def get_access_policy(self) -> AccessPolicy:
"""
Returns or creates the access policy for the system metadata.
:return: The access policy
"""
if not self.access_policy:
self.access_policy = dataoneTypes.accessPolicy()
public_access_rule = dataoneTypes.AccessRule()
public_access_rule.subject.append(d1_const.SUBJECT_PUBLIC)
permission = dataoneTypes.Permission(
dataoneTypes.Permission('read'))
public_access_rule.permission.append(permission)
self.access_policy.append(public_access_rule)
admin_access_rule = dataoneTypes.AccessRule()
admin_access_rule.subject.append(
"CN=knb-data-admins,DC=dataone,DC=org")
admin_access_rule.permission.append(
dataoneTypes.Permission('write'))
admin_access_rule.permission.append(permission)
self.access_policy.append(admin_access_rule)
return self.access_policy
def create_access_policy(self, subjects):
ap = dataoneTypes.AccessPolicy()
ar = dataoneTypes.AccessRule()
ar.subject = subjects
ar.permission = ['changePermission']
ap.allow.append(ar)
return ap
def generate_public_access_policy():
accessPolicy = dataoneTypes.accessPolicy()
accessRule = dataoneTypes.AccessRule()
accessRule.subject.append(d1_common.const.SUBJECT_PUBLIC)
permission = dataoneTypes.Permission('read')
accessRule.permission.append(permission)
accessPolicy.append(accessRule)
return accessPolicy
def _create_access_policy_pyxb_object(self, operation):
acl = operation['parameters']['allow']
if not len(acl):
return None
access_policy = dataoneTypes.accessPolicy()
for s, p in acl:
access_rule = dataoneTypes.AccessRule()
access_rule.subject.append(s)
permission = dataoneTypes.Permission(p)
access_rule.permission.append(permission)
access_policy.append(access_rule)
return access_policy
def generate_public_access_policy():
"""
Creates the access policy for the system metadata.
Note that the permission is set to 'read'.
:return: The access policy
:rtype: d1_common.types.generated.dataoneTypes_v1.AccessPolicy
"""
access_policy = dataoneTypes.accessPolicy()
access_rule = dataoneTypes.AccessRule()
access_rule.subject.append(d1_const.SUBJECT_PUBLIC)
permission = dataoneTypes.Permission('read')
access_rule.permission.append(permission)
access_policy.append(access_rule)
return access_policy
oopts['rightsHolder'] = options.submitter
else:
oopts['rightsHolder'] = options.rightsHolder
oopts['originMemberNode'] = options.originMemberNode
oopts['authoritativeMemberNode'] = options.originMemberNode
defrepl = dataoneTypes.ReplicationPolicy()
if options.numberReplicas == 0:
defrepl.replicationAllowed = False
else:
defrepl.replicationAllowed = True
defrepl.numberReplicas = options.numberReplicas
oopts['replicationPolicy'] = defrepl
defap = dataoneTypes.AccessPolicy()
ar = dataoneTypes.AccessRule()
ar.permission = [
dataoneTypes.Permission.read,
]
ar.subject = [
"public",
]
defap.allow = [
ar,
]
ar = dataoneTypes.AccessRule()
ar.permission = [
dataoneTypes.Permission.write,
]
ar.subject = [
oopts['submitter'],