def getUserRightsForJob(self, jobID): """ Get access rights to job with jobID for the user specified by userDN/userGroup """ result = self.jobDB.getJobAttributes(jobID, ['OwnerDN', 'OwnerGroup']) if not result['OK']: return result elif result['Value']: owner = result['Value']['OwnerDN'] group = result['Value']['OwnerGroup'] result = getUsernameForDN(owner) ownerName = '' if result['OK']: ownerName = result['Value'] result = self.getJobPolicy(owner, group) if self.userName and self.userName == ownerName and self.userGroup == group: result['UserIsOwner'] = True else: result['UserIsOwner'] = False return result else: return S_ERROR('Job not found')
def getPilotMonitorSelectors(self): """ Get distinct values for the Pilot Monitor page selectors """ paramNames = [ 'OwnerDN', 'OwnerGroup', 'GridType', 'Broker', 'Status', 'DestinationSite', 'GridSite' ] resultDict = {} for param in paramNames: result = self.getDistinctAttributeValues('PilotAgents', param) if result['OK']: resultDict[param] = result['Value'] else: resultDict = [] if param == "OwnerDN": userList = [] for dn in result['Value']: resultUser = getUsernameForDN(dn) if resultUser['OK']: userList.append(resultUser['Value']) resultDict["Owner"] = userList return S_OK(resultDict)
def getUserRightsForJob( self, jobID ): """ Get access rights to job with jobID for the user specified by userDN/userGroup """ result = self.jobDB.getJobAttributes( jobID, [ 'OwnerDN', 'OwnerGroup' ] ) if not result['OK']: return result elif result['Value']: owner = result['Value']['OwnerDN'] group = result['Value']['OwnerGroup'] result = getUsernameForDN(owner) ownerName = '' if result['OK']: ownerName = result['Value'] result = self.getJobPolicy( owner, group ) if self.userName and self.userName == ownerName and self.userGroup == group: result[ 'UserIsOwner' ] = True else: result[ 'UserIsOwner' ] = False return result else: return S_ERROR('Job not found')
def __init__(self, userDN, userGroup, userProperties): self.userDN = userDN self.userName = '' result = getUsernameForDN(userDN) if result['OK']: self.userName = result['Value'] self.userGroup = userGroup self.userProperties = userProperties self.jobDB = None
def __init__( self, userDN, userGroup, userProperties ): self.userDN = userDN self.userName = '' result = getUsernameForDN(userDN) if result['OK']: self.userName = result['Value'] self.userGroup = userGroup self.userProperties = userProperties self.jobDB = None
def export_banSite(self, site,comment='No comment'): """ Ban the given site in the site mask """ result = self.getRemoteCredentials() dn = result['DN'] result = getUsernameForDN(dn) if result['OK']: author = result['Value'] else: author = dn result = jobDB.banSiteInMask(site,author,comment) return result
def export_banSite(self, site, comment='No comment'): """ Ban the given site in the site mask """ result = self.getRemoteCredentials() dn = result['DN'] result = getUsernameForDN(dn) if result['OK']: author = result['Value'] else: author = dn result = jobDB.banSiteInMask(site, author, comment) return result
def getJobPolicy(self, jobOwnerDN='', jobOwnerGroup=''): """ Get the job operations rights for a job owned by jobOwnerDN/jobOwnerGroup for a user with userDN/userGroup. Returns a dictionary of various operations rights """ # Can not do anything by default permDict = {} for r in ALL_RIGHTS: permDict[r] = False # Anybody can get info about the jobs permDict[RIGHT_GET_INFO] = True # Give JobAdmin permission if needed if Properties.JOB_ADMINISTRATOR in self.userProperties: for r in PROPERTY_RIGHTS[Properties.JOB_ADMINISTRATOR]: permDict[r] = True # Give JobAdmin permission if needed if Properties.NORMAL_USER in self.userProperties: for r in PROPERTY_RIGHTS[Properties.NORMAL_USER]: permDict[r] = True # Give permissions of the generic pilot if Properties.GENERIC_PILOT in self.userProperties: for r in PROPERTY_RIGHTS[Properties.GENERIC_PILOT]: permDict[r] = True # Job Owner can do everything with his jobs result = getUsernameForDN(jobOwnerDN) jobOwnerName = '' if result['OK']: jobOwnerName = result['Value'] if jobOwnerName and self.userName and jobOwnerName == self.userName: for r in OWNER_RIGHTS: permDict[r] = True # Members of the same group sharing their jobs can do everything if jobOwnerGroup == self.userGroup: if Properties.JOB_SHARING in self.userProperties: for right in GROUP_RIGHTS: permDict[right] = True return S_OK(permDict)
def getJobPolicy( self, jobOwnerDN = '', jobOwnerGroup = '' ): """ Get the job operations rights for a job owned by jobOwnerDN/jobOwnerGroup for a user with userDN/userGroup. Returns a dictionary of various operations rights """ # Can not do anything by default permDict = {} for r in ALL_RIGHTS: permDict[r] = False # Anybody can get info about the jobs permDict[ RIGHT_GET_INFO ] = True # Give JobAdmin permission if needed if Properties.JOB_ADMINISTRATOR in self.userProperties: for r in PROPERTY_RIGHTS[ Properties.JOB_ADMINISTRATOR ]: permDict[ r ] = True # Give JobAdmin permission if needed if Properties.NORMAL_USER in self.userProperties: for r in PROPERTY_RIGHTS[ Properties.NORMAL_USER ]: permDict[ r ] = True # Give permissions of the generic pilot if Properties.GENERIC_PILOT in self.userProperties: for r in PROPERTY_RIGHTS[ Properties.GENERIC_PILOT ]: permDict[ r ] = True # Job Owner can do everything with his jobs result = getUsernameForDN(jobOwnerDN) jobOwnerName = '' if result['OK']: jobOwnerName = result['Value'] if jobOwnerName and self.userName and jobOwnerName == self.userName: for r in OWNER_RIGHTS: permDict[r] = True # Members of the same group sharing their jobs can do everything if jobOwnerGroup == self.userGroup: if Properties.JOB_SHARING in self.userProperties: for right in GROUP_RIGHTS: permDict[right] = True return S_OK( permDict )
def getPilotMonitorSelectors(self): """ Get distinct values for the Pilot Monitor page selectors """ paramNames = ['OwnerDN','OwnerGroup','GridType','Broker', 'Status','DestinationSite','GridSite'] resultDict = {} for param in paramNames: result = self.getDistinctAttributeValues('PilotAgents',param) if result['OK']: resultDict[param] = result['Value'] else: resultDict = [] if param == "OwnerDN": userList = [] for dn in result['Value']: resultUser = getUsernameForDN(dn) if resultUser['OK']: userList.append(resultUser['Value']) resultDict["Owner"] = userList return S_OK(resultDict)