Skip to content

Commit 2f4a072

Browse files
d-w-moored-w-moore
committed
[irods#505] atomic ACLs endpoint
1 parent 1471104 commit 2f4a072

7 files changed

Lines changed: 387 additions & 82 deletions

File tree

README.md

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2118,6 +2118,66 @@ membership, this can be achieved with another query.
21182118
`<session>.permissions` was therefore removed in v2.0.0
21192119
in favor of `<session>.acls`.
21202120

2121+
Atomically setting permissions
2122+
------------------------------
2123+
2124+
A list of permissions may be added to an object atomically using
2125+
the AccessManager's `apply_atomic_operations` method:
2126+
```py
2127+
from irods.access import ACLOperation
2128+
from irods.helpers import home_collection
2129+
session = irods.helpers.make_session()
2130+
myCollection = session.collections.create(f"{home_collection(session)}/newCollection")
2131+
2132+
session.acls.apply_atomic_operations(
2133+
myCollection.path,
2134+
*[
2135+
ACLOperation("read", "public"),
2136+
ACLOperation("write", "bob", "otherZone")
2137+
]
2138+
)
2139+
```
2140+
`ACLOperation` objects form a linear order with `iRODSAccess` objects, and
2141+
indeed are subclassed from them as well, allowing equivalence comparisons and
2142+
also permitting intermixed sequences to be sorted (using the `__lt__` method
2143+
if no sort `key` parameter is given).
2144+
2145+
Care should be taken however to normalize the objects before such comparisons
2146+
and sorting, and with connected uses of the `in` operator (which leverages `__eq__`).
2147+
2148+
The following code sorts the objects based on their lexical order starting with the
2149+
normalized `access_name`, which serves to group identical permissions together:
2150+
```py
2151+
from irods.access import *
2152+
import irods.helpers
2153+
acls = [
2154+
iRODSAccess('read_object', '/tempZone/home/alice', 'bob', 'tempZone'),
2155+
ACLOperation('write', 'rods'),
2156+
ACLOperation('read', 'bob'),
2157+
]
2158+
2159+
session = irods.helpers.make_session()
2160+
N = lambda acl: acl.normalize(local_zone=session.zone)
2161+
2162+
print(N(acls[0]) == N(acls[2]))
2163+
acls.sort(key=N)
2164+
print(N(iRODSAccess('read', '', 'bob')) in map(N, acls))
2165+
```
2166+
2167+
If strict order of permissions is desired, we can use code such as the following:
2168+
```py
2169+
from irods.access import *
2170+
from pprint import pp
2171+
pp(sorted(
2172+
[
2173+
ACLOperation('read', 'bob' ),
2174+
ACLOperation('own', 'rods'),
2175+
ACLOperation('read_object', 'alice')
2176+
],
2177+
key=lambda acl: (all_permissions[acl.access_name], acl.normalize())
2178+
))
2179+
```
2180+
21212181
Quotas (v2.0.0)
21222182
---------------
21232183

0 commit comments

Comments
 (0)