forked from UtrechtUniversity/yoda-ruleset
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpolicies_intake.py
186 lines (161 loc) · 7.44 KB
/
policies_intake.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
# -*- coding: utf-8 -*-
"""iRODS policy implementations."""
__copyright__ = 'Copyright (c) 2021, Utrecht University'
__license__ = 'GPLv3, see LICENSE'
import genquery
import intake_scan
from util import *
def is_data_in_locked_dataset(ctx, actor, path):
""" Check whether given data object is within a locked dataset """
dataset_id = ''
coll = pathutil.chop(path)[0]
data_name = pathutil.chop(path)[1]
iter = genquery.row_iterator(
"META_DATA_ATTR_VALUE",
"DATA_NAME = '" + data_name + "' AND META_DATA_ATTR_NAME = 'dataset_id' AND COLL_NAME = '" + coll + "' ",
genquery.AS_LIST, ctx
)
for row in iter:
dataset_id = row[0]
log.debug(ctx, 'dataset found: ' + dataset_id)
# now check whether a lock exists
# Find the toplevel and get the collection check whether is locked
iter = genquery.row_iterator(
"COLL_NAME",
"META_COLL_ATTR_VALUE = '" + dataset_id + "' AND META_COLL_ATTR_NAME = 'dataset_toplevel' AND COLL_NAME like '/" + user.zone(ctx) + "/home/grp-intake-%'",
genquery.AS_LIST, ctx
)
toplevel_collection = ''
toplevel_is_collection = False
for row in iter:
toplevel_collection = row[0]
toplevel_is_collection = True
if not toplevel_collection:
# dataset is based on a data object
iter = genquery.row_iterator(
"COLL_NAME, DATA_NAME",
"META_DATA_ATTR_VALUE = '" + dataset_id + "' AND META_DATA_ATTR_NAME = 'dataset_toplevel' AND COLL_NAME like '/" + user.zone(ctx) + "/home/grp-intake-%'",
genquery.AS_LIST, ctx
)
for row in iter:
toplevel_collection = row[0] + '/' + row[1]
toplevel_is_collection = False
if toplevel_collection:
locked_state = intake_scan.object_is_locked(ctx, toplevel_collection, toplevel_is_collection)
log.debug(ctx, locked_state)
return (locked_state['locked'] or locked_state['frozen']) and not user.is_admin(ctx, actor)
else:
log.debug(ctx, "Could not determine lock state of data object " + path)
# Pretend presence of a lock so no unwanted data gets deleted
return True
log.debug(ctx, 'after check for datasetid - no dataset found')
return False
def is_coll_in_locked_dataset(ctx, actor, coll):
""" Check whether given collection is within a locked dataset """
dataset_id = ''
iter = genquery.row_iterator(
"META_COLL_ATTR_VALUE",
"COLL_NAME = '" + coll + "' AND META_COLL_ATTR_NAME = 'dataset_id' ",
genquery.AS_LIST, ctx
)
for row in iter:
dataset_id = row[0]
log.debug(ctx, 'dataset found: ' + dataset_id)
# now check whether a lock exists
# return True
# Find the toplevel and get the collection check whether is locked
iter = genquery.row_iterator(
"COLL_NAME",
"META_COLL_ATTR_VALUE = '" + dataset_id + "' AND META_COLL_ATTR_NAME = 'dataset_toplevel' AND COLL_NAME like '/" + user.zone(ctx) + "/home/grp-intake-%'",
genquery.AS_LIST, ctx
)
toplevel_collection = ''
toplevel_is_collection = False
for row in iter:
toplevel_collection = row[0]
toplevel_is_collection = True
if not toplevel_collection:
# dataset is based on a data object
iter = genquery.row_iterator(
"COLL_NAME",
"META_DATA_ATTR_VALUE = '" + dataset_id + "' AND META_DATA_ATTR_NAME = 'dataset_toplevel' AND COLL_NAME like '/" + user.zone(ctx) + "/home/grp-intake-%'",
genquery.AS_LIST, ctx
)
for row in iter:
toplevel_collection = row[0]
toplevel_is_collection = False
if toplevel_collection:
locked_state = intake_scan.object_is_locked(ctx, toplevel_collection, toplevel_is_collection)
log.debug(ctx, locked_state)
return (locked_state['locked'] or locked_state['frozen']) and not user.is_admin(ctx, actor)
else:
log.debug(ctx, "Could not determine lock state of data object " + path)
# Pretend presence of a lock so no unwanted data gets deleted
return True
log.debug(ctx, 'after check for datasetid - no dataset found')
return False
def coll_in_path_of_locked_dataset(ctx, actor, coll):
""" If collection is part of a locked dataset, or holds one on a deeper level, then deletion is not allowed """
dataset_id = ''
iter = genquery.row_iterator(
"META_COLL_ATTR_VALUE",
"COLL_NAME = '" + coll + "' AND META_COLL_ATTR_NAME = 'dataset_id' ",
genquery.AS_LIST, ctx
)
for row in iter:
dataset_id = row[0]
log.debug(ctx, 'dataset found: ' + dataset_id)
if dataset_id:
# Now find the toplevel and get the collection check whether is locked
iter = genquery.row_iterator(
"COLL_NAME",
"META_COLL_ATTR_VALUE = '" + dataset_id + "' AND META_COLL_ATTR_NAME = 'dataset_toplevel' AND COLL_NAME like '/" + user.zone(ctx) + "/home/grp-intake-%'",
genquery.AS_LIST, ctx
)
toplevel_collection = ''
toplevel_is_collection = False
for row in iter:
toplevel_collection = row[0]
toplevel_is_collection = True
if not toplevel_collection:
# dataset is based on a data object
iter = genquery.row_iterator(
"COLL_NAME",
"META_DATA_ATTR_VALUE = '" + dataset_id + "' AND META_DATA_ATTR_NAME = 'dataset_toplevel' AND COLL_NAME like '/" + user.zone(ctx) + "/home/grp-intake-%'",
genquery.AS_LIST, ctx
)
for row in iter:
toplevel_collection = row[0]
toplevel_is_collection = False
if toplevel_collection:
locked_state = intake_scan.object_is_locked(ctx, toplevel_collection, toplevel_is_collection)
log.debug(ctx, locked_state)
return (locked_state['locked'] or locked_state['frozen']) and not user.is_admin(ctx, actor)
else:
log.debug(ctx, "Could not determine lock state of data object " + path)
# Pretend presence of a lock so no unwanted data gets deleted
return True
else:
# No dataset found on indicated collection. Possibly in deeper collections.
# Can be dataset based upon collection or data object
iter = genquery.row_iterator(
"META_COLL_ATTR_VALUE",
"COLL_NAME like '" + coll + "%' AND META_COLL_ATTR_NAME in ('to_vault_lock','to_vault_freeze') ",
genquery.AS_LIST, ctx
)
for _row in iter:
log.debug(ctx, 'Found deeper LOCK')
# If present there is a lock. No need to further inquire
return not user.is_admin(ctx, actor)
# Could be a dataset based on a data object
iter = genquery.row_iterator(
"META_DATA_ATTR_VALUE",
"COLL_NAME like '" + coll + "%' AND META_DATA_ATTR_NAME in ('to_vault_lock','to_vault_freeze') ",
genquery.AS_LIST, ctx
)
for _row in iter:
log.debug(ctx, 'Found deeper LOCK')
# If present there is a lock. No need to further inquire
return not user.is_admin(ctx, actor)
# There is no lock present
return False