1 # Copyright 2011 GRNET S.A. All rights reserved.
3 # Redistribution and use in source and binary forms, with or
4 # without modification, are permitted provided that the following
7 # 1. Redistributions of source code must retain the above
8 # copyright notice, this list of conditions and the following
11 # 2. Redistributions in binary form must reproduce the above
12 # copyright notice, this list of conditions and the following
13 # disclaimer in the documentation and/or other materials
14 # provided with the distribution.
16 # THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
17 # OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
20 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
23 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 # AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
26 # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 # POSSIBILITY OF SUCH DAMAGE.
29 # The views and conclusions contained in the software and
30 # documentation are those of the authors and should not be
31 # interpreted as representing official policies, either expressed
32 # or implied, of GRNET S.A.
42 from base import NotAllowedError, BaseBackend
43 from lib.hashfiler import Mapper, Blocker
45 ( CLUSTER_NORMAL, CLUSTER_HISTORY, CLUSTER_DELETED ) = range(3)
50 logger = logging.getLogger(__name__)
52 def backend_method(func=None, autocommit=1):
55 return backend_method(func, autocommit)
60 def fn(self, *args, **kw):
61 self.wrapper.execute()
63 ret = func(self, *args, **kw)
67 self.wrapper.rollback()
72 class ModularBackend(BaseBackend):
75 Uses modules for SQL functions and hashfiler for storage.
78 def __init__(self, mod, path, db):
79 self.hash_algorithm = 'sha256'
80 self.block_size = 4 * 1024 * 1024 # 4MB
82 self.default_policy = {'quota': 0, 'versioning': 'auto'}
84 if path and not os.path.exists(path):
86 if not os.path.isdir(path):
87 raise RuntimeError("Cannot open path '%s'" % (path,))
90 self.mod = sys.modules[mod]
91 self.wrapper = self.mod.dbwrapper.DBWrapper(db)
93 params = {'blocksize': self.block_size,
94 'blockpath': os.path.join(path + '/blocks'),
95 'hashtype': self.hash_algorithm}
96 self.blocker = Blocker(**params)
98 params = {'mappath': os.path.join(path + '/maps'),
99 'namelen': self.blocker.hashlen}
100 self.mapper = Mapper(**params)
102 params = {'wrapper': self.wrapper}
103 self.permissions = self.mod.permissions.Permissions(**params)
104 for x in ['READ', 'WRITE']:
105 setattr(self, x, getattr(self.mod.permissions, x))
106 self.policy = self.mod.policy.Policy(**params)
107 self.node = self.mod.node.Node(**params)
108 for x in ['ROOTNODE', 'SERIAL', 'SIZE', 'MTIME', 'MUSER', 'CLUSTER']:
109 setattr(self, x, getattr(self.mod.node, x))
112 def list_accounts(self, user, marker=None, limit=10000):
113 """Return a list of accounts the user can access."""
115 logger.debug("list_accounts: %s %s %s", user, marker, limit)
116 allowed = self._allowed_accounts(user)
117 start, limit = self._list_limits(allowed, marker, limit)
118 return allowed[start:start + limit]
121 def get_account_meta(self, user, account, until=None):
122 """Return a dictionary with the account metadata."""
124 logger.debug("get_account_meta: %s %s", account, until)
125 path, node = self._lookup_account(account, user == account)
127 if until or node is None or account not in self._allowed_accounts(user):
128 raise NotAllowedError
130 props = self._get_properties(node, until)
131 mtime = props[self.MTIME]
135 count, bytes, tstamp = self._get_statistics(node, until)
136 tstamp = max(tstamp, mtime)
140 modified = self._get_statistics(node)[2] # Overall last modification.
141 modified = max(modified, mtime)
144 meta = {'name': account}
147 if props is not None:
148 meta.update(dict(self.node.attribute_get(props[self.SERIAL])))
149 if until is not None:
150 meta.update({'until_timestamp': tstamp})
151 meta.update({'name': account, 'count': count, 'bytes': bytes})
152 meta.update({'modified': modified})
156 def update_account_meta(self, user, account, meta, replace=False):
157 """Update the metadata associated with the account."""
159 logger.debug("update_account_meta: %s %s %s", account, meta, replace)
161 raise NotAllowedError
162 path, node = self._lookup_account(account, True)
163 self._put_metadata(user, node, meta, replace, False)
166 def get_account_groups(self, user, account):
167 """Return a dictionary with the user groups defined for this account."""
169 logger.debug("get_account_groups: %s", account)
171 if account not in self._allowed_accounts(user):
172 raise NotAllowedError
174 self._lookup_account(account, True)
175 return self.permissions.group_dict(account)
178 def update_account_groups(self, user, account, groups, replace=False):
179 """Update the groups associated with the account."""
181 logger.debug("update_account_groups: %s %s %s", account, groups, replace)
183 raise NotAllowedError
184 self._lookup_account(account, True)
185 self._check_groups(groups)
187 self.permissions.group_destroy(account)
188 for k, v in groups.iteritems():
189 if not replace: # If not already deleted.
190 self.permissions.group_delete(account, k)
192 self.permissions.group_addmany(account, k, v)
195 def put_account(self, user, account):
196 """Create a new account with the given name."""
198 logger.debug("put_account: %s", account)
200 raise NotAllowedError
201 node = self.node.node_lookup(account)
203 raise NameError('Account already exists')
204 self._put_path(user, self.ROOTNODE, account)
207 def delete_account(self, user, account):
208 """Delete the account with the given name."""
210 logger.debug("delete_account: %s", account)
212 raise NotAllowedError
213 node = self.node.node_lookup(account)
216 if not self.node.node_remove(node):
217 raise IndexError('Account is not empty')
218 self.permissions.group_destroy(account)
221 def list_containers(self, user, account, marker=None, limit=10000, shared=False, until=None):
222 """Return a list of containers existing under an account."""
224 logger.debug("list_containers: %s %s %s %s %s", account, marker, limit, shared, until)
226 if until or account not in self._allowed_accounts(user):
227 raise NotAllowedError
228 allowed = self._allowed_containers(user, account)
229 start, limit = self._list_limits(allowed, marker, limit)
230 return allowed[start:start + limit]
232 allowed = [x.split('/', 2)[1] for x in self.permissions.access_list_shared(account)]
233 start, limit = self._list_limits(allowed, marker, limit)
234 return allowed[start:start + limit]
235 node = self.node.node_lookup(account)
236 return [x[0] for x in self._list_objects(node, account, '', '/', marker, limit, False, [], until)]
239 def get_container_meta(self, user, account, container, until=None):
240 """Return a dictionary with the container metadata."""
242 logger.debug("get_container_meta: %s %s %s", account, container, until)
244 if until or container not in self._allowed_containers(user, account):
245 raise NotAllowedError
246 path, node = self._lookup_container(account, container)
247 props = self._get_properties(node, until)
248 mtime = props[self.MTIME]
249 count, bytes, tstamp = self._get_statistics(node, until)
250 tstamp = max(tstamp, mtime)
254 modified = self._get_statistics(node)[2] # Overall last modification.
255 modified = max(modified, mtime)
258 meta = {'name': container}
260 meta = dict(self.node.attribute_get(props[self.SERIAL]))
261 if until is not None:
262 meta.update({'until_timestamp': tstamp})
263 meta.update({'name': container, 'count': count, 'bytes': bytes})
264 meta.update({'modified': modified})
268 def update_container_meta(self, user, account, container, meta, replace=False):
269 """Update the metadata associated with the container."""
271 logger.debug("update_container_meta: %s %s %s %s", account, container, meta, replace)
273 raise NotAllowedError
274 path, node = self._lookup_container(account, container)
275 self._put_metadata(user, node, meta, replace, False)
278 def get_container_policy(self, user, account, container):
279 """Return a dictionary with the container policy."""
281 logger.debug("get_container_policy: %s %s", account, container)
283 if container not in self._allowed_containers(user, account):
284 raise NotAllowedError
286 path = self._lookup_container(account, container)[0]
287 return self.policy.policy_get(path)
290 def update_container_policy(self, user, account, container, policy, replace=False):
291 """Update the policy associated with the account."""
293 logger.debug("update_container_policy: %s %s %s %s", account, container, policy, replace)
295 raise NotAllowedError
296 path = self._lookup_container(account, container)[0]
297 self._check_policy(policy)
299 for k, v in self.default_policy.iteritems():
302 self.policy.policy_set(path, policy)
305 def put_container(self, user, account, container, policy=None):
306 """Create a new container with the given name."""
308 logger.debug("put_container: %s %s %s", account, container, policy)
310 raise NotAllowedError
312 path, node = self._lookup_container(account, container)
316 raise NameError('Container already exists')
318 self._check_policy(policy)
319 path = '/'.join((account, container))
320 self._put_path(user, self._lookup_account(account, True)[1], path)
321 for k, v in self.default_policy.iteritems():
324 self.policy.policy_set(path, policy)
327 def delete_container(self, user, account, container, until=None):
328 """Delete/purge the container with the given name."""
330 logger.debug("delete_container: %s %s %s", account, container, until)
332 raise NotAllowedError
333 path, node = self._lookup_container(account, container)
335 if until is not None:
336 versions = self.node.node_purge_children(node, until, CLUSTER_HISTORY)
338 self.mapper.map_remv(v)
339 self.node.node_purge_children(node, until, CLUSTER_DELETED)
342 if self._get_statistics(node)[0] > 0:
343 raise IndexError('Container is not empty')
344 versions = self.node.node_purge_children(node, inf, CLUSTER_HISTORY)
346 self.mapper.map_remv(v)
347 self.node.node_purge_children(node, inf, CLUSTER_DELETED)
348 self.node.node_remove(node)
349 self.policy.policy_unset(path)
352 def list_objects(self, user, account, container, prefix='', delimiter=None, marker=None, limit=10000, virtual=True, keys=[], shared=False, until=None):
353 """Return a list of objects existing under a container."""
355 logger.debug("list_objects: %s %s %s %s %s %s %s %s %s %s", account, container, prefix, delimiter, marker, limit, virtual, keys, shared, until)
359 raise NotAllowedError
360 allowed = self.permissions.access_list_paths(user, '/'.join((account, container)))
362 raise NotAllowedError
365 allowed = self.permissions.access_list_shared('/'.join((account, container)))
368 path, node = self._lookup_container(account, container)
369 return self._list_objects(node, path, prefix, delimiter, marker, limit, virtual, keys, until, allowed)
372 def list_object_meta(self, user, account, container, until=None):
373 """Return a list with all the container's object meta keys."""
375 logger.debug("list_object_meta: %s %s %s", account, container, until)
379 raise NotAllowedError
380 allowed = self.permissions.access_list_paths(user, '/'.join((account, container)))
382 raise NotAllowedError
383 path, node = self._lookup_container(account, container)
384 before = until if until is not None else inf
385 return self.node.latest_attribute_keys(node, before, CLUSTER_DELETED, allowed)
388 def get_object_meta(self, user, account, container, name, version=None):
389 """Return a dictionary with the object metadata."""
391 logger.debug("get_object_meta: %s %s %s %s", account, container, name, version)
392 self._can_read(user, account, container, name)
393 path, node = self._lookup_object(account, container, name)
394 props = self._get_version(node, version)
396 modified = props[self.MTIME]
398 modified = self._get_version(node)[self.MTIME] # Overall last modification.
400 meta = dict(self.node.attribute_get(props[self.SERIAL]))
401 meta.update({'name': name, 'bytes': props[self.SIZE]})
402 meta.update({'version': props[self.SERIAL], 'version_timestamp': props[self.MTIME]})
403 meta.update({'modified': modified, 'modified_by': props[self.MUSER]})
407 def update_object_meta(self, user, account, container, name, meta, replace=False):
408 """Update the metadata associated with the object."""
410 logger.debug("update_object_meta: %s %s %s %s %s", account, container, name, meta, replace)
411 self._can_write(user, account, container, name)
412 path, node = self._lookup_object(account, container, name)
413 return self._put_metadata(user, node, meta, replace)
416 def get_object_permissions(self, user, account, container, name):
417 """Return the action allowed on the object, the path
418 from which the object gets its permissions from,
419 along with a dictionary containing the permissions."""
421 logger.debug("get_object_permissions: %s %s %s", account, container, name)
424 path = '/'.join((account, container, name))
425 if self.permissions.access_check(path, self.WRITE, user):
427 elif self.permissions.access_check(path, self.READ, user):
430 raise NotAllowedError
431 path = self._lookup_object(account, container, name)[0]
432 return (allowed,) + self.permissions.access_inherit(path)
435 def update_object_permissions(self, user, account, container, name, permissions):
436 """Update the permissions associated with the object."""
438 logger.debug("update_object_permissions: %s %s %s %s", account, container, name, permissions)
440 raise NotAllowedError
441 path = self._lookup_object(account, container, name)[0]
442 self._check_permissions(path, permissions)
443 self.permissions.access_set(path, permissions)
446 def get_object_public(self, user, account, container, name):
447 """Return the public URL of the object if applicable."""
449 logger.debug("get_object_public: %s %s %s", account, container, name)
450 self._can_read(user, account, container, name)
451 path = self._lookup_object(account, container, name)[0]
452 if self.permissions.public_check(path):
453 return '/public/' + path
457 def update_object_public(self, user, account, container, name, public):
458 """Update the public status of the object."""
460 logger.debug("update_object_public: %s %s %s %s", account, container, name, public)
461 self._can_write(user, account, container, name)
462 path = self._lookup_object(account, container, name)[0]
464 self.permissions.public_unset(path)
466 self.permissions.public_set(path)
469 def get_object_hashmap(self, user, account, container, name, version=None):
470 """Return the object's size and a list with partial hashes."""
472 logger.debug("get_object_hashmap: %s %s %s %s", account, container, name, version)
473 self._can_read(user, account, container, name)
474 path, node = self._lookup_object(account, container, name)
475 props = self._get_version(node, version)
476 hashmap = self.mapper.map_retr(props[self.SERIAL])
477 return props[self.SIZE], [binascii.hexlify(x) for x in hashmap]
480 def update_object_hashmap(self, user, account, container, name, size, hashmap, meta={}, replace_meta=False, permissions=None):
481 """Create/update an object with the specified size and partial hashes."""
483 logger.debug("update_object_hashmap: %s %s %s %s %s", account, container, name, size, hashmap)
484 if permissions is not None and user != account:
485 raise NotAllowedError
486 self._can_write(user, account, container, name)
487 missing = self.blocker.block_ping([binascii.unhexlify(x) for x in hashmap])
490 ie.data = [binascii.hexlify(x) for x in missing]
492 if permissions is not None:
493 path = '/'.join((account, container, name))
494 self._check_permissions(path, permissions)
495 path, node = self._put_object_node(account, container, name)
496 src_version_id, dest_version_id = self._copy_version(user, node, None, node, size)
497 self.mapper.map_stor(dest_version_id, [binascii.unhexlify(x) for x in hashmap])
498 if not replace_meta and src_version_id is not None:
499 self.node.attribute_copy(src_version_id, dest_version_id)
500 self.node.attribute_set(dest_version_id, ((k, v) for k, v in meta.iteritems()))
501 if permissions is not None:
502 self.permissions.access_set(path, permissions)
503 return dest_version_id
505 def _copy_object(self, user, account, src_container, src_name, dest_container, dest_name, dest_meta={}, replace_meta=False, permissions=None, src_version=None):
506 if permissions is not None and user != account:
507 raise NotAllowedError
508 self._can_read(user, account, src_container, src_name)
509 self._can_write(user, account, dest_container, dest_name)
510 src_path, src_node = self._lookup_object(account, src_container, src_name)
511 if permissions is not None:
512 dest_path = '/'.join((account, container, name))
513 self._check_permissions(dest_path, permissions)
514 dest_path, dest_node = self._put_object_node(account, dest_container, dest_name)
515 src_version_id, dest_version_id = self._copy_version(user, src_node, src_version, dest_node)
516 if src_version_id is not None:
517 self._copy_data(src_version_id, dest_version_id)
518 if not replace_meta and src_version_id is not None:
519 self.node.attribute_copy(src_version_id, dest_version_id)
520 self.node.attribute_set(dest_version_id, ((k, v) for k, v in dest_meta.iteritems()))
521 if permissions is not None:
522 self.permissions.access_set(dest_path, permissions)
523 return dest_version_id
526 def copy_object(self, user, account, src_container, src_name, dest_container, dest_name, dest_meta={}, replace_meta=False, permissions=None, src_version=None):
527 """Copy an object's data and metadata."""
529 logger.debug("copy_object: %s %s %s %s %s %s %s %s %s", account, src_container, src_name, dest_container, dest_name, dest_meta, replace_meta, permissions, src_version)
530 return self._copy_object(user, account, src_container, src_name, dest_container, dest_name, dest_meta, replace_meta, permissions, src_version)
533 def move_object(self, user, account, src_container, src_name, dest_container, dest_name, dest_meta={}, replace_meta=False, permissions=None):
534 """Move an object's data and metadata."""
536 logger.debug("move_object: %s %s %s %s %s %s %s %s", account, src_container, src_name, dest_container, dest_name, dest_meta, replace_meta, permissions)
537 dest_version_id = self._copy_object(user, account, src_container, src_name, dest_container, dest_name, dest_meta, replace_meta, permissions, None)
538 self._delete_object(user, account, src_container, src_name)
539 return dest_version_id
541 def _delete_object(self, user, account, container, name, until=None):
543 raise NotAllowedError
545 if until is not None:
546 path = '/'.join((account, container, name))
547 node = self.node.node_lookup(path)
550 versions = self.node.node_purge(node, until, CLUSTER_NORMAL)
551 versions += self.node.node_purge(node, until, CLUSTER_HISTORY)
553 self.mapper.map_remv(v)
554 self.node.node_purge_children(node, until, CLUSTER_DELETED)
556 props = self._get_version(node)
560 self.permissions.access_clear(path)
563 path, node = self._lookup_object(account, container, name)
564 self._copy_version(user, node, None, node, 0, CLUSTER_DELETED)
565 self.permissions.access_clear(path)
568 def delete_object(self, user, account, container, name, until=None):
569 """Delete/purge an object."""
571 logger.debug("delete_object: %s %s %s %s", account, container, name, until)
572 self._delete_object(user, account, container, name, until)
575 def list_versions(self, user, account, container, name):
576 """Return a list of all (version, version_timestamp) tuples for an object."""
578 logger.debug("list_versions: %s %s %s", account, container, name)
579 self._can_read(user, account, container, name)
580 path, node = self._lookup_object(account, container, name)
581 return self.node.node_get_versions(node, ['serial', 'mtime'])
583 @backend_method(autocommit=0)
584 def get_block(self, hash):
585 """Return a block's data."""
587 logger.debug("get_block: %s", hash)
588 blocks = self.blocker.block_retr((binascii.unhexlify(hash),))
590 raise NameError('Block does not exist')
593 @backend_method(autocommit=0)
594 def put_block(self, data):
595 """Store a block and return the hash."""
597 logger.debug("put_block: %s", len(data))
598 hashes, absent = self.blocker.block_stor((data,))
599 return binascii.hexlify(hashes[0])
601 @backend_method(autocommit=0)
602 def update_block(self, hash, data, offset=0):
603 """Update a known block and return the hash."""
605 logger.debug("update_block: %s %s %s", hash, len(data), offset)
606 if offset == 0 and len(data) == self.block_size:
607 return self.put_block(data)
608 h, e = self.blocker.block_delta(binascii.unhexlify(hash), ((offset, data),))
609 return binascii.hexlify(h)
613 def _put_object_node(self, account, container, name):
614 path, parent = self._lookup_container(account, container)
615 path = '/'.join((path, name))
616 node = self.node.node_lookup(path)
618 node = self.node.node_create(parent, path)
621 def _put_path(self, user, parent, path):
622 node = self.node.node_create(parent, path)
623 self.node.version_create(node, 0, None, user, CLUSTER_NORMAL)
626 def _lookup_account(self, account, create=True):
627 node = self.node.node_lookup(account)
628 if node is None and create:
629 node = self._put_path(account, self.ROOTNODE, account) # User is account.
632 def _lookup_container(self, account, container):
633 path = '/'.join((account, container))
634 node = self.node.node_lookup(path)
636 raise NameError('Container does not exist')
639 def _lookup_object(self, account, container, name):
640 path = '/'.join((account, container, name))
641 node = self.node.node_lookup(path)
643 raise NameError('Object does not exist')
646 def _get_properties(self, node, until=None):
647 """Return properties until the timestamp given."""
649 before = until if until is not None else inf
650 props = self.node.version_lookup(node, before, CLUSTER_NORMAL)
651 if props is None and until is not None:
652 props = self.node.version_lookup(node, before, CLUSTER_HISTORY)
654 raise NameError('Path does not exist')
657 def _get_statistics(self, node, until=None):
658 """Return count, sum of size and latest timestamp of everything under node."""
661 stats = self.node.statistics_get(node, CLUSTER_NORMAL)
663 stats = self.node.statistics_latest(node, until, CLUSTER_DELETED)
668 def _get_version(self, node, version=None):
670 props = self.node.version_lookup(node, inf, CLUSTER_NORMAL)
672 raise NameError('Object does not exist')
674 props = self.node.version_get_properties(version)
675 if props is None or props[self.CLUSTER] == CLUSTER_DELETED:
676 raise IndexError('Version does not exist')
679 def _copy_version(self, user, src_node, src_version, dest_node, dest_size=None, dest_cluster=CLUSTER_NORMAL):
681 # Get source serial and size.
682 if src_version is not None:
683 src_props = self._get_version(src_node, src_version)
684 src_version_id = src_props[self.SERIAL]
685 size = src_props[self.SIZE]
687 # Latest or create from scratch.
689 src_props = self._get_version(src_node)
690 src_version_id = src_props[self.SERIAL]
691 size = src_props[self.SIZE]
693 src_version_id = None
695 if dest_size is not None:
698 # Move the latest version at destination to CLUSTER_HISTORY and create new.
699 if src_node == dest_node and src_version is None and src_version_id is not None:
700 self.node.version_recluster(src_version_id, CLUSTER_HISTORY)
702 dest_props = self.node.version_lookup(dest_node, inf, CLUSTER_NORMAL)
703 if dest_props is not None:
704 self.node.version_recluster(dest_props[self.SERIAL], CLUSTER_HISTORY)
705 dest_version_id, mtime = self.node.version_create(dest_node, size, src_version_id, user, dest_cluster)
707 return src_version_id, dest_version_id
709 def _copy_data(self, src_version, dest_version):
710 hashmap = self.mapper.map_retr(src_version)
711 self.mapper.map_stor(dest_version, hashmap)
713 def _get_metadata(self, version):
716 return dict(self.node.attribute_get(version))
718 def _put_metadata(self, user, node, meta, replace=False, copy_data=True):
719 """Create a new version and store metadata."""
721 src_version_id, dest_version_id = self._copy_version(user, node, None, node)
723 if src_version_id is not None:
724 self.node.attribute_copy(src_version_id, dest_version_id)
725 self.node.attribute_del(dest_version_id, (k for k, v in meta.iteritems() if v == ''))
726 self.node.attribute_set(dest_version_id, ((k, v) for k, v in meta.iteritems() if v != ''))
728 self.node.attribute_set(dest_version_id, ((k, v) for k, v in meta.iteritems()))
729 if copy_data and src_version_id is not None:
730 self._copy_data(src_version_id, dest_version_id)
731 return dest_version_id
733 def _list_limits(self, listing, marker, limit):
737 start = listing.index(marker) + 1
740 if not limit or limit > 10000:
744 def _list_objects(self, parent, path, prefix='', delimiter=None, marker=None, limit=10000, virtual=True, keys=[], until=None, allowed=[]):
745 cont_prefix = path + '/'
746 prefix = cont_prefix + prefix
747 start = cont_prefix + marker if marker else None
748 before = until if until is not None else inf
749 filterq = ','.join(keys) if keys else None
751 objects, prefixes = self.node.latest_version_list(parent, prefix, delimiter, start, limit, before, CLUSTER_DELETED, allowed, filterq)
752 objects.extend([(p, None) for p in prefixes] if virtual else [])
753 objects.sort(key=lambda x: x[0])
754 objects = [(x[0][len(cont_prefix):], x[1]) for x in objects]
756 start, limit = self._list_limits([x[0] for x in objects], marker, limit)
757 return objects[start:start + limit]
761 def _check_policy(self, policy):
762 for k in policy.keys():
764 policy[k] = self.default_policy.get(k)
765 for k, v in policy.iteritems():
767 q = int(v) # May raise ValueError.
770 elif k == 'versioning':
771 if v not in ['auto', 'manual', 'none']:
776 # Access control functions.
778 def _check_groups(self, groups):
779 # raise ValueError('Bad characters in groups')
782 def _check_permissions(self, path, permissions):
783 # raise ValueError('Bad characters in permissions')
785 # Check for existing permissions.
786 paths = self.permissions.access_list(path)
788 ae = AttributeError()
792 def _can_read(self, user, account, container, name):
795 path = '/'.join((account, container, name))
796 if not self.permissions.access_check(path, self.READ, user) and not self.permissions.access_check(path, self.WRITE, user):
797 raise NotAllowedError
799 def _can_write(self, user, account, container, name):
802 path = '/'.join((account, container, name))
803 if not self.permissions.access_check(path, self.WRITE, user):
804 raise NotAllowedError
806 def _allowed_accounts(self, user):
808 for path in self.permissions.access_list_paths(user):
809 allow.add(path.split('/', 1)[0])
812 def _allowed_containers(self, user, account):
814 for path in self.permissions.access_list_paths(user, account):
815 allow.add(path.split('/', 2)[1])