How to use the rucio.api.permission.has_permission function in rucio
To help you get started, we’ve selected a few rucio examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
rucio / rucio / lib / rucio / api / account_limit.py View on Github 
def delete_global_account_limit(account, rse_expression, issuer):
"""
Delete a global account limit..
:param account: The account name.
:param rse_expression: The rse expression.
:param issuer: The issuer account_core.
:returns: True if successful; False otherwise.
"""
kwargs = {'account': account, 'rse_expression': rse_expression}
if not rucio.api.permission.has_permission(issuer=issuer, action='delete_global_account_limit', kwargs=kwargs):
raise rucio.common.exception.AccessDenied('Account %s can not delete global account limits.' % (issuer))
account = InternalAccount(account)
if not account_exists(account=account):
raise rucio.common.exception.AccountNotFound('Account %s does not exist' % (account))
return account_limit_core.delete_global_account_limit(account=account, rse_expression=rse_expression)def import_data(data, issuer):
"""
Import data to add/update/delete records in Rucio.
:param data: data to be imported.
:param issuer: the issuer.
"""
kwargs = {'issuer': issuer}
validate_schema(name='import', obj=data)
if not permission.has_permission(issuer=issuer, action='import', kwargs=kwargs):
raise exception.AccessDenied('Account %s can not import data' % issuer)
for account in data.get('accounts', []):
account['account'] = InternalAccount(account['account'])
return importer.import_data(data)if account is None:
account = issuer
if activity is None:
activity = 'User Subscriptions'
kwargs = {'dids': dids, 'copies': copies, 'rse_expression': rse_expression, 'weight': weight, 'lifetime': lifetime,
'grouping': grouping, 'account': account, 'locked': locked, 'subscription_id': subscription_id,
'source_replica_expression': source_replica_expression, 'notify': notify, 'activity': activity,
'purge_replicas': purge_replicas, 'ignore_availability': ignore_availability, 'comment': comment,
'ask_approval': ask_approval, 'asynchronous': asynchronous, 'priority': priority, 'split_container': split_container,
'meta': meta}
validate_schema(name='rule', obj=kwargs)
if not has_permission(issuer=issuer, vo=vo, action='add_rule', kwargs=kwargs):
raise AccessDenied('Account %s can not add replication rule' % (issuer))
account = InternalAccount(account, vo=vo)
for d in dids:
d['scope'] = InternalScope(d['scope'], vo=vo)
return rule.add_rule(account=account,
dids=dids,
copies=copies,
rse_expression=rse_expression,
grouping=grouping,
weight=weight,
lifetime=lifetime,
locked=locked,
subscription_id=subscription_id,
source_replica_expression=source_replica_expression,def del_account_attribute(key, account, issuer):
"""
Delete an attribute to an account.
:param key: attribute key.
:param account: The account name.
:param issuer: The issuer account_core.
"""
kwargs = {'account': account, 'key': key}
if not rucio.api.permission.has_permission(issuer=issuer, action='del_attribute', kwargs=kwargs):
raise rucio.common.exception.AccessDenied('Account %s can not delete attribute' % (issuer))
account = InternalAccount(account)
account_core.del_account_attribute(account, key)def cancel_request(request_id, issuer, account):
"""
Cancel a request.
:param request_id: Request Identifier as a 32 character hex string.
:param issuer: Issuing account as a string.
:param account: Account identifier as a string.
"""
kwargs = {'account': account, 'issuer': issuer, 'request_id': request_id}
if not permission.has_permission(issuer=issuer, action='cancel_request_', kwargs=kwargs):
raise exception.AccessDenied('%s cannot cancel request %s' % (account, request_id))
raise NotImplementedErrordef cancel_request_did(scope, name, dest_rse, request_type, issuer, account):
"""
Cancel a request based on a DID and request type.
:param scope: Data identifier scope as a string.
:param name: Data identifier name as a string.
:param dest_rse: RSE name as a string.
:param request_type: Type of the request as a string.
:param issuer: Issuing account as a string.
:param account: Account identifier as a string.
"""
dest_rse_id = get_rse_id(rse=dest_rse)
kwargs = {'account': account, 'issuer': issuer}
if not permission.has_permission(issuer=issuer, action='cancel_request_did', kwargs=kwargs):
raise exception.AccessDenied('%(account)s cannot cancel %(request_type)s request for %(scope)s:%(name)s' % locals())
scope = InternalScope(scope)
return request.cancel_request_did(scope, name, dest_rse_id, request_type)def set_rse_usage(rse, source, used, free, issuer):
"""
Set RSE usage information.
:param rse: The RSE name.
:param source: the information source, e.g. srm.
:param used: the used space in bytes.
:param free: the free space in bytes.
:param issuer: The issuer account.
:returns: List of RSE usage data.
"""
rse_id = rse_module.get_rse_id(rse=rse)
kwargs = {'rse': rse, 'rse_id': rse_id}
if not permission.has_permission(issuer=issuer, action='set_rse_usage', kwargs=kwargs):
raise exception.AccessDenied('Account %s can not update RSE usage information for RSE %s' % (issuer, rse))
return rse_module.set_rse_usage(rse_id=rse_id, source=source, used=used, free=free)def list_requests(src_rses, dst_rses, states, issuer):
"""
List all requests in a specific state from a source RSE to a destination RSE.
:param src_rses: source RSEs.
:param dst_rses: destination RSEs.
:param states: list of request states.
:param issuer: Issuing account as a string.
"""
src_rse_ids = [get_rse_id(rse=rse) for rse in src_rses]
dst_rse_ids = [get_rse_id(rse=rse) for rse in dst_rses]
kwargs = {'src_rse_id': src_rse_ids, 'dst_rse_id': dst_rse_ids, 'issuer': issuer}
if not permission.has_permission(issuer=issuer, action='list_requests', kwargs=kwargs):
raise exception.AccessDenied('%(issuer)s cannot list requests from RSE %(src_rse)s to RSE %(dst_rse)s' % locals())
for req in request.list_requests(src_rse_ids, dst_rse_ids, states):
yield api_update_return_dict(req)Append content to data did.
:param attachment: The attachment.
:param issuer: The issuer account.
:param vo: The VO to act on.
"""
validate_schema(name='attachment', obj=attachment)
rse_id = None
if 'rse' in attachment:
if attachment['rse'] is not None:
rse_id = get_rse_id(rse=attachment['rse'], vo=vo)
attachment['rse_id'] = rse_id
kwargs = {'scope': scope, 'name': name, 'attachment': attachment}
if not rucio.api.permission.has_permission(issuer=issuer, vo=vo, action='attach_dids', kwargs=kwargs):
raise rucio.common.exception.AccessDenied('Account %s can not add data identifiers to %s:%s' % (issuer, scope, name))
scope = InternalScope(scope, vo=vo)
issuer = InternalAccount(issuer, vo=vo)
if 'account' in attachment.keys():
attachment['account'] = InternalAccount(attachment['account'], vo=vo)
for d in attachment['dids']:
d['scope'] = InternalScope(d['scope'], vo=vo)
if rse_id is not None:
dids = did.attach_dids(scope=scope, name=name, dids=attachment['dids'],
account=attachment.get('account', issuer), rse_id=rse_id)
else:
dids = did.attach_dids(scope=scope, name=name, dids=attachment['dids'],
account=attachment.get('account', issuer))
def update_rse(rse, parameters, issuer):
"""
Update RSE properties like availability or name.
:param rse: the name of the new rse.
:param parameters: A dictionnary with property (name, read, write, delete as keys).
:param issuer: The issuer account.
:raises RSENotFound: If RSE is not found.
"""
rse_id = rse_module.get_rse_id(rse=rse)
kwargs = {'rse': rse, 'rse_id': rse_id}
if not permission.has_permission(issuer=issuer, action='update_rse', kwargs=kwargs):
raise exception.AccessDenied('Account %s can not update RSE' % (issuer))
return rse_module.update_rse(rse_id=rse_id, parameters=parameters)
Popular rucio functions
- rucio.api.permission.has_permission
- rucio.client.baseclient.choice
- rucio.common.config.config_get
- rucio.common.exception
- rucio.common.exception.AccessDenied
- rucio.common.exception.DataIdentifierNotFound
- rucio.common.exception.RucioException
- rucio.common.exception.UnsupportedOperation
- rucio.common.types.InternalAccount
- rucio.common.utils.build_url
- rucio.common.utils.generate_http_error
- rucio.common.utils.generate_http_error_flask
- rucio.core.account.has_account_attribute
- rucio.core.heartbeat.live
- rucio.core.monitor.record_counter
- rucio.core.rse_expression_parser.parse_expression
- rucio.db.sqla.models
- rucio.db.sqla.session.read_session
- rucio.db.sqla.session.transactional_session
- rucio.web.rest.common.RucioController