1 # Copyright 2011 GRNET S.A. All rights reserved.
3 # Redistribution and use in source and binary forms, with or
4 # without modification, are permitted provided that the following
7 # 1. Redistributions of source code must retain the above
8 # copyright notice, this list of conditions and the following
11 # 2. Redistributions in binary form must reproduce the above
12 # copyright notice, this list of conditions and the following
13 # disclaimer in the documentation and/or other materials
14 # provided with the distribution.
16 # THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
17 # OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
20 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
23 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 # AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
26 # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 # POSSIBILITY OF SUCH DAMAGE.
29 # The views and conclusions contained in the software and
30 # documentation are those of the authors and should not be
31 # interpreted as representing official policies, either expressed
32 # or implied, of GRNET S.A.
41 from base import NotAllowedError, BaseBackend
42 from lib.hashfiler import Mapper, Blocker
44 ( CLUSTER_NORMAL, CLUSTER_HISTORY, CLUSTER_DELETED ) = range(3)
49 logger = logging.getLogger(__name__)
54 def __init__(self, blocksize, blockhash):
55 super(HashMap, self).__init__()
56 self.blocksize = blocksize
57 self.blockhash = blockhash
59 def _hash_raw(self, v):
60 h = hashlib.new(self.blockhash)
66 return self._hash_raw('')
68 return self.__getitem__(0)
74 h += [('\x00' * len(h[0]))] * (s - len(h))
76 h = [self._hash_raw(h[x] + h[x + 1]) for x in range(0, len(h), 2)]
80 def backend_method(func=None, autocommit=1):
83 return backend_method(func, autocommit)
88 def fn(self, *args, **kw):
89 self.wrapper.execute()
91 ret = func(self, *args, **kw)
95 self.wrapper.rollback()
100 class ModularBackend(BaseBackend):
101 """A modular backend.
103 Uses modules for SQL functions and hashfiler for storage.
106 def __init__(self, mod, path, db):
107 self.hash_algorithm = 'sha256'
108 self.block_size = 4 * 1024 * 1024 # 4MB
110 self.default_policy = {'quota': 0, 'versioning': 'auto'}
112 if path and not os.path.exists(path):
114 if not os.path.isdir(path):
115 raise RuntimeError("Cannot open path '%s'" % (path,))
118 self.mod = sys.modules[mod]
119 self.wrapper = self.mod.dbwrapper.DBWrapper(db)
121 params = {'blocksize': self.block_size,
122 'blockpath': os.path.join(path + '/blocks'),
123 'hashtype': self.hash_algorithm}
124 self.blocker = Blocker(**params)
126 params = {'mappath': os.path.join(path + '/maps'),
127 'namelen': self.blocker.hashlen}
128 self.mapper = Mapper(**params)
130 params = {'wrapper': self.wrapper}
131 self.permissions = self.mod.permissions.Permissions(**params)
132 for x in ['READ', 'WRITE']:
133 setattr(self, x, getattr(self.mod.permissions, x))
134 self.policy = self.mod.policy.Policy(**params)
135 self.node = self.mod.node.Node(**params)
136 for x in ['ROOTNODE', 'SERIAL', 'HASH', 'SIZE', 'MTIME', 'MUSER', 'CLUSTER']:
137 setattr(self, x, getattr(self.mod.node, x))
140 def list_accounts(self, user, marker=None, limit=10000):
141 """Return a list of accounts the user can access."""
143 logger.debug("list_accounts: %s %s %s", user, marker, limit)
144 allowed = self._allowed_accounts(user)
145 start, limit = self._list_limits(allowed, marker, limit)
146 return allowed[start:start + limit]
149 def get_account_meta(self, user, account, until=None):
150 """Return a dictionary with the account metadata."""
152 logger.debug("get_account_meta: %s %s", account, until)
153 path, node = self._lookup_account(account, user == account)
155 if until or node is None or account not in self._allowed_accounts(user):
156 raise NotAllowedError
158 props = self._get_properties(node, until)
159 mtime = props[self.MTIME]
163 count, bytes, tstamp = self._get_statistics(node, until)
164 tstamp = max(tstamp, mtime)
168 modified = self._get_statistics(node)[2] # Overall last modification.
169 modified = max(modified, mtime)
172 meta = {'name': account}
175 if props is not None:
176 meta.update(dict(self.node.attribute_get(props[self.SERIAL])))
177 if until is not None:
178 meta.update({'until_timestamp': tstamp})
179 meta.update({'name': account, 'count': count, 'bytes': bytes})
180 meta.update({'modified': modified})
184 def update_account_meta(self, user, account, meta, replace=False):
185 """Update the metadata associated with the account."""
187 logger.debug("update_account_meta: %s %s %s", account, meta, replace)
189 raise NotAllowedError
190 path, node = self._lookup_account(account, True)
191 self._put_metadata(user, node, meta, replace, False)
194 def get_account_groups(self, user, account):
195 """Return a dictionary with the user groups defined for this account."""
197 logger.debug("get_account_groups: %s", account)
199 if account not in self._allowed_accounts(user):
200 raise NotAllowedError
202 self._lookup_account(account, True)
203 return self.permissions.group_dict(account)
206 def update_account_groups(self, user, account, groups, replace=False):
207 """Update the groups associated with the account."""
209 logger.debug("update_account_groups: %s %s %s", account, groups, replace)
211 raise NotAllowedError
212 self._lookup_account(account, True)
213 self._check_groups(groups)
215 self.permissions.group_destroy(account)
216 for k, v in groups.iteritems():
217 if not replace: # If not already deleted.
218 self.permissions.group_delete(account, k)
220 self.permissions.group_addmany(account, k, v)
223 def put_account(self, user, account):
224 """Create a new account with the given name."""
226 logger.debug("put_account: %s", account)
228 raise NotAllowedError
229 node = self.node.node_lookup(account)
231 raise NameError('Account already exists')
232 self._put_path(user, self.ROOTNODE, account)
235 def delete_account(self, user, account):
236 """Delete the account with the given name."""
238 logger.debug("delete_account: %s", account)
240 raise NotAllowedError
241 node = self.node.node_lookup(account)
244 if not self.node.node_remove(node):
245 raise IndexError('Account is not empty')
246 self.permissions.group_destroy(account)
249 def list_containers(self, user, account, marker=None, limit=10000, shared=False, until=None):
250 """Return a list of containers existing under an account."""
252 logger.debug("list_containers: %s %s %s %s %s", account, marker, limit, shared, until)
254 if until or account not in self._allowed_accounts(user):
255 raise NotAllowedError
256 allowed = self._allowed_containers(user, account)
257 start, limit = self._list_limits(allowed, marker, limit)
258 return allowed[start:start + limit]
260 allowed = [x.split('/', 2)[1] for x in self.permissions.access_list_shared(account)]
261 allowed = list(set(allowed))
262 start, limit = self._list_limits(allowed, marker, limit)
263 return allowed[start:start + limit]
264 node = self.node.node_lookup(account)
265 return [x[0] for x in self._list_objects(node, account, '', '/', marker, limit, False, [], until)]
268 def get_container_meta(self, user, account, container, until=None):
269 """Return a dictionary with the container metadata."""
271 logger.debug("get_container_meta: %s %s %s", account, container, until)
273 if until or container not in self._allowed_containers(user, account):
274 raise NotAllowedError
275 path, node = self._lookup_container(account, container)
276 props = self._get_properties(node, until)
277 mtime = props[self.MTIME]
278 count, bytes, tstamp = self._get_statistics(node, until)
279 tstamp = max(tstamp, mtime)
283 modified = self._get_statistics(node)[2] # Overall last modification.
284 modified = max(modified, mtime)
287 meta = {'name': container}
289 meta = dict(self.node.attribute_get(props[self.SERIAL]))
290 if until is not None:
291 meta.update({'until_timestamp': tstamp})
292 meta.update({'name': container, 'count': count, 'bytes': bytes})
293 meta.update({'modified': modified})
297 def update_container_meta(self, user, account, container, meta, replace=False):
298 """Update the metadata associated with the container."""
300 logger.debug("update_container_meta: %s %s %s %s", account, container, meta, replace)
302 raise NotAllowedError
303 path, node = self._lookup_container(account, container)
304 self._put_metadata(user, node, meta, replace, False)
307 def get_container_policy(self, user, account, container):
308 """Return a dictionary with the container policy."""
310 logger.debug("get_container_policy: %s %s", account, container)
312 if container not in self._allowed_containers(user, account):
313 raise NotAllowedError
315 path = self._lookup_container(account, container)[0]
316 return self.policy.policy_get(path)
319 def update_container_policy(self, user, account, container, policy, replace=False):
320 """Update the policy associated with the account."""
322 logger.debug("update_container_policy: %s %s %s %s", account, container, policy, replace)
324 raise NotAllowedError
325 path = self._lookup_container(account, container)[0]
326 self._check_policy(policy)
328 for k, v in self.default_policy.iteritems():
331 self.policy.policy_set(path, policy)
334 def put_container(self, user, account, container, policy=None):
335 """Create a new container with the given name."""
337 logger.debug("put_container: %s %s %s", account, container, policy)
339 raise NotAllowedError
341 path, node = self._lookup_container(account, container)
345 raise NameError('Container already exists')
347 self._check_policy(policy)
348 path = '/'.join((account, container))
349 self._put_path(user, self._lookup_account(account, True)[1], path)
350 for k, v in self.default_policy.iteritems():
353 self.policy.policy_set(path, policy)
356 def delete_container(self, user, account, container, until=None):
357 """Delete/purge the container with the given name."""
359 logger.debug("delete_container: %s %s %s", account, container, until)
361 raise NotAllowedError
362 path, node = self._lookup_container(account, container)
364 if until is not None:
365 self.node.node_purge_children(node, until, CLUSTER_HISTORY)
366 self.node.node_purge_children(node, until, CLUSTER_DELETED)
369 if self._get_statistics(node)[0] > 0:
370 raise IndexError('Container is not empty')
371 self.node.node_purge_children(node, inf, CLUSTER_HISTORY)
372 self.node.node_purge_children(node, inf, CLUSTER_DELETED)
373 self.node.node_remove(node)
374 self.policy.policy_unset(path)
377 def list_objects(self, user, account, container, prefix='', delimiter=None, marker=None, limit=10000, virtual=True, keys=[], shared=False, until=None):
378 """Return a list of objects existing under a container."""
380 logger.debug("list_objects: %s %s %s %s %s %s %s %s %s %s", account, container, prefix, delimiter, marker, limit, virtual, keys, shared, until)
384 raise NotAllowedError
385 allowed = self.permissions.access_list_paths(user, '/'.join((account, container)))
387 raise NotAllowedError
390 allowed = self.permissions.access_list_shared('/'.join((account, container)))
393 path, node = self._lookup_container(account, container)
394 return self._list_objects(node, path, prefix, delimiter, marker, limit, virtual, keys, until, allowed)
397 def list_object_meta(self, user, account, container, until=None):
398 """Return a list with all the container's object meta keys."""
400 logger.debug("list_object_meta: %s %s %s", account, container, until)
404 raise NotAllowedError
405 allowed = self.permissions.access_list_paths(user, '/'.join((account, container)))
407 raise NotAllowedError
408 path, node = self._lookup_container(account, container)
409 before = until if until is not None else inf
410 return self.node.latest_attribute_keys(node, before, CLUSTER_DELETED, allowed)
413 def get_object_meta(self, user, account, container, name, version=None):
414 """Return a dictionary with the object metadata."""
416 logger.debug("get_object_meta: %s %s %s %s", account, container, name, version)
417 self._can_read(user, account, container, name)
418 path, node = self._lookup_object(account, container, name)
419 props = self._get_version(node, version)
421 modified = props[self.MTIME]
424 modified = self._get_version(node)[self.MTIME] # Overall last modification.
425 except NameError: # Object may be deleted.
426 del_props = self.node.version_lookup(node, inf, CLUSTER_DELETED)
427 if del_props is None:
428 raise NameError('Object does not exist')
429 modified = del_props[self.MTIME]
431 meta = dict(self.node.attribute_get(props[self.SERIAL]))
432 meta.update({'name': name, 'bytes': props[self.SIZE]})
433 meta.update({'version': props[self.SERIAL], 'version_timestamp': props[self.MTIME]})
434 meta.update({'modified': modified, 'modified_by': props[self.MUSER]})
438 def update_object_meta(self, user, account, container, name, meta, replace=False):
439 """Update the metadata associated with the object."""
441 logger.debug("update_object_meta: %s %s %s %s %s", account, container, name, meta, replace)
442 self._can_write(user, account, container, name)
443 path, node = self._lookup_object(account, container, name)
444 return self._put_metadata(user, node, meta, replace)
447 def get_object_permissions(self, user, account, container, name):
448 """Return the action allowed on the object, the path
449 from which the object gets its permissions from,
450 along with a dictionary containing the permissions."""
452 logger.debug("get_object_permissions: %s %s %s", account, container, name)
455 path = '/'.join((account, container, name))
456 if self.permissions.access_check(path, self.WRITE, user):
458 elif self.permissions.access_check(path, self.READ, user):
461 raise NotAllowedError
462 path = self._lookup_object(account, container, name)[0]
463 return (allowed,) + self.permissions.access_inherit(path)
466 def update_object_permissions(self, user, account, container, name, permissions):
467 """Update the permissions associated with the object."""
469 logger.debug("update_object_permissions: %s %s %s %s", account, container, name, permissions)
471 raise NotAllowedError
472 path = self._lookup_object(account, container, name)[0]
473 self._check_permissions(path, permissions)
474 self.permissions.access_set(path, permissions)
477 def get_object_public(self, user, account, container, name):
478 """Return the public URL of the object if applicable."""
480 logger.debug("get_object_public: %s %s %s", account, container, name)
481 self._can_read(user, account, container, name)
482 path = self._lookup_object(account, container, name)[0]
483 if self.permissions.public_check(path):
484 return '/public/' + path
488 def update_object_public(self, user, account, container, name, public):
489 """Update the public status of the object."""
491 logger.debug("update_object_public: %s %s %s %s", account, container, name, public)
492 self._can_write(user, account, container, name)
493 path = self._lookup_object(account, container, name)[0]
495 self.permissions.public_unset(path)
497 self.permissions.public_set(path)
500 def get_object_hashmap(self, user, account, container, name, version=None):
501 """Return the object's size and a list with partial hashes."""
503 logger.debug("get_object_hashmap: %s %s %s %s", account, container, name, version)
504 self._can_read(user, account, container, name)
505 path, node = self._lookup_object(account, container, name)
506 props = self._get_version(node, version)
507 hashmap = self.mapper.map_retr(binascii.unhexlify(props[self.HASH]))
508 return props[self.SIZE], [binascii.hexlify(x) for x in hashmap]
511 def update_object_hashmap(self, user, account, container, name, size, hashmap, meta={}, replace_meta=False, permissions=None):
512 """Create/update an object with the specified size and partial hashes."""
514 logger.debug("update_object_hashmap: %s %s %s %s %s", account, container, name, size, hashmap)
515 if permissions is not None and user != account:
516 raise NotAllowedError
517 self._can_write(user, account, container, name)
518 map = HashMap(self.block_size, self.hash_algorithm)
519 map.extend([binascii.unhexlify(x) for x in hashmap])
520 missing = self.blocker.block_ping(map)
523 ie.data = [binascii.hexlify(x) for x in missing]
525 if permissions is not None:
526 path = '/'.join((account, container, name))
527 self._check_permissions(path, permissions)
528 path, node = self._put_object_node(account, container, name)
530 src_version_id, dest_version_id = self._copy_version(user, node, None, node, binascii.hexlify(hash), size)
531 self.mapper.map_stor(hash, map)
532 if not replace_meta and src_version_id is not None:
533 self.node.attribute_copy(src_version_id, dest_version_id)
534 self.node.attribute_set(dest_version_id, ((k, v) for k, v in meta.iteritems()))
535 if permissions is not None:
536 self.permissions.access_set(path, permissions)
537 return dest_version_id
539 def _copy_object(self, user, src_account, src_container, src_name, dest_account, dest_container, dest_name, dest_meta={}, replace_meta=False, permissions=None, src_version=None):
540 if permissions is not None and user != dest_account:
541 raise NotAllowedError
542 self._can_read(user, src_account, src_container, src_name)
543 self._can_write(user, dest_account, dest_container, dest_name)
544 src_path, src_node = self._lookup_object(src_account, src_container, src_name)
545 self._get_version(src_node, src_version)
546 if permissions is not None:
547 dest_path = '/'.join((dest_account, dest_container, dest_name))
548 self._check_permissions(dest_path, permissions)
549 dest_path, dest_node = self._put_object_node(dest_account, dest_container, dest_name)
550 src_version_id, dest_version_id = self._copy_version(user, src_node, src_version, dest_node)
551 if not replace_meta and src_version_id is not None:
552 self.node.attribute_copy(src_version_id, dest_version_id)
553 self.node.attribute_set(dest_version_id, ((k, v) for k, v in dest_meta.iteritems()))
554 if permissions is not None:
555 self.permissions.access_set(dest_path, permissions)
556 return dest_version_id
559 def copy_object(self, user, src_account, src_container, src_name, dest_account, dest_container, dest_name, dest_meta={}, replace_meta=False, permissions=None, src_version=None):
560 """Copy an object's data and metadata."""
562 logger.debug("copy_object: %s %s %s %s %s %s %s %s %s %s", src_account, src_container, src_name, dest_account, dest_container, dest_name, dest_meta, replace_meta, permissions, src_version)
563 return self._copy_object(user, src_account, src_container, src_name, dest_account, dest_container, dest_name, dest_meta, replace_meta, permissions, src_version)
566 def move_object(self, user, src_account, src_container, src_name, dest_account, dest_container, dest_name, dest_meta={}, replace_meta=False, permissions=None):
567 """Move an object's data and metadata."""
569 logger.debug("move_object: %s %s %s %s %s %s %s %s %s", src_account, src_container, src_name, dest_account, dest_container, dest_name, dest_meta, replace_meta, permissions)
570 if user != src_account:
571 raise NotAllowedError
572 dest_version_id = self._copy_object(user, src_account, src_container, src_name, dest_account, dest_container, dest_name, dest_meta, replace_meta, permissions, None)
573 self._delete_object(user, src_account, src_container, src_name)
574 return dest_version_id
576 def _delete_object(self, user, account, container, name, until=None):
578 raise NotAllowedError
580 if until is not None:
581 path = '/'.join((account, container, name))
582 node = self.node.node_lookup(path)
585 self.node.node_purge(node, until, CLUSTER_NORMAL)
586 self.node.node_purge(node, until, CLUSTER_HISTORY)
587 self.node.node_purge_children(node, until, CLUSTER_DELETED)
589 props = self._get_version(node)
593 self.permissions.access_clear(path)
596 path, node = self._lookup_object(account, container, name)
597 self._copy_version(user, node, None, node, None, 0, CLUSTER_DELETED)
598 self.permissions.access_clear(path)
601 def delete_object(self, user, account, container, name, until=None):
602 """Delete/purge an object."""
604 logger.debug("delete_object: %s %s %s %s", account, container, name, until)
605 self._delete_object(user, account, container, name, until)
608 def list_versions(self, user, account, container, name):
609 """Return a list of all (version, version_timestamp) tuples for an object."""
611 logger.debug("list_versions: %s %s %s", account, container, name)
612 self._can_read(user, account, container, name)
613 path, node = self._lookup_object(account, container, name)
614 versions = self.node.node_get_versions(node)
615 return [[x[self.SERIAL], x[self.MTIME]] for x in versions if x[self.CLUSTER] != CLUSTER_DELETED]
617 @backend_method(autocommit=0)
618 def get_block(self, hash):
619 """Return a block's data."""
621 logger.debug("get_block: %s", hash)
622 blocks = self.blocker.block_retr((binascii.unhexlify(hash),))
624 raise NameError('Block does not exist')
627 @backend_method(autocommit=0)
628 def put_block(self, data):
629 """Store a block and return the hash."""
631 logger.debug("put_block: %s", len(data))
632 hashes, absent = self.blocker.block_stor((data,))
633 return binascii.hexlify(hashes[0])
635 @backend_method(autocommit=0)
636 def update_block(self, hash, data, offset=0):
637 """Update a known block and return the hash."""
639 logger.debug("update_block: %s %s %s", hash, len(data), offset)
640 if offset == 0 and len(data) == self.block_size:
641 return self.put_block(data)
642 h, e = self.blocker.block_delta(binascii.unhexlify(hash), ((offset, data),))
643 return binascii.hexlify(h)
647 def _put_object_node(self, account, container, name):
648 path, parent = self._lookup_container(account, container)
649 path = '/'.join((path, name))
650 node = self.node.node_lookup(path)
652 node = self.node.node_create(parent, path)
655 def _put_path(self, user, parent, path):
656 node = self.node.node_create(parent, path)
657 self.node.version_create(node, None, 0, None, user, CLUSTER_NORMAL)
660 def _lookup_account(self, account, create=True):
661 node = self.node.node_lookup(account)
662 if node is None and create:
663 node = self._put_path(account, self.ROOTNODE, account) # User is account.
666 def _lookup_container(self, account, container):
667 path = '/'.join((account, container))
668 node = self.node.node_lookup(path)
670 raise NameError('Container does not exist')
673 def _lookup_object(self, account, container, name):
674 path = '/'.join((account, container, name))
675 node = self.node.node_lookup(path)
677 raise NameError('Object does not exist')
680 def _get_properties(self, node, until=None):
681 """Return properties until the timestamp given."""
683 before = until if until is not None else inf
684 props = self.node.version_lookup(node, before, CLUSTER_NORMAL)
685 if props is None and until is not None:
686 props = self.node.version_lookup(node, before, CLUSTER_HISTORY)
688 raise NameError('Path does not exist')
691 def _get_statistics(self, node, until=None):
692 """Return count, sum of size and latest timestamp of everything under node."""
695 stats = self.node.statistics_get(node, CLUSTER_NORMAL)
697 stats = self.node.statistics_latest(node, until, CLUSTER_DELETED)
702 def _get_version(self, node, version=None):
704 props = self.node.version_lookup(node, inf, CLUSTER_NORMAL)
706 raise NameError('Object does not exist')
708 props = self.node.version_get_properties(version)
709 if props is None or props[self.CLUSTER] == CLUSTER_DELETED:
710 raise IndexError('Version does not exist')
713 def _copy_version(self, user, src_node, src_version, dest_node, dest_hash=None, dest_size=None, dest_cluster=CLUSTER_NORMAL):
715 # Get source serial and size.
716 if src_version is not None:
717 src_props = self._get_version(src_node, src_version)
718 src_version_id = src_props[self.SERIAL]
719 hash = src_props[self.HASH]
720 size = src_props[self.SIZE]
722 # Latest or create from scratch.
724 src_props = self._get_version(src_node)
725 src_version_id = src_props[self.SERIAL]
726 hash = src_props[self.HASH]
727 size = src_props[self.SIZE]
729 src_version_id = None
732 if dest_hash is not None:
734 if dest_size is not None:
737 # Move the latest version at destination to CLUSTER_HISTORY and create new.
738 if src_node == dest_node and src_version is None and src_version_id is not None:
739 self.node.version_recluster(src_version_id, CLUSTER_HISTORY)
741 dest_props = self.node.version_lookup(dest_node, inf, CLUSTER_NORMAL)
742 if dest_props is not None:
743 self.node.version_recluster(dest_props[self.SERIAL], CLUSTER_HISTORY)
744 dest_version_id, mtime = self.node.version_create(dest_node, hash, size, src_version_id, user, dest_cluster)
746 return src_version_id, dest_version_id
748 def _get_metadata(self, version):
751 return dict(self.node.attribute_get(version))
753 def _put_metadata(self, user, node, meta, replace=False, copy_data=True):
754 """Create a new version and store metadata."""
756 src_version_id, dest_version_id = self._copy_version(user, node, None, node)
758 if src_version_id is not None:
759 self.node.attribute_copy(src_version_id, dest_version_id)
760 self.node.attribute_del(dest_version_id, (k for k, v in meta.iteritems() if v == ''))
761 self.node.attribute_set(dest_version_id, ((k, v) for k, v in meta.iteritems() if v != ''))
763 self.node.attribute_set(dest_version_id, ((k, v) for k, v in meta.iteritems()))
764 return dest_version_id
766 def _list_limits(self, listing, marker, limit):
770 start = listing.index(marker) + 1
773 if not limit or limit > 10000:
777 def _list_objects(self, parent, path, prefix='', delimiter=None, marker=None, limit=10000, virtual=True, keys=[], until=None, allowed=[]):
778 cont_prefix = path + '/'
779 prefix = cont_prefix + prefix
780 start = cont_prefix + marker if marker else None
781 before = until if until is not None else inf
782 filterq = ','.join(keys) if keys else None
784 objects, prefixes = self.node.latest_version_list(parent, prefix, delimiter, start, limit, before, CLUSTER_DELETED, allowed, filterq)
785 objects.extend([(p, None) for p in prefixes] if virtual else [])
786 objects.sort(key=lambda x: x[0])
787 objects = [(x[0][len(cont_prefix):], x[1]) for x in objects]
789 start, limit = self._list_limits([x[0] for x in objects], marker, limit)
790 return objects[start:start + limit]
794 def _check_policy(self, policy):
795 for k in policy.keys():
797 policy[k] = self.default_policy.get(k)
798 for k, v in policy.iteritems():
800 q = int(v) # May raise ValueError.
803 elif k == 'versioning':
804 if v not in ['auto', 'manual', 'none']:
809 # Access control functions.
811 def _check_groups(self, groups):
812 # raise ValueError('Bad characters in groups')
815 def _check_permissions(self, path, permissions):
816 # raise ValueError('Bad characters in permissions')
818 # Check for existing permissions.
819 paths = self.permissions.access_list(path)
821 ae = AttributeError()
825 def _can_read(self, user, account, container, name):
828 path = '/'.join((account, container, name))
829 if not self.permissions.access_check(path, self.READ, user) and not self.permissions.access_check(path, self.WRITE, user):
830 raise NotAllowedError
832 def _can_write(self, user, account, container, name):
835 path = '/'.join((account, container, name))
836 if not self.permissions.access_check(path, self.WRITE, user):
837 raise NotAllowedError
839 def _allowed_accounts(self, user):
841 for path in self.permissions.access_list_paths(user):
842 allow.add(path.split('/', 1)[0])
845 def _allowed_containers(self, user, account):
847 for path in self.permissions.access_list_paths(user, account):
848 allow.add(path.split('/', 2)[1])