From 5e0683618eb79b703238c4a24073aa0fd2882f4c Mon Sep 17 00:00:00 2001 From: Antony Chazapis Date: Thu, 9 Feb 2012 11:41:12 +0200 Subject: [PATCH] Update permission checks in modular backend. Refs #1984 --- pithos/backends/lib/sqlite/permissions.py | 14 ++++++++--- pithos/backends/modular.py | 38 ++++++++++++++++++++++++----- 2 files changed, 43 insertions(+), 9 deletions(-) diff --git a/pithos/backends/lib/sqlite/permissions.py b/pithos/backends/lib/sqlite/permissions.py index 5fd8508..72f290a 100644 --- a/pithos/backends/lib/sqlite/permissions.py +++ b/pithos/backends/lib/sqlite/permissions.py @@ -61,9 +61,17 @@ class Permissions(XFeatures, Groups, Public): """Set permissions for path. The permissions dict maps 'read', 'write' keys to member lists.""" - self.xfeature_destroy(path) - self.access_grant(path, READ, permissions.get('read', [])) - self.access_grant(path, WRITE, permissions.get('write', [])) + r = permissions.get('read', []) + w = permissions.get('write', []) + if not r and not w: + self.xfeature_destroy(path) + return + feature = self.xfeature_create(path) + self.feature_clear(feature) + if r: + self.feature_setmany(feature, READ, r) + if w: + self.feature_setmany(feature, WRITE, w) def access_clear(self, path): """Revoke access to path (both permissions and public).""" diff --git a/pithos/backends/modular.py b/pithos/backends/modular.py index d41ded5..ce67f28 100644 --- a/pithos/backends/modular.py +++ b/pithos/backends/modular.py @@ -401,6 +401,8 @@ class ModularBackend(BaseBackend): self.node.node_remove(node) self.queue.send(user, 'diskspace', 0, {'action': 'delete', 'total': 0}) + # XXX: Up to here... + @backend_method def list_objects(self, user, account, container, prefix='', delimiter=None, marker=None, limit=10000, virtual=True, domain=None, keys=[], shared=False, until=None, size_range=None): """Return a list of objects existing under a container.""" @@ -920,18 +922,42 @@ class ModularBackend(BaseBackend): def _check_permissions(self, path, permissions): # raise ValueError('Bad characters in permissions') + pass # Check for existing permissions. - paths = self.permissions.access_list(path) - if paths: - ae = AttributeError() - ae.data = paths - raise ae +# paths = self.permissions.access_list(path) +# if paths: +# ae = AttributeError() +# ae.data = paths +# raise ae + + def _get_permissions_path(self, account, container, name): + path = '/'.join((account, container, name)) + permission_paths = self.permissions.access_inherit(path) + permission_paths.sort() + permission_paths.reverse() + for p in permission_paths: + if p == path: + return p + else: + try: + parts = p.split('/', 2) + if len(parts) != 3: + return None + path, node = self._lookup_object(*p.split('/', 2)) + props = self._get_version(node) + # XXX: Put type in properties... + meta = dict(self.node.attribute_get(props[self.SERIAL], 'pithos')) + if meta['Content-Type'] == 'application/directory': + return p + except NameError: + pass + return None def _can_read(self, user, account, container, name): if user == account: return True - path = '/'.join((account, container, name)) + path = self._get_permissions_path(account, container, name) if not self.permissions.access_check(path, self.READ, user) and not self.permissions.access_check(path, self.WRITE, user): raise NotAllowedError -- 1.7.10.4