Update permission checks in modular backend.

Refs #1984

diff --git a/pithos/backends/lib/sqlite/permissions.py b/pithos/backends/lib/sqlite/permissions.py
index 5fd8508..72f290a 100644 (file)
--- a/pithos/backends/lib/sqlite/permissions.py
+++ b/pithos/backends/lib/sqlite/permissions.py
@@ -61,9 +61,17 @@ class Permissions(XFeatures, Groups, Public):
         """Set permissions for path. The permissions dict
            maps 'read', 'write' keys to member lists."""
         
         """Set permissions for path. The permissions dict
            maps 'read', 'write' keys to member lists."""
         

-        self.xfeature_destroy(path)
-        self.access_grant(path, READ, permissions.get('read', []))
-        self.access_grant(path, WRITE, permissions.get('write', []))
+        r = permissions.get('read', [])
+        w = permissions.get('write', [])
+        if not r and not w:
+            self.xfeature_destroy(path)
+            return
+        feature = self.xfeature_create(path)
+        self.feature_clear(feature)
+        if r:
+            self.feature_setmany(feature, READ, r)
+        if w:
+            self.feature_setmany(feature, WRITE, w)

     
     def access_clear(self, path):
         """Revoke access to path (both permissions and public)."""
     
     def access_clear(self, path):
         """Revoke access to path (both permissions and public)."""

diff --git a/pithos/backends/modular.py b/pithos/backends/modular.py
index d41ded5..ce67f28 100644 (file)
--- a/pithos/backends/modular.py
+++ b/pithos/backends/modular.py
@@ -401,6 +401,8 @@ class ModularBackend(BaseBackend):
         self.node.node_remove(node)
         self.queue.send(user, 'diskspace', 0, {'action': 'delete', 'total': 0})
     
         self.node.node_remove(node)
         self.queue.send(user, 'diskspace', 0, {'action': 'delete', 'total': 0})
     

+    # XXX: Up to here...
+    

     @backend_method
     def list_objects(self, user, account, container, prefix='', delimiter=None, marker=None, limit=10000, virtual=True, domain=None, keys=[], shared=False, until=None, size_range=None):
         """Return a list of objects existing under a container."""
     @backend_method
     def list_objects(self, user, account, container, prefix='', delimiter=None, marker=None, limit=10000, virtual=True, domain=None, keys=[], shared=False, until=None, size_range=None):
         """Return a list of objects existing under a container."""

@@ -920,18 +922,42 @@ class ModularBackend(BaseBackend):
     
     def _check_permissions(self, path, permissions):
         # raise ValueError('Bad characters in permissions')
     
     def _check_permissions(self, path, permissions):
         # raise ValueError('Bad characters in permissions')

+        pass

         
         # Check for existing permissions.
         
         # Check for existing permissions.

-        paths = self.permissions.access_list(path)
-        if paths:
-            ae = AttributeError()
-            ae.data = paths
-            raise ae
+#         paths = self.permissions.access_list(path)
+#         if paths:
+#             ae = AttributeError()
+#             ae.data = paths
+#             raise ae
+    
+    def _get_permissions_path(self, account, container, name):
+        path = '/'.join((account, container, name))
+        permission_paths = self.permissions.access_inherit(path)
+        permission_paths.sort()
+        permission_paths.reverse()
+        for p in permission_paths:
+            if p == path:
+                return p
+            else:
+                try:
+                    parts = p.split('/', 2)
+                    if len(parts) != 3:
+                        return None
+                    path, node = self._lookup_object(*p.split('/', 2))
+                    props = self._get_version(node)
+                    # XXX: Put type in properties...
+                    meta = dict(self.node.attribute_get(props[self.SERIAL], 'pithos'))
+                    if meta['Content-Type'] == 'application/directory':
+                        return p
+                except NameError:
+                    pass
+        return None

     
     def _can_read(self, user, account, container, name):
         if user == account:
             return True
     
     def _can_read(self, user, account, container, name):
         if user == account:
             return True

-        path = '/'.join((account, container, name))
+        path = self._get_permissions_path(account, container, name)

         if not self.permissions.access_check(path, self.READ, user) and not self.permissions.access_check(path, self.WRITE, user):
             raise NotAllowedError
     
         if not self.permissions.access_check(path, self.READ, user) and not self.permissions.access_check(path, self.WRITE, user):
             raise NotAllowedError