroup
"""
result = self.jobDB.getJobAttributes(jobID, ['OwnerDN', 'OwnerGroup'])
if not result['OK']:
return result
elif result['Value']:
owner = result['Value']['OwnerDN']
group = result['Value']['OwnerGroup']
result = getUsernameForDN(owner)
ownerName = ''
if result['OK']:
ownerName = result['Value']
result = self.getJobPolicy(owner, group)
if self.userName and self.userName == ownerName and self.userGroup == group:
result['UserIsOwner'] = True
else:
result['UserIsOwner'] = False
return result
else:
return S_ERROR('Job not found')
def getPilotMonitorSelectors(self):
""" Get distinct values for the Pilot Monitor page selectors
"""
paramNames = [
'OwnerDN', 'OwnerGroup', 'GridType', 'Broker', 'Status',
'DestinationSite', 'GridSite'
]
resultDict = {}
for param in paramNames:
result = self.getDistinctAttributeValues('PilotAgents', param)
if result['OK']:
resultDict[param] = result['Value']
else:
resultDict = []
if param == "OwnerDN":
userList = []
for dn in result['Value']:
resultUser = getUsernameForDN(dn)
if resultUser['OK']:
userList.append(resultUser['Value'])
resultDict["Owner"] = userList
return S_OK(resultDict)
def getUserRightsForJob( self, jobID ):
""" Get access rights to job with jobID for the user specified by
userDN/userGroup
"""
result = self.jobDB.getJobAttributes( jobID, [ 'OwnerDN', 'OwnerGroup' ] )
if not result['OK']:
return result
elif result['Value']:
owner = result['Value']['OwnerDN']
group = result['Value']['OwnerGroup']
result = getUsernameForDN(owner)
ownerName = ''
if result['OK']:
ownerName = result['Value']
result = self.getJobPolicy( owner, group )
if self.userName and self.userName == ownerName and self.userGroup == group:
result[ 'UserIsOwner' ] = True
else:
result[ 'UserIsOwner' ] = False
return result
else:
return S_ERROR('Job not found')
def __init__(self, userDN, userGroup, userProperties):
self.userDN = userDN
self.userName = ''
result = getUsernameForDN(userDN)
if result['OK']:
self.userName = result['Value']
self.userGroup = userGroup
self.userProperties = userProperties
self.jobDB = None
def __init__( self, userDN, userGroup, userProperties ):
self.userDN = userDN
self.userName = ''
result = getUsernameForDN(userDN)
if result['OK']:
self.userName = result['Value']
self.userGroup = userGroup
self.userProperties = userProperties
self.jobDB = None
def export_banSite(self, site,comment='No comment'):
""" Ban the given site in the site mask
"""
result = self.getRemoteCredentials()
dn = result['DN']
result = getUsernameForDN(dn)
if result['OK']:
author = result['Value']
else:
author = dn
result = jobDB.banSiteInMask(site,author,comment)
return result
def export_banSite(self, site, comment='No comment'):
""" Ban the given site in the site mask
"""
result = self.getRemoteCredentials()
dn = result['DN']
result = getUsernameForDN(dn)
if result['OK']:
author = result['Value']
else:
author = dn
result = jobDB.banSiteInMask(site, author, comment)
return result
def getJobPolicy(self, jobOwnerDN='', jobOwnerGroup=''):
""" Get the job operations rights for a job owned by jobOwnerDN/jobOwnerGroup
for a user with userDN/userGroup.
Returns a dictionary of various operations rights
"""
# Can not do anything by default
permDict = {}
for r in ALL_RIGHTS:
permDict[r] = False
# Anybody can get info about the jobs
permDict[RIGHT_GET_INFO] = True
# Give JobAdmin permission if needed
if Properties.JOB_ADMINISTRATOR in self.userProperties:
for r in PROPERTY_RIGHTS[Properties.JOB_ADMINISTRATOR]:
permDict[r] = True
# Give JobAdmin permission if needed
if Properties.NORMAL_USER in self.userProperties:
for r in PROPERTY_RIGHTS[Properties.NORMAL_USER]:
permDict[r] = True
# Give permissions of the generic pilot
if Properties.GENERIC_PILOT in self.userProperties:
for r in PROPERTY_RIGHTS[Properties.GENERIC_PILOT]:
permDict[r] = True
# Job Owner can do everything with his jobs
result = getUsernameForDN(jobOwnerDN)
jobOwnerName = ''
if result['OK']:
jobOwnerName = result['Value']
if jobOwnerName and self.userName and jobOwnerName == self.userName:
for r in OWNER_RIGHTS:
permDict[r] = True
# Members of the same group sharing their jobs can do everything
if jobOwnerGroup == self.userGroup:
if Properties.JOB_SHARING in self.userProperties:
for right in GROUP_RIGHTS:
permDict[right] = True
return S_OK(permDict)
def getJobPolicy( self, jobOwnerDN = '', jobOwnerGroup = '' ):
""" Get the job operations rights for a job owned by jobOwnerDN/jobOwnerGroup
for a user with userDN/userGroup.
Returns a dictionary of various operations rights
"""
# Can not do anything by default
permDict = {}
for r in ALL_RIGHTS:
permDict[r] = False
# Anybody can get info about the jobs
permDict[ RIGHT_GET_INFO ] = True
# Give JobAdmin permission if needed
if Properties.JOB_ADMINISTRATOR in self.userProperties:
for r in PROPERTY_RIGHTS[ Properties.JOB_ADMINISTRATOR ]:
permDict[ r ] = True
# Give JobAdmin permission if needed
if Properties.NORMAL_USER in self.userProperties:
for r in PROPERTY_RIGHTS[ Properties.NORMAL_USER ]:
permDict[ r ] = True
# Give permissions of the generic pilot
if Properties.GENERIC_PILOT in self.userProperties:
for r in PROPERTY_RIGHTS[ Properties.GENERIC_PILOT ]:
permDict[ r ] = True
# Job Owner can do everything with his jobs
result = getUsernameForDN(jobOwnerDN)
jobOwnerName = ''
if result['OK']:
jobOwnerName = result['Value']
if jobOwnerName and self.userName and jobOwnerName == self.userName:
for r in OWNER_RIGHTS:
permDict[r] = True
# Members of the same group sharing their jobs can do everything
if jobOwnerGroup == self.userGroup:
if Properties.JOB_SHARING in self.userProperties:
for right in GROUP_RIGHTS:
permDict[right] = True
return S_OK( permDict )
def getPilotMonitorSelectors(self):
""" Get distinct values for the Pilot Monitor page selectors
"""
paramNames = ['OwnerDN','OwnerGroup','GridType','Broker',
'Status','DestinationSite','GridSite']
resultDict = {}
for param in paramNames:
result = self.getDistinctAttributeValues('PilotAgents',param)
if result['OK']:
resultDict[param] = result['Value']
else:
resultDict = []
if param == "OwnerDN":
userList = []
for dn in result['Value']:
resultUser = getUsernameForDN(dn)
if resultUser['OK']:
userList.append(resultUser['Value'])
resultDict["Owner"] = userList
return S_OK(resultDict)
