def unlock(self, data):
for coll in data:
union = coll['objects'] + [coll]
for ooc in union:
old_access = {}
for acl in ooc['acls'].values():
acc = iRODSAccess(str(acl.get('access_name')),
str(acl.get('path')),
str(acl.get('user_name')),
str(acl.get('user_zone')))
if acc.access_name == 'read object':
acc.access_name = 'read'
self.session.permissions.set(acc, admin=True)
old_access[(acc.user_name, acc.user_zone)] = acc
if ooc['type'] == 'collection':
iooc = self.session.collections.get(ooc['path'])
else:
iooc = self.session.data_objects.get(ooc['path'])
for acl in self.session.permissions.get(iooc,
expand_groups=False):
pair = (acl.user_name, acl.user_zone)
if pair not in old_access:
acc = iRODSAccess('null', str(ooc['path']), pair[0],
pair[1])
self.session.permissions.set(acc, admin=True)
def test_raw_acls__207(self):
data = helpers.make_object(self.sess,"/".join((self.coll_path,"test_obj")))
eg = eu = fg = fu = None
try:
eg = self.sess.user_groups.create ('egrp')
eu = self.sess.users.create ('edith','rodsuser')
eg.addmember(eu.name,eu.zone)
fg = self.sess.user_groups.create ('fgrp')
fu = self.sess.users.create ('frank','rodsuser')
fg.addmember(fu.name,fu.zone)
my_ownership = set([('own', self.sess.username, self.sess.zone)])
#--collection--
perms1data = [ iRODSAccess ('write',self.coll_path, eg.name, self.sess.zone),
iRODSAccess ('read', self.coll_path, fu.name, self.sess.zone)
]
for perm in perms1data: self.sess.permissions.set ( perm )
p1 = self.sess.permissions.get ( self.coll, report_raw_acls = True)
self.assertEqual(self.perms_lists_symm_diff( perms1data, p1 ), my_ownership)
#--data object--
perms2data = [ iRODSAccess ('write',data.path, fg.name, self.sess.zone),
iRODSAccess ('read', data.path, eu.name, self.sess.zone)
]
for perm in perms2data: self.sess.permissions.set ( perm )
p2 = self.sess.permissions.get ( data, report_raw_acls = True)
self.assertEqual(self.perms_lists_symm_diff( perms2data, p2 ), my_ownership)
finally:
ids_for_delete = [ u.id for u in (fu,fg,eu,eg) if u is not None ]
for u in [ iRODSUser(self.sess.users,row)
for row in self.sess.query(User).filter(In(User.id, ids_for_delete)) ]:
u.remove()
def test_set_data_acl(self):
# test args
collection = self.coll_path
filename = 'foo'
# get current user info
user = self.sess.users.get(
config.IRODS_USER_USERNAME, config.IRODS_SERVER_ZONE)
# make object in test collection
path = "{collection}/{filename}".format(**locals())
obj = helpers.make_object(self.sess, path)
# get object
obj = self.sess.data_objects.get(path)
# set permission to write
acl1 = iRODSAccess('write', path, user.name, user.zone)
self.sess.permissions.set(acl1)
# get object's ACLs
acl = self.sess.permissions.get(obj)[0] # owner's write access
# check values
self.assertEqual(acl.access_name, 'modify object')
self.assertEqual(acl.user_zone, user.zone)
self.assertEqual(acl.user_name, user.name)
# reset permission to own
acl1 = iRODSAccess('own', path, user.name, user.zone)
self.sess.permissions.set(acl1)
# remove object
self.sess.data_objects.unlink(path)
def test_set_data_acl(self):
# test args
collection = self.coll_path
filename = 'foo'
# get current user info
user = self.sess.users.get(self.sess.username, self.sess.zone)
# make object in test collection
path = "{collection}/{filename}".format(**locals())
obj = helpers.make_object(self.sess, path)
# get object
obj = self.sess.data_objects.get(path)
# set permission to write
acl1 = iRODSAccess('write', path, user.name, user.zone)
self.sess.permissions.set(acl1)
# get object's ACLs
acl = self.sess.permissions.get(obj)[0] # owner's write access
# check values
self.assertEqual(acl.access_name, 'modify object')
self.assertEqual(acl.user_zone, user.zone)
self.assertEqual(acl.user_name, user.name)
# reset permission to own
acl1 = iRODSAccess('own', path, user.name, user.zone)
self.sess.permissions.set(acl1)
# remove object
self.sess.data_objects.unlink(path)
def write_collection(session, data):
collname = '/tempZone/public/{0}'.format(data['collection'])
print("create {0}".format(collname))
# options = {kw.COLL_OWNER_NAME_KW: data['metadata']['OWNER']}
options = {}
coll = session.collections.create(collname, **options)
session.permissions.set(
iRODSAccess('own', coll.path, data['metadata']['OWNER'], 'tempZone'))
for k, v in data['metadata'].items():
coll.metadata.add(k, str(v))
for k, obj in data['objects'].items():
objpath = os.path.join(collname, k)
print("put {0} -> {1}".format(obj['file'], objpath))
options = {kw.DATA_OWNER_KW: data['metadata']['OWNER']}
session.data_objects.put(obj['file'], objpath, **options)
irods_obj = session.data_objects.get(objpath)
for k, v in obj['metadata'].items():
v = str(v)
v = v[:2048]
print("meta data {0} '{1}' '{2}'".format(objpath, k, v))
irods_obj.metadata.add(k, v)
session.permissions.set(
iRODSAccess('own', objpath, data['metadata']['OWNER'], 'tempZone'))
session.permissions.set(
iRODSAccess('null', objpath, 'rods', 'tempZone'))
session.permissions.set(iRODSAccess('null', coll.path, 'rods', 'tempZone'))
def close(self, owners=set()):
'''
Set permission to read only for group 'public'.
Get list of users who created the data.
The original creator of the data can be retrieved with obj.owner_name.
Script should be executed by a service account for data publishing
(role data steward).
owners - set of all additinatiol users who have write access
to the collection and data objects.
'''
# close each data object
for obj in self.coll.data_objects:
acl = iRODSAccess('read', obj.path, 'public', self.session.zone)
self.session.permissions.set(acl)
acl = iRODSAccess('read', obj.path, obj.owner_name,
self.session.zone)
self.session.permissions.set(acl)
for owner in owners:
acl = iRODSAccess('read', obj.path, owner, self.session.zone)
self.session.permissions.set(acl)
owners.add(obj.owner_name)
# close collection
acl = iRODSAccess('read', self.coll.path, 'public', self.session.zone)
self.session.permissions.set(acl)
for owner in owners:
acl = iRODSAccess('read', self.coll.path, owner, self.session.zone)
self.session.permissions.set(acl)
return owners
def lock(self):
"""
Change the ownership to current user.
Set readonly ownership to original user.
Return json document.
"""
ret = self.data
coll = self.session.collections.get(self.collection_path)
perm = self.session.permissions
for collection, subcollections, objects in coll.walk(topdown=True):
union = objects + [collection]
for ooc in union:
for acl in perm.get(ooc, expand_groups=False):
cacl = copy.copy(acl)
if cacl.access_name == 'read object':
cacl.access_name = 'read'
p = (cacl.user_name, cacl.user_zone)
if p not in self.target_users:
acc = iRODSAccess('read', acl.path, acl.user_name,
acl.user_zone)
perm.set(acc, admin=True)
for p in self.target_users.keys():
perm.set(iRODSAccess('own', ooc.path, p[0], p[1]),
admin=True)
return ret
def test_set_inherit_and_test_sub_objects (self):
DEPTH = 3
OBJ_PER_LVL = 1
deepcoll = user = None
test_coll_path = self.coll_path + "/test"
try:
deepcoll = helpers.make_deep_collection(self.sess, test_coll_path, object_content = 'arbitrary',
depth=DEPTH, objects_per_level=OBJ_PER_LVL)
user = self.sess.users.create('bob','rodsuser')
user.modify ('password','bpass')
acl_inherit = iRODSAccess('inherit', deepcoll.path)
acl_read = iRODSAccess('read', deepcoll.path, 'bob')
self.sess.permissions.set(acl_read)
self.sess.permissions.set(acl_inherit)
# create one new object and one new collection *after* ACL's are applied
new_object_path = test_coll_path + "/my_data_obj"
with self.sess.data_objects.open( new_object_path ,'w') as f: f.write(b'some_content')
new_collection_path = test_coll_path + "/my_colln_obj"
new_collection = self.sess.collections.create( new_collection_path )
coll_IDs = [c[Collection.id] for c in
self.sess.query(Collection.id).filter(Like(Collection.name , deepcoll.path + "%"))]
D_rods = list(self.sess.query(Collection.name,DataObject.name).filter(
In(DataObject.collection_id, coll_IDs )))
self.assertEqual (len(D_rods), OBJ_PER_LVL*DEPTH+1) # counts the 'older' objects plus one new object
with iRODSSession (port=self.sess.port, zone=self.sess.zone, host=self.sess.host,
user='******', password='******') as bob:
D = list(bob.query(Collection.name,DataObject.name).filter(
In(DataObject.collection_id, coll_IDs )))
# - bob should only see the new data object, but none existing before ACLs were applied
self.assertEqual( len(D), 1 )
D_names = [_[Collection.name] + "/" + _[DataObject.name] for _ in D]
self.assertEqual( D[0][DataObject.name], 'my_data_obj' )
# - bob should be able to read the new data object
with bob.data_objects.get(D_names[0]).open('r') as f:
self.assertGreater( len(f.read()), 0)
C = list(bob.query(Collection).filter( In(Collection.id, coll_IDs )))
self.assertEqual( len(C), 2 ) # query should return only the top-level and newly created collections
self.assertEqual( sorted([c[Collection.name] for c in C]),
sorted([new_collection.path, deepcoll.path]) )
finally:
if user: user.remove()
if deepcoll: deepcoll.remove(force = True, recurse = True)
def test_set_inherit_acl(self):
acl1 = iRODSAccess('inherit', self.coll_path)
self.sess.permissions.set(acl1)
c = self.sess.collections.get(self.coll_path)
self.assertTrue(c.inheritance)
acl2 = iRODSAccess('noinherit', self.coll_path)
self.sess.permissions.set(acl2)
c = self.sess.collections.get(self.coll_path)
self.assertFalse(c.inheritance)
def open(self, owners):
'''
Open collection for writing to certain iRODS users (owners).
'''
for owner in owners:
acl = iRODSAccess('write', self.coll.path, owner, self.session.zone)
self.session.permissions.set(acl)
for obj in self.coll.data_objects:
acl = iRODSAccess('write', obj.path, owner, self.session.zone)
self.session.permissions.set(acl)
return ['COLLECTION WRITE ACCESS: ' + str(owners)]
def create_collection(self,
path: str,
owner: typing.Optional[str] = None,
recursive: bool = True) -> None:
"""Create a collection."""
self._collections.append(path)
self.session.collections.create(path)
if owner:
own_acl = iRODSAccess("own", path, user_name=owner or "")
self.session.permissions.set(own_acl, recursive=recursive)
inherit_acl = iRODSAccess("inherit", path, user_name=owner or "")
self.session.permissions.set(inherit_acl, recursive=recursive)
def set_permissions(self,
path,
permission=None,
userOrGroup=None,
zone=None,
recursive=False):
if zone is None:
zone = self.get_current_zone()
# If not specified, remove permission
if permission is None:
permission = 'null'
try:
ACL = iRODSAccess(access_name=permission,
path=path,
user_name=userOrGroup,
user_zone=zone)
self.prc.permissions.set(ACL, recursive=recursive)
log.debug("Grant {}={} to {}", userOrGroup, permission, path)
return True
except iexceptions.CAT_INVALID_USER:
raise IrodsException("Cannot set ACL: user or group not found")
except iexceptions.CAT_INVALID_ARGUMENT:
if not self.is_collection(path) and not self.is_dataobject(path):
raise IrodsException("Cannot set ACL: path not found")
else:
raise IrodsException("Cannot set ACL")
return False
def createReport(self, content, owners=[]):
'''
Creates a report file for the users in /zone/home/public.
Naming convention: user1-user2-..._collection.status
content - list of strings
owners - iterable
'''
message = '\n'.join([str(i) for i in content])
users = '-'.join(owners)
iPath = '/%s/home/public/%s_%s.status_%s' % (
self.ipc.session.zone, users, self.ipc.coll.name,
datetime.datetime.now().strftime('%d-%m-%y_%H:%M'))
self.logger.info('Create report %s', iPath)
self.logger.debug('message:')
for line in content:
self.logger.debug(' ' + str(line))
try:
obj = self.ipc.session.data_objects.create(iPath)
except Exception:
obj = self.ipc.session.data_objects.get(iPath)
with obj.open('w') as obj_desc:
obj_desc.write(message)
for user in owners:
acl = iRODSAccess('write', iPath, user, self.ipc.session.zone)
self.logger.debug('setting write permissions for user %s' % user)
self.ipc.session.permissions.set(acl)
return iPath
def setUp(self):
admin = self.admin = helpers.make_session()
user = self.user = admin.users.create('anonymous', 'rodsuser',
admin.zone)
self.home = '/{admin.zone}/home/{user.name}'.format(**locals())
admin.collections.create(self.home)
acl = iRODSAccess('own', self.home, user.name)
admin.permissions.set(acl)
self.env_file = os.path.expanduser(
'~/.irods.anon/irods_environment.json')
self.env_dir = (os.path.dirname(self.env_file))
self.auth_file = os.path.expanduser('~/.irods.anon/.irodsA')
os.mkdir(os.path.dirname(self.env_file))
json.dump(
{
"irods_host": admin.host,
"irods_port": admin.port,
"irods_user_name": user.name,
"irods_zone_name": admin.zone
},
open(self.env_file, 'w'),
indent=4)
def get(self, target):
# different query whether target is an object or a collection
if type(target) == iRODSDataObject:
access_type = DataAccess
user_type = User
conditions = [
Collection.name == dirname(target.path),
DataObject.name == basename(target.path)
]
elif type(target) == iRODSCollection:
access_type = CollectionAccess
user_type = CollectionUser
conditions = [Collection.name == target.path]
else:
raise TypeError
results = self.sess.query(user_type.name, user_type.zone, access_type.name)\
.filter(*conditions).all()
return [
iRODSAccess(access_name=row[access_type.name],
user_name=row[user_type.name],
path=target.path,
user_zone=row[user_type.zone]) for row in results
]
def get(self, target, *args, expand_groups=True, **kwargs):
if expand_groups:
for i in self.orig_permissions.get(target, *args, **kwargs):
yield i
raise StopIteration()
else:
if type(target) == iRODSDataObject:
access_type = DataAccess
conditions = [
Collection.name == dirname(target.path),
DataObject.name == basename(target.path)
]
elif type(target) == iRODSCollection:
access_type = CollectionAccess
conditions = [Collection.name == target.path]
else:
raise TypeError
results = self.session.query(access_type.user_id,
access_type.name)\
.filter(*conditions)\
.all()
for row in results:
user, zone = self._get_user_by_id(row[access_type.user_id])
access = iRODSAccess(access_name=row[access_type.name],
user_name=user,
path=target.path,
user_zone=zone)
yield access
raise StopIteration()
def get(self, target, report_raw_acls=False, **kw):
if report_raw_acls:
return self.__get_raw(
target, **kw) # prefer a behavior consistent with 'ils -A`
# different query whether target is an object or a collection
if type(target) == iRODSDataObject:
access_type = DataAccess
user_type = User
conditions = [
Collection.name == dirname(target.path),
DataObject.name == basename(target.path)
]
elif type(target) == iRODSCollection:
access_type = CollectionAccess
user_type = CollectionUser
conditions = [Collection.name == target.path]
else:
raise TypeError
results = self.sess.query(user_type.name, user_type.zone, access_type.name)\
.filter(*conditions).all()
return [
iRODSAccess(access_name=row[access_type.name],
user_name=row[user_type.name],
path=target.path,
user_zone=row[user_type.zone]) for row in results
]
def test_set_inherit_acl_depth_test(self):
DEPTH = 3 # But test is valid for any DEPTH > 1
for recursionTruth in (True, False):
deepcoll = None
try:
test_coll_path = self.coll_path + "/test"
deepcoll = helpers.make_deep_collection(self.sess,
test_coll_path,
depth=DEPTH,
objects_per_level=2)
acl1 = iRODSAccess('inherit', deepcoll.path)
self.sess.permissions.set(acl1, recursive=recursionTruth)
test_subcolls = set(
iRODSCollection(self.sess.collections, _)
for _ in self.sess.query(Collection).filter(
Like(Collection.name, deepcoll.path + "/%")))
# assert top level collection affected
test_coll = self.sess.collections.get(test_coll_path)
self.assertTrue(test_coll.inheritance)
#
# assert lower level collections affected only for case when recursive = True
subcoll_truths = [(_.inheritance == recursionTruth)
for _ in test_subcolls]
self.assertEqual(len(subcoll_truths), DEPTH - 1)
self.assertTrue(all(subcoll_truths))
finally:
if deepcoll: deepcoll.remove(force=True, recurse=True)
def get(self, target):
# different query whether target is an object or a collection
if type(target) == iRODSDataObject:
access_type = DataAccess
user_type = User
conditions = [
Collection.name == dirname(target.path),
DataObject.name == basename(target.path)
]
elif type(target) == iRODSCollection:
access_type = CollectionAccess
user_type = CollectionUser
conditions = [
Collection.name == target.path
]
else:
raise TypeError
results = self.sess.query(user_type.name, user_type.zone, access_type.name)\
.filter(*conditions).all()
return [iRODSAccess(
access_name=row[access_type.name],
user_name=row[user_type.name],
path=target.path,
user_zone=row[user_type.zone]
) for row in results]
def remove_ownership(self):
coll = self.session.collections.get(self.collection_path)
for collection, subcollections, objects in coll.walk(topdown=True):
union = objects + [collection]
for ooc in union:
for acl in self.session.permissions.get(ooc,
expand_groups=False):
for pair in self.target_users.keys():
acc = iRODSAccess('null', ooc.path, pair[0], pair[1])
self.session.permissions.set(acc, admin=True)
def post(self, *args, **kwargs):
email = self.request.POST.get("irods_email")
zone = settings.IRODS_ZONE
collection = settings.IRODS_COLLECTION.split(',')
context = {'existing_user': '******'}
password = str(uuid.uuid4())[:5]
creds = {
'user': os.environ.get('RODS_USERNAME'),
'password': os.environ.get('RODS_PASSWORD'),
'zone': zone
}
with iRODSSession(**creds,
host=os.environ.get('BRAINI_RODS'),
port=os.environ.get('BRAINI_PORT',
"1247")) as session:
try:
user = session.users.get(email)
except UserDoesNotExist:
context['existing_user'] = '******'
user = session.users.create(email, 'rodsuser')
with iRODSSession(host=os.environ.get('NRC_MICROSCOPY_IRODS'),
port=os.environ.get('NRC_PORT', "1247"),
**creds) as user_session:
user_session.users.modify(user.name, 'password', password)
user_session.cleanup()
message = EmailMessage(
'Password Identity',
f'Hi {email},\nThis is your existing password {password} for iRODS login \nThank You',
to=[f'{email}'])
message.send()
session.users.modify(user.name, 'info', user.name)
for coll in collection:
coll_obj = session.collections.get(coll)
access = iRODSAccess('read', coll_obj.path, email, zone)
session.permissions.set(access, admin=True, recursive=True)
for i in coll_obj.data_objects:
access = iRODSAccess('read', i.path, email, zone)
session.permissions.set(access, admin=True)
return super(generic.TemplateView, self).render(request, context)
def test_set_collection_acl(self):
# use test coll
coll = self.coll
# get current user info
user = self.sess.users.get(self.sess.username, self.sess.zone)
# set permission to write
acl1 = iRODSAccess('write', coll.path, user.name, user.zone)
self.sess.permissions.set(acl1)
# get collection's ACLs
acl = self.sess.permissions.get(coll)[0] # owner's write access
# check values
self.assertEqual(acl.access_name, 'modify object')
self.assertEqual(acl.user_zone, user.zone)
self.assertEqual(acl.user_name, user.name)
# reset permission to own
acl1 = iRODSAccess('own', coll.path, user.name, user.zone)
self.sess.permissions.set(acl1)
def _lock_pass1(self, union):
user = self.ipc.user
new_acls = []
for ooc in union:
if not self.check_ownership(user, ooc):
raise NoOwnership("current user (%s) is not owner of %s" %
(user.name, ooc.path))
self.logger.debug('backing up ACLs for %s' % ooc.path)
new_acls.append(iRODSAccess('read', ooc.path, 'public', user.zone))
for acl in self.ipc.session.permissions.get(ooc):
# fix: inconsitent name
cacl = copy.copy(acl)
if cacl.access_name == 'read object':
cacl.access_name = 'read'
self.logger.debug('backup: %s', vars(cacl))
self.original_acl[(ooc.path, acl.user_name)] = cacl
if cacl.user_name != user.name or \
cacl.user_zone != user.zone:
new_acls.append(
iRODSAccess('read', acl.path, acl.user_name,
acl.user_zone))
return new_acls
def test_set_collection_acl(self):
# use test coll
coll = self.coll
# get current user info
user = self.sess.users.get(self.sess.username, self.sess.zone)
# set permission to write
acl1 = iRODSAccess('write', coll.path, user.name, user.zone)
self.sess.permissions.set(acl1)
# get collection's ACLs
acl = self.sess.permissions.get(coll)[0] # owner's write access
# check values
self.assertEqual(acl.access_name, 'modify object')
self.assertEqual(acl.user_zone, user.zone)
self.assertEqual(acl.user_name, user.name)
# reset permission to own
acl1 = iRODSAccess('own', coll.path, user.name, user.zone)
self.sess.permissions.set(acl1)
def unlock(self):
user = self.ipc.user
self.logger.info('unlock collection %s', self.ipc.uri)
for (path, u), acl in self.original_acl.items():
if acl.user_name != user.name or acl.user_zone != user.zone:
self.logger.debug('set ACL: %s', vars(acl))
self.ipc.session.permissions.set(acl)
union = [self.ipc.coll] + self.ipc.coll.data_objects
for ooc in union:
for acl in self.ipc.session.permissions.get(ooc):
if (acl.path, acl.user_name) not in self.original_acl:
racl = iRODSAccess('null', acl.path, acl.user_name,
acl.user_zone)
self.logger.debug('set ACL: %s', vars(racl))
self.ipc.session.permissions.set(racl)
def get(self, path):
conditions = [
Collection.name == dirname(path),
DataObject.name == basename(path)
]
results = self.sess.query(User.name, User.id, DataObject.id, DataAccess.name)\
.filter(*conditions).all()
return [iRODSAccess(
access_name = row[DataAccess.name],
user_id = row[User.id],
data_id = row[DataObject.id],
user_name = row[User.name]
) for row in results]
def __get_raw(self, target, **kw):
### sample usage: ###
#
# user_id_list = [] # simply to store the user id's from the discovered ACL's
# session.permissions.get( data_or_coll_target, report_raw_acls = True,
# acl_users = user_id_list,
# acl_users_transform = lambda u: u.id)
#
# -> returns list of iRODSAccess objects mapping one-to-one with ACL's stored in the catalog
users_out = kw.pop('acl_users', None)
T = kw.pop('acl_users_transform', lambda value: value)
# different choice of query based on whether target is an object or a collection
if isinstance(target, iRODSDataObject):
access_column = DataAccess
query_func = self.data_access_query
elif isinstance(target, iRODSCollection):
access_column = CollectionAccess
query_func = self.coll_access_query
else:
raise TypeError
rows = [r for r in query_func(target.path)]
userids = set(r[access_column.user_id] for r in rows)
user_lookup = {j.id: j for j in users_by_ids(self.sess, userids)}
if isinstance(users_out, dict): users_out.update(user_lookup)
elif isinstance(users_out, list):
users_out += [T(v) for v in user_lookup.values()]
elif isinstance(users_out, set):
users_out |= set(T(v) for v in user_lookup.values())
elif users_out is None:
pass
else:
raise TypeError
acls = [
iRODSAccess(r[access_column.name], target.path,
user_lookup[r[access_column.user_id]].name,
user_lookup[r[access_column.user_id]].zone)
for r in rows
]
return acls
def __init__(self, ipc, original_acl=None, do_unlock=False, do_lock=True):
self.logger = logging.getLogger('ipublish')
self.logger.debug('collection lock')
self.logger.debug('do_unlock: %s, do_lock %s', do_unlock, do_lock)
self.ipc = ipc
if original_acl is None:
self.original_acl = {}
else:
acls = [
iRODSAccess(str(acl.get('access_name')), str(acl.get('path')),
str(acl.get('user_name')),
str(acl.get('user_zone'))) for acl in original_acl
]
self.original_acl = {(acl.path, acl.user_name): acl
for acl in acls}
self.do_unlock = do_unlock
self.do_lock = do_lock
def enable_inheritance(self, path, zone=None):
if zone is None:
zone = self.get_current_zone()
key = 'inherit'
ACL = iRODSAccess(access_name=key, path=path, user_zone=zone)
try:
self.prc.permissions.set(ACL) # , recursive=False)
log.verbose("Enabled {} to {}", key, path)
except iexceptions.CAT_INVALID_ARGUMENT:
if not self.is_collection(path) and not self.is_dataobject(path):
raise IrodsException("Cannot set Inherit: path not found")
else:
raise IrodsException("Cannot set Inherit")
return False
else:
return True
def set_inheritance(self, path, inheritance=True, recursive=False):
try:
if inheritance:
permission = "inherit"
else:
permission = "noinherit"
ACL = iRODSAccess(access_name=permission,
path=path,
user_name='',
user_zone='')
self.prc.permissions.set(ACL, recursive=recursive)
log.debug("Set inheritance {} to {}", inheritance, path)
return True
except iexceptions.CAT_NO_ACCESS_PERMISSION:
if self.is_dataobject(path):
raise IrodsException("Cannot set inheritance to a data object")
else:
raise IrodsException(
"Cannot set inheritance: collection not found")
return False
def createReport(self, content, owners=[]):
'''
Creates a report file for the users in /zone/home/public.
Naming convention: user1-user2-..._collection.status
content - list of strings
owners - iterable
'''
message = '\n'.join([str(i) for i in content])
users = '-'.join(owners)
iPath = '/' + self.ipc.session.zone + '/home/public/' + users + '_' + self.ipc.coll.name + '.status_' + datetime.datetime.now(
).strftime('%d-%m-%y_%H:%M')
try:
obj = self.ipc.session.data_objects.create(iPath)
except Exception:
obj = self.ipc.session.data_objects.get(iPath)
with obj.open('w') as obj_desc:
obj_desc.write(message)
for user in owners:
acl = iRODSAccess('write', iPath, user, self.ipc.session.zone)
self.ipc.session.permissions.set(acl)
return iPath
def test_create_other_zone_user_227_228(self):
usercolls = []
session = self.sess
A_ZONE_NAME = 'otherZone'
A_ZONE_USER = '******'
try:
zoneB = session.zones.create(A_ZONE_NAME,'remote')
zBuser = session.users.create(A_ZONE_USER,'rodsuser', A_ZONE_NAME, '')
usercolls = [ iRODSCollection(session.collections, result) for result in
session.query(Collection).filter(Collection.owner_name == zBuser.name and
Collection.owner_zone == zBuser.zone) ]
self.assertEqual ([(u[User.name],u[User.zone]) for u in session.query(User).filter(User.zone == A_ZONE_NAME)],
[(A_ZONE_USER,A_ZONE_NAME)])
zBuser.remove()
zoneB.remove()
finally:
for p in usercolls:
try:
session.collections.get( p.path )
except CollectionDoesNotExist:
continue
perm = iRODSAccess( 'own', p.path, session.username, session.zone)
session.permissions.set( perm, admin=True)
p.remove(force=True)
csvName = 'features_' + filebase + '.csv'
with open(resultsDir + '/' + csvName, 'w') as csvfile:
writer = csv.writer(csvfile, delimiter=',')
writer.writerows(bestFeatures)
# Upload to iRODS
print('Write feature csv to iRODS: ' + coll.path + '/' + csvName)
session.data_objects.put(resultsDir + '/' + csvName,
coll.path + '/' + csvName)
obj = session.data_objects.get(coll.path + '/' + csvName)
obj.metadata.add('REFDATA',
'http://dx.doi.org/10.6084/m9.figshare.3119248.v1')
obj.metadata.add('DATATYPE', 'ACES results')
obj.metadata.add('ALGORITHM', filebase)
#Share results with user
acl = iRODSAccess('read', coll.path, share, session.zone)
print('Share data: ' + acl.access_name + ' ' + acl.user_name + ' ' + acl.path)
try:
session.permissions.set(acl)
except:
print("User or group unknown: " + share)
for srcColl, colls, objs in coll.walk():
for obj in objs:
try:
acl = iRODSAccess('read', obj.path, share, session.zone)
session.permissions.set(acl)
except:
print("User or group unknown: " + share)
