def unlock(self, data): for coll in data: union = coll['objects'] + [coll] for ooc in union: old_access = {} for acl in ooc['acls'].values(): acc = iRODSAccess(str(acl.get('access_name')), str(acl.get('path')), str(acl.get('user_name')), str(acl.get('user_zone'))) if acc.access_name == 'read object': acc.access_name = 'read' self.session.permissions.set(acc, admin=True) old_access[(acc.user_name, acc.user_zone)] = acc if ooc['type'] == 'collection': iooc = self.session.collections.get(ooc['path']) else: iooc = self.session.data_objects.get(ooc['path']) for acl in self.session.permissions.get(iooc, expand_groups=False): pair = (acl.user_name, acl.user_zone) if pair not in old_access: acc = iRODSAccess('null', str(ooc['path']), pair[0], pair[1]) self.session.permissions.set(acc, admin=True)
def test_raw_acls__207(self): data = helpers.make_object(self.sess,"/".join((self.coll_path,"test_obj"))) eg = eu = fg = fu = None try: eg = self.sess.user_groups.create ('egrp') eu = self.sess.users.create ('edith','rodsuser') eg.addmember(eu.name,eu.zone) fg = self.sess.user_groups.create ('fgrp') fu = self.sess.users.create ('frank','rodsuser') fg.addmember(fu.name,fu.zone) my_ownership = set([('own', self.sess.username, self.sess.zone)]) #--collection-- perms1data = [ iRODSAccess ('write',self.coll_path, eg.name, self.sess.zone), iRODSAccess ('read', self.coll_path, fu.name, self.sess.zone) ] for perm in perms1data: self.sess.permissions.set ( perm ) p1 = self.sess.permissions.get ( self.coll, report_raw_acls = True) self.assertEqual(self.perms_lists_symm_diff( perms1data, p1 ), my_ownership) #--data object-- perms2data = [ iRODSAccess ('write',data.path, fg.name, self.sess.zone), iRODSAccess ('read', data.path, eu.name, self.sess.zone) ] for perm in perms2data: self.sess.permissions.set ( perm ) p2 = self.sess.permissions.get ( data, report_raw_acls = True) self.assertEqual(self.perms_lists_symm_diff( perms2data, p2 ), my_ownership) finally: ids_for_delete = [ u.id for u in (fu,fg,eu,eg) if u is not None ] for u in [ iRODSUser(self.sess.users,row) for row in self.sess.query(User).filter(In(User.id, ids_for_delete)) ]: u.remove()
def test_set_data_acl(self): # test args collection = self.coll_path filename = 'foo' # get current user info user = self.sess.users.get( config.IRODS_USER_USERNAME, config.IRODS_SERVER_ZONE) # make object in test collection path = "{collection}/{filename}".format(**locals()) obj = helpers.make_object(self.sess, path) # get object obj = self.sess.data_objects.get(path) # set permission to write acl1 = iRODSAccess('write', path, user.name, user.zone) self.sess.permissions.set(acl1) # get object's ACLs acl = self.sess.permissions.get(obj)[0] # owner's write access # check values self.assertEqual(acl.access_name, 'modify object') self.assertEqual(acl.user_zone, user.zone) self.assertEqual(acl.user_name, user.name) # reset permission to own acl1 = iRODSAccess('own', path, user.name, user.zone) self.sess.permissions.set(acl1) # remove object self.sess.data_objects.unlink(path)
def test_set_data_acl(self): # test args collection = self.coll_path filename = 'foo' # get current user info user = self.sess.users.get(self.sess.username, self.sess.zone) # make object in test collection path = "{collection}/{filename}".format(**locals()) obj = helpers.make_object(self.sess, path) # get object obj = self.sess.data_objects.get(path) # set permission to write acl1 = iRODSAccess('write', path, user.name, user.zone) self.sess.permissions.set(acl1) # get object's ACLs acl = self.sess.permissions.get(obj)[0] # owner's write access # check values self.assertEqual(acl.access_name, 'modify object') self.assertEqual(acl.user_zone, user.zone) self.assertEqual(acl.user_name, user.name) # reset permission to own acl1 = iRODSAccess('own', path, user.name, user.zone) self.sess.permissions.set(acl1) # remove object self.sess.data_objects.unlink(path)
def write_collection(session, data): collname = '/tempZone/public/{0}'.format(data['collection']) print("create {0}".format(collname)) # options = {kw.COLL_OWNER_NAME_KW: data['metadata']['OWNER']} options = {} coll = session.collections.create(collname, **options) session.permissions.set( iRODSAccess('own', coll.path, data['metadata']['OWNER'], 'tempZone')) for k, v in data['metadata'].items(): coll.metadata.add(k, str(v)) for k, obj in data['objects'].items(): objpath = os.path.join(collname, k) print("put {0} -> {1}".format(obj['file'], objpath)) options = {kw.DATA_OWNER_KW: data['metadata']['OWNER']} session.data_objects.put(obj['file'], objpath, **options) irods_obj = session.data_objects.get(objpath) for k, v in obj['metadata'].items(): v = str(v) v = v[:2048] print("meta data {0} '{1}' '{2}'".format(objpath, k, v)) irods_obj.metadata.add(k, v) session.permissions.set( iRODSAccess('own', objpath, data['metadata']['OWNER'], 'tempZone')) session.permissions.set( iRODSAccess('null', objpath, 'rods', 'tempZone')) session.permissions.set(iRODSAccess('null', coll.path, 'rods', 'tempZone'))
def close(self, owners=set()): ''' Set permission to read only for group 'public'. Get list of users who created the data. The original creator of the data can be retrieved with obj.owner_name. Script should be executed by a service account for data publishing (role data steward). owners - set of all additinatiol users who have write access to the collection and data objects. ''' # close each data object for obj in self.coll.data_objects: acl = iRODSAccess('read', obj.path, 'public', self.session.zone) self.session.permissions.set(acl) acl = iRODSAccess('read', obj.path, obj.owner_name, self.session.zone) self.session.permissions.set(acl) for owner in owners: acl = iRODSAccess('read', obj.path, owner, self.session.zone) self.session.permissions.set(acl) owners.add(obj.owner_name) # close collection acl = iRODSAccess('read', self.coll.path, 'public', self.session.zone) self.session.permissions.set(acl) for owner in owners: acl = iRODSAccess('read', self.coll.path, owner, self.session.zone) self.session.permissions.set(acl) return owners
def lock(self): """ Change the ownership to current user. Set readonly ownership to original user. Return json document. """ ret = self.data coll = self.session.collections.get(self.collection_path) perm = self.session.permissions for collection, subcollections, objects in coll.walk(topdown=True): union = objects + [collection] for ooc in union: for acl in perm.get(ooc, expand_groups=False): cacl = copy.copy(acl) if cacl.access_name == 'read object': cacl.access_name = 'read' p = (cacl.user_name, cacl.user_zone) if p not in self.target_users: acc = iRODSAccess('read', acl.path, acl.user_name, acl.user_zone) perm.set(acc, admin=True) for p in self.target_users.keys(): perm.set(iRODSAccess('own', ooc.path, p[0], p[1]), admin=True) return ret
def test_set_inherit_and_test_sub_objects (self): DEPTH = 3 OBJ_PER_LVL = 1 deepcoll = user = None test_coll_path = self.coll_path + "/test" try: deepcoll = helpers.make_deep_collection(self.sess, test_coll_path, object_content = 'arbitrary', depth=DEPTH, objects_per_level=OBJ_PER_LVL) user = self.sess.users.create('bob','rodsuser') user.modify ('password','bpass') acl_inherit = iRODSAccess('inherit', deepcoll.path) acl_read = iRODSAccess('read', deepcoll.path, 'bob') self.sess.permissions.set(acl_read) self.sess.permissions.set(acl_inherit) # create one new object and one new collection *after* ACL's are applied new_object_path = test_coll_path + "/my_data_obj" with self.sess.data_objects.open( new_object_path ,'w') as f: f.write(b'some_content') new_collection_path = test_coll_path + "/my_colln_obj" new_collection = self.sess.collections.create( new_collection_path ) coll_IDs = [c[Collection.id] for c in self.sess.query(Collection.id).filter(Like(Collection.name , deepcoll.path + "%"))] D_rods = list(self.sess.query(Collection.name,DataObject.name).filter( In(DataObject.collection_id, coll_IDs ))) self.assertEqual (len(D_rods), OBJ_PER_LVL*DEPTH+1) # counts the 'older' objects plus one new object with iRODSSession (port=self.sess.port, zone=self.sess.zone, host=self.sess.host, user='******', password='******') as bob: D = list(bob.query(Collection.name,DataObject.name).filter( In(DataObject.collection_id, coll_IDs ))) # - bob should only see the new data object, but none existing before ACLs were applied self.assertEqual( len(D), 1 ) D_names = [_[Collection.name] + "/" + _[DataObject.name] for _ in D] self.assertEqual( D[0][DataObject.name], 'my_data_obj' ) # - bob should be able to read the new data object with bob.data_objects.get(D_names[0]).open('r') as f: self.assertGreater( len(f.read()), 0) C = list(bob.query(Collection).filter( In(Collection.id, coll_IDs ))) self.assertEqual( len(C), 2 ) # query should return only the top-level and newly created collections self.assertEqual( sorted([c[Collection.name] for c in C]), sorted([new_collection.path, deepcoll.path]) ) finally: if user: user.remove() if deepcoll: deepcoll.remove(force = True, recurse = True)
def test_set_inherit_acl(self): acl1 = iRODSAccess('inherit', self.coll_path) self.sess.permissions.set(acl1) c = self.sess.collections.get(self.coll_path) self.assertTrue(c.inheritance) acl2 = iRODSAccess('noinherit', self.coll_path) self.sess.permissions.set(acl2) c = self.sess.collections.get(self.coll_path) self.assertFalse(c.inheritance)
def open(self, owners): ''' Open collection for writing to certain iRODS users (owners). ''' for owner in owners: acl = iRODSAccess('write', self.coll.path, owner, self.session.zone) self.session.permissions.set(acl) for obj in self.coll.data_objects: acl = iRODSAccess('write', obj.path, owner, self.session.zone) self.session.permissions.set(acl) return ['COLLECTION WRITE ACCESS: ' + str(owners)]
def create_collection(self, path: str, owner: typing.Optional[str] = None, recursive: bool = True) -> None: """Create a collection.""" self._collections.append(path) self.session.collections.create(path) if owner: own_acl = iRODSAccess("own", path, user_name=owner or "") self.session.permissions.set(own_acl, recursive=recursive) inherit_acl = iRODSAccess("inherit", path, user_name=owner or "") self.session.permissions.set(inherit_acl, recursive=recursive)
def set_permissions(self, path, permission=None, userOrGroup=None, zone=None, recursive=False): if zone is None: zone = self.get_current_zone() # If not specified, remove permission if permission is None: permission = 'null' try: ACL = iRODSAccess(access_name=permission, path=path, user_name=userOrGroup, user_zone=zone) self.prc.permissions.set(ACL, recursive=recursive) log.debug("Grant {}={} to {}", userOrGroup, permission, path) return True except iexceptions.CAT_INVALID_USER: raise IrodsException("Cannot set ACL: user or group not found") except iexceptions.CAT_INVALID_ARGUMENT: if not self.is_collection(path) and not self.is_dataobject(path): raise IrodsException("Cannot set ACL: path not found") else: raise IrodsException("Cannot set ACL") return False
def createReport(self, content, owners=[]): ''' Creates a report file for the users in /zone/home/public. Naming convention: user1-user2-..._collection.status content - list of strings owners - iterable ''' message = '\n'.join([str(i) for i in content]) users = '-'.join(owners) iPath = '/%s/home/public/%s_%s.status_%s' % ( self.ipc.session.zone, users, self.ipc.coll.name, datetime.datetime.now().strftime('%d-%m-%y_%H:%M')) self.logger.info('Create report %s', iPath) self.logger.debug('message:') for line in content: self.logger.debug(' ' + str(line)) try: obj = self.ipc.session.data_objects.create(iPath) except Exception: obj = self.ipc.session.data_objects.get(iPath) with obj.open('w') as obj_desc: obj_desc.write(message) for user in owners: acl = iRODSAccess('write', iPath, user, self.ipc.session.zone) self.logger.debug('setting write permissions for user %s' % user) self.ipc.session.permissions.set(acl) return iPath
def setUp(self): admin = self.admin = helpers.make_session() user = self.user = admin.users.create('anonymous', 'rodsuser', admin.zone) self.home = '/{admin.zone}/home/{user.name}'.format(**locals()) admin.collections.create(self.home) acl = iRODSAccess('own', self.home, user.name) admin.permissions.set(acl) self.env_file = os.path.expanduser( '~/.irods.anon/irods_environment.json') self.env_dir = (os.path.dirname(self.env_file)) self.auth_file = os.path.expanduser('~/.irods.anon/.irodsA') os.mkdir(os.path.dirname(self.env_file)) json.dump( { "irods_host": admin.host, "irods_port": admin.port, "irods_user_name": user.name, "irods_zone_name": admin.zone }, open(self.env_file, 'w'), indent=4)
def get(self, target): # different query whether target is an object or a collection if type(target) == iRODSDataObject: access_type = DataAccess user_type = User conditions = [ Collection.name == dirname(target.path), DataObject.name == basename(target.path) ] elif type(target) == iRODSCollection: access_type = CollectionAccess user_type = CollectionUser conditions = [Collection.name == target.path] else: raise TypeError results = self.sess.query(user_type.name, user_type.zone, access_type.name)\ .filter(*conditions).all() return [ iRODSAccess(access_name=row[access_type.name], user_name=row[user_type.name], path=target.path, user_zone=row[user_type.zone]) for row in results ]
def get(self, target, *args, expand_groups=True, **kwargs): if expand_groups: for i in self.orig_permissions.get(target, *args, **kwargs): yield i raise StopIteration() else: if type(target) == iRODSDataObject: access_type = DataAccess conditions = [ Collection.name == dirname(target.path), DataObject.name == basename(target.path) ] elif type(target) == iRODSCollection: access_type = CollectionAccess conditions = [Collection.name == target.path] else: raise TypeError results = self.session.query(access_type.user_id, access_type.name)\ .filter(*conditions)\ .all() for row in results: user, zone = self._get_user_by_id(row[access_type.user_id]) access = iRODSAccess(access_name=row[access_type.name], user_name=user, path=target.path, user_zone=zone) yield access raise StopIteration()
def get(self, target, report_raw_acls=False, **kw): if report_raw_acls: return self.__get_raw( target, **kw) # prefer a behavior consistent with 'ils -A` # different query whether target is an object or a collection if type(target) == iRODSDataObject: access_type = DataAccess user_type = User conditions = [ Collection.name == dirname(target.path), DataObject.name == basename(target.path) ] elif type(target) == iRODSCollection: access_type = CollectionAccess user_type = CollectionUser conditions = [Collection.name == target.path] else: raise TypeError results = self.sess.query(user_type.name, user_type.zone, access_type.name)\ .filter(*conditions).all() return [ iRODSAccess(access_name=row[access_type.name], user_name=row[user_type.name], path=target.path, user_zone=row[user_type.zone]) for row in results ]
def test_set_inherit_acl_depth_test(self): DEPTH = 3 # But test is valid for any DEPTH > 1 for recursionTruth in (True, False): deepcoll = None try: test_coll_path = self.coll_path + "/test" deepcoll = helpers.make_deep_collection(self.sess, test_coll_path, depth=DEPTH, objects_per_level=2) acl1 = iRODSAccess('inherit', deepcoll.path) self.sess.permissions.set(acl1, recursive=recursionTruth) test_subcolls = set( iRODSCollection(self.sess.collections, _) for _ in self.sess.query(Collection).filter( Like(Collection.name, deepcoll.path + "/%"))) # assert top level collection affected test_coll = self.sess.collections.get(test_coll_path) self.assertTrue(test_coll.inheritance) # # assert lower level collections affected only for case when recursive = True subcoll_truths = [(_.inheritance == recursionTruth) for _ in test_subcolls] self.assertEqual(len(subcoll_truths), DEPTH - 1) self.assertTrue(all(subcoll_truths)) finally: if deepcoll: deepcoll.remove(force=True, recurse=True)
def get(self, target): # different query whether target is an object or a collection if type(target) == iRODSDataObject: access_type = DataAccess user_type = User conditions = [ Collection.name == dirname(target.path), DataObject.name == basename(target.path) ] elif type(target) == iRODSCollection: access_type = CollectionAccess user_type = CollectionUser conditions = [ Collection.name == target.path ] else: raise TypeError results = self.sess.query(user_type.name, user_type.zone, access_type.name)\ .filter(*conditions).all() return [iRODSAccess( access_name=row[access_type.name], user_name=row[user_type.name], path=target.path, user_zone=row[user_type.zone] ) for row in results]
def remove_ownership(self): coll = self.session.collections.get(self.collection_path) for collection, subcollections, objects in coll.walk(topdown=True): union = objects + [collection] for ooc in union: for acl in self.session.permissions.get(ooc, expand_groups=False): for pair in self.target_users.keys(): acc = iRODSAccess('null', ooc.path, pair[0], pair[1]) self.session.permissions.set(acc, admin=True)
def post(self, *args, **kwargs): email = self.request.POST.get("irods_email") zone = settings.IRODS_ZONE collection = settings.IRODS_COLLECTION.split(',') context = {'existing_user': '******'} password = str(uuid.uuid4())[:5] creds = { 'user': os.environ.get('RODS_USERNAME'), 'password': os.environ.get('RODS_PASSWORD'), 'zone': zone } with iRODSSession(**creds, host=os.environ.get('BRAINI_RODS'), port=os.environ.get('BRAINI_PORT', "1247")) as session: try: user = session.users.get(email) except UserDoesNotExist: context['existing_user'] = '******' user = session.users.create(email, 'rodsuser') with iRODSSession(host=os.environ.get('NRC_MICROSCOPY_IRODS'), port=os.environ.get('NRC_PORT', "1247"), **creds) as user_session: user_session.users.modify(user.name, 'password', password) user_session.cleanup() message = EmailMessage( 'Password Identity', f'Hi {email},\nThis is your existing password {password} for iRODS login \nThank You', to=[f'{email}']) message.send() session.users.modify(user.name, 'info', user.name) for coll in collection: coll_obj = session.collections.get(coll) access = iRODSAccess('read', coll_obj.path, email, zone) session.permissions.set(access, admin=True, recursive=True) for i in coll_obj.data_objects: access = iRODSAccess('read', i.path, email, zone) session.permissions.set(access, admin=True) return super(generic.TemplateView, self).render(request, context)
def test_set_collection_acl(self): # use test coll coll = self.coll # get current user info user = self.sess.users.get(self.sess.username, self.sess.zone) # set permission to write acl1 = iRODSAccess('write', coll.path, user.name, user.zone) self.sess.permissions.set(acl1) # get collection's ACLs acl = self.sess.permissions.get(coll)[0] # owner's write access # check values self.assertEqual(acl.access_name, 'modify object') self.assertEqual(acl.user_zone, user.zone) self.assertEqual(acl.user_name, user.name) # reset permission to own acl1 = iRODSAccess('own', coll.path, user.name, user.zone) self.sess.permissions.set(acl1)
def _lock_pass1(self, union): user = self.ipc.user new_acls = [] for ooc in union: if not self.check_ownership(user, ooc): raise NoOwnership("current user (%s) is not owner of %s" % (user.name, ooc.path)) self.logger.debug('backing up ACLs for %s' % ooc.path) new_acls.append(iRODSAccess('read', ooc.path, 'public', user.zone)) for acl in self.ipc.session.permissions.get(ooc): # fix: inconsitent name cacl = copy.copy(acl) if cacl.access_name == 'read object': cacl.access_name = 'read' self.logger.debug('backup: %s', vars(cacl)) self.original_acl[(ooc.path, acl.user_name)] = cacl if cacl.user_name != user.name or \ cacl.user_zone != user.zone: new_acls.append( iRODSAccess('read', acl.path, acl.user_name, acl.user_zone)) return new_acls
def unlock(self): user = self.ipc.user self.logger.info('unlock collection %s', self.ipc.uri) for (path, u), acl in self.original_acl.items(): if acl.user_name != user.name or acl.user_zone != user.zone: self.logger.debug('set ACL: %s', vars(acl)) self.ipc.session.permissions.set(acl) union = [self.ipc.coll] + self.ipc.coll.data_objects for ooc in union: for acl in self.ipc.session.permissions.get(ooc): if (acl.path, acl.user_name) not in self.original_acl: racl = iRODSAccess('null', acl.path, acl.user_name, acl.user_zone) self.logger.debug('set ACL: %s', vars(racl)) self.ipc.session.permissions.set(racl)
def get(self, path): conditions = [ Collection.name == dirname(path), DataObject.name == basename(path) ] results = self.sess.query(User.name, User.id, DataObject.id, DataAccess.name)\ .filter(*conditions).all() return [iRODSAccess( access_name = row[DataAccess.name], user_id = row[User.id], data_id = row[DataObject.id], user_name = row[User.name] ) for row in results]
def __get_raw(self, target, **kw): ### sample usage: ### # # user_id_list = [] # simply to store the user id's from the discovered ACL's # session.permissions.get( data_or_coll_target, report_raw_acls = True, # acl_users = user_id_list, # acl_users_transform = lambda u: u.id) # # -> returns list of iRODSAccess objects mapping one-to-one with ACL's stored in the catalog users_out = kw.pop('acl_users', None) T = kw.pop('acl_users_transform', lambda value: value) # different choice of query based on whether target is an object or a collection if isinstance(target, iRODSDataObject): access_column = DataAccess query_func = self.data_access_query elif isinstance(target, iRODSCollection): access_column = CollectionAccess query_func = self.coll_access_query else: raise TypeError rows = [r for r in query_func(target.path)] userids = set(r[access_column.user_id] for r in rows) user_lookup = {j.id: j for j in users_by_ids(self.sess, userids)} if isinstance(users_out, dict): users_out.update(user_lookup) elif isinstance(users_out, list): users_out += [T(v) for v in user_lookup.values()] elif isinstance(users_out, set): users_out |= set(T(v) for v in user_lookup.values()) elif users_out is None: pass else: raise TypeError acls = [ iRODSAccess(r[access_column.name], target.path, user_lookup[r[access_column.user_id]].name, user_lookup[r[access_column.user_id]].zone) for r in rows ] return acls
def __init__(self, ipc, original_acl=None, do_unlock=False, do_lock=True): self.logger = logging.getLogger('ipublish') self.logger.debug('collection lock') self.logger.debug('do_unlock: %s, do_lock %s', do_unlock, do_lock) self.ipc = ipc if original_acl is None: self.original_acl = {} else: acls = [ iRODSAccess(str(acl.get('access_name')), str(acl.get('path')), str(acl.get('user_name')), str(acl.get('user_zone'))) for acl in original_acl ] self.original_acl = {(acl.path, acl.user_name): acl for acl in acls} self.do_unlock = do_unlock self.do_lock = do_lock
def enable_inheritance(self, path, zone=None): if zone is None: zone = self.get_current_zone() key = 'inherit' ACL = iRODSAccess(access_name=key, path=path, user_zone=zone) try: self.prc.permissions.set(ACL) # , recursive=False) log.verbose("Enabled {} to {}", key, path) except iexceptions.CAT_INVALID_ARGUMENT: if not self.is_collection(path) and not self.is_dataobject(path): raise IrodsException("Cannot set Inherit: path not found") else: raise IrodsException("Cannot set Inherit") return False else: return True
def set_inheritance(self, path, inheritance=True, recursive=False): try: if inheritance: permission = "inherit" else: permission = "noinherit" ACL = iRODSAccess(access_name=permission, path=path, user_name='', user_zone='') self.prc.permissions.set(ACL, recursive=recursive) log.debug("Set inheritance {} to {}", inheritance, path) return True except iexceptions.CAT_NO_ACCESS_PERMISSION: if self.is_dataobject(path): raise IrodsException("Cannot set inheritance to a data object") else: raise IrodsException( "Cannot set inheritance: collection not found") return False
def createReport(self, content, owners=[]): ''' Creates a report file for the users in /zone/home/public. Naming convention: user1-user2-..._collection.status content - list of strings owners - iterable ''' message = '\n'.join([str(i) for i in content]) users = '-'.join(owners) iPath = '/' + self.ipc.session.zone + '/home/public/' + users + '_' + self.ipc.coll.name + '.status_' + datetime.datetime.now( ).strftime('%d-%m-%y_%H:%M') try: obj = self.ipc.session.data_objects.create(iPath) except Exception: obj = self.ipc.session.data_objects.get(iPath) with obj.open('w') as obj_desc: obj_desc.write(message) for user in owners: acl = iRODSAccess('write', iPath, user, self.ipc.session.zone) self.ipc.session.permissions.set(acl) return iPath
def test_create_other_zone_user_227_228(self): usercolls = [] session = self.sess A_ZONE_NAME = 'otherZone' A_ZONE_USER = '******' try: zoneB = session.zones.create(A_ZONE_NAME,'remote') zBuser = session.users.create(A_ZONE_USER,'rodsuser', A_ZONE_NAME, '') usercolls = [ iRODSCollection(session.collections, result) for result in session.query(Collection).filter(Collection.owner_name == zBuser.name and Collection.owner_zone == zBuser.zone) ] self.assertEqual ([(u[User.name],u[User.zone]) for u in session.query(User).filter(User.zone == A_ZONE_NAME)], [(A_ZONE_USER,A_ZONE_NAME)]) zBuser.remove() zoneB.remove() finally: for p in usercolls: try: session.collections.get( p.path ) except CollectionDoesNotExist: continue perm = iRODSAccess( 'own', p.path, session.username, session.zone) session.permissions.set( perm, admin=True) p.remove(force=True)
csvName = 'features_' + filebase + '.csv' with open(resultsDir + '/' + csvName, 'w') as csvfile: writer = csv.writer(csvfile, delimiter=',') writer.writerows(bestFeatures) # Upload to iRODS print('Write feature csv to iRODS: ' + coll.path + '/' + csvName) session.data_objects.put(resultsDir + '/' + csvName, coll.path + '/' + csvName) obj = session.data_objects.get(coll.path + '/' + csvName) obj.metadata.add('REFDATA', 'http://dx.doi.org/10.6084/m9.figshare.3119248.v1') obj.metadata.add('DATATYPE', 'ACES results') obj.metadata.add('ALGORITHM', filebase) #Share results with user acl = iRODSAccess('read', coll.path, share, session.zone) print('Share data: ' + acl.access_name + ' ' + acl.user_name + ' ' + acl.path) try: session.permissions.set(acl) except: print("User or group unknown: " + share) for srcColl, colls, objs in coll.walk(): for obj in objs: try: acl = iRODSAccess('read', obj.path, share, session.zone) session.permissions.set(acl) except: print("User or group unknown: " + share)