IPP Software Navigation Tools IPP Links Communication Pan-STARRS Links

Ignore:
Timestamp:
Apr 16, 2015, 12:59:04 PM (11 years ago)
Author:
bills
Message:

migrate from prototype access control code to database based storage of the information

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/pstamp/scripts/pstampparse.pl

    r38131 r38132  
    5555die "invalid mode '$mode'" unless ($mode eq "list_uri") or ($mode eq "queue_job");
    5656die "--file is required"   unless defined($request_file_name);
    57 
    58 if ($mode ne "list_uri") {
    59     die "req_id is required"  if !$req_id;
     57die "req_id is required"  unless defined $req_id;
     58if ($mode ne 'list_uri') {
    6059    die "outdir is required"  if !$outdir;
    61 #    die "product is required" if !$product;
    6260} else {
    63     # mode eq 'list_uri' (used for parser testing)
    64     # these values won't be used for anything but should be defined to avoid errors
    65     $req_id  = 0;
    66     $outdir  = "nowhere";
    67     $product = "dummy";
     61    $outdir = "somewhere" if !$outdir
    6862}
    6963
     
    9791
    9892$product = 'NULL' unless $product;
     93
     94
     95# look up some defaults
     96my $defaultAccessLevel = metadataLookupS32($ipprc->{_siteConfig}, 'PSTAMP_DEFAULT_ACCESS_LEVEL');
     97if (!defined $defaultAccessLevel) {
     98    warn("cannot find 'PSTAMP_DEFAULT_ACCESS_LEVEL' in site config");
     99    exit ($PS_EXIT_CONFIG_ERROR);
     100}
    99101
    100102# look up the default data store product.
     
    187189
    188190# Adjust the label for requests coming in over the web upload interface
     191# XXX: do this later based on the user information
    189192
    190193my $label_changed = 0;
     194# see below
     195if (0) {
    191196if ($label and $label eq "WEB.UP") {
    192197    my $lcname = lc($req_name);
     
    215220    print "Setting label for $req_name to $label\n" if $label_changed;
    216221}
     222}
    217223
    218224# product passed in is either one specific to the submitting pstampDataStore or the default
     
    224230# XXX perhaps do this prior to label setting above after domain/user table is implemented
    225231my $productForUser;
    226 my $accessLevel = getUsersAccessLevel($email, \$label, \$productForUser);
     232my $labelForUser = $label;
     233my $accessLevel = getUsersAccessLevel($email, \$labelForUser, \$productForUser);
    227234if ($accessLevel < 0) {
    228235    print STDERR "Data access is forbidden.\n";
     
    230237}
    231238
     239if ($label and $label eq 'WEB.UP') {
     240    if ($labelForUser) {
     241        $label = $labelForUser;
     242        $label_changed = 1;
     243    }
     244}
     245
     246# XXX: Think through when and if we change the product.
    232247# if the product is the system default, set it to the product for the user@domain
    233248if ($productIsDefault or $product eq 'NULL') {
     
    12381253}
    12391254
    1240 # Prototype function for setting access level.
    1241 # XXX: Implement something more flexible using the database.
     1255# get user's access level default label and output product
    12421256sub getUsersAccessLevel {
    12431257    my $email = shift;
     
    12451259    my $r_product = shift;
    12461260
     1261    # $r_label is a copy of the initial label. We change it to a user specific one
     1262    # if one is found.
    12471263    my $label = $$r_label;
    12481264
     1265    # default settings
     1266    $$r_label   =  undef;
     1267    $$r_product =  undef;
    12491268    my $level = -1;
    12501269
    12511270    if (!$email) {
    1252         # No email provided. Eventually this will be forbidden.
    1253         # For now in order to temporarily continue to support the version 1 request format
     1271        # No email provided.
     1272        # For now in order to temporarily continue to support the version 1 request format.
    12541273        # set the access rights based on the assigned label.
     1274        # Before deployment this will be forbidden.
    12551275        if ($label eq 'IFA' or $label eq 'QUB' or $label =~ 'MOPS') {
    1256             $level = 0;
     1276            $level = 2;
    12571277        } else {
    1258             # access rights PS1 data only
    1259             $level = 1;
     1278            $level = $defaultAccessLevel;
     1279        }
     1280        return $level
     1281    }
     1282
     1283    # we've got an email check the domain
     1284    my ($user, $domain) = split '@', $email;
     1285    unless ($user and $domain) {
     1286        print STDERR "Error $email is not an acceptable email adddress.\n";
     1287        return -1;
     1288    }
     1289
     1290my $have_access_tables = 1;
     1291if ($have_access_tables) {
     1292
     1293    my $cmd = "$pstamptool -listuser -user $user -domain $domain";
     1294    my $results = runToolAndParse($cmd, $verbose);
     1295    my $userinfo = $results->[0];
     1296    if ($userinfo) {
     1297        $level = $userinfo->{accessLevelMax};
     1298        if ($userinfo->{userProduct}) {
     1299            $$r_product = $userinfo->{userProduct};
     1300        } elsif ($userinfo->{domainProduct}) {
     1301            $$r_product = $userinfo->{domainProduct};
     1302        }
     1303        if ($userinfo->{userLabel}) {
     1304            $$r_label = $userinfo->{userLabel};
     1305        } elsif ($userinfo->{domainLabel}) {
     1306            $$r_label = $userinfo->{domainLabel};
    12601307        }
    12611308    } else {
    1262         # we've got an email check the domain
    1263         my ($user, $domain) = split '@', $email;
    1264         unless ($user and $domain) {
    1265             print STDERR "Error $email is not an acceptable email adddress.\n";
    1266         } else {
    1267             $domain = lc($domain);
    1268             if ($domain eq 'ifa.hawaii.edu' or $domain eq 'qub.ac.uk') {
    1269                 $level = 2;
    1270             } else {
    1271                 # XXX check for special users
    1272                 # access rights PS1 data only
    1273                 $level = 1;
    1274             }
    1275 
    1276             #
    1277             if ($user eq 'bills' and $domain eq 'ifa.hawaii.edu') {
    1278                 $$r_product = 'bills-results';
    1279             }
    1280         }
    1281 
    1282     }
     1309        my $cmd = "$pstamptool -listdomain -domain $domain";
     1310        my $results = runToolAndParse($cmd, $verbose);
     1311        my $domaininfo = $results->[0];
     1312        if ($domaininfo) {
     1313            $level = $domaininfo->{accessLevelMax};
     1314            if ($domaininfo->{defaultProduct}) {
     1315                $$r_product = $domaininfo->{defaultProduct};
     1316            }
     1317            if ($domaininfo->{defaultLabel}) {
     1318                $$r_label = $domaininfo->{defaultLabel};
     1319            }
     1320    } else {
     1321            # no specific user or domain information found in the database. Use the defaults
     1322            $level = $defaultAccessLevel;
     1323            $$r_label =  undef;
     1324            $$r_product =  undef;
     1325        }
     1326    }
     1327} else {    # XXX: delete this prototype before committing this file starting here
     1328    # !$have_access_tables
     1329    $domain = lc($domain);
     1330    if ($domain eq 'ifa.hawaii.edu' or $domain eq 'qub.ac.uk') {
     1331        $level = 2;
     1332    } else {
     1333        # access rights PS1 data only
     1334        $level = $defaultAccessLevel;
     1335    }
     1336
     1337    if ($user eq 'bills' and $domain eq 'ifa.hawaii.edu') {
     1338        $$r_product = 'bills-results';
     1339    }
     1340    # XXX end of code to delete
     1341
     1342}
    12831343
    12841344    return $level;
Note: See TracChangeset for help on using the changeset viewer.