- Timestamp:
- Apr 18, 2015, 6:27:41 AM (11 years ago)
- Location:
- branches/eam_branches/ipp-20150405
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
pstamp/scripts/pstampparse.pl (modified) (10 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/eam_branches/ipp-20150405
- Property svn:mergeinfo changed
/trunk (added) merged: 38086-38091,38093,38095-38097,38102,38104-38105,38112,38114-38117,38124-38126,38128,38130-38134,38137,38144-38145
- Property svn:mergeinfo changed
-
branches/eam_branches/ipp-20150405/pstamp/scripts/pstampparse.pl
r38062 r38152 55 55 die "invalid mode '$mode'" unless ($mode eq "list_uri") or ($mode eq "queue_job"); 56 56 die "--file is required" unless defined($request_file_name); 57 58 if ($mode ne "list_uri") { 59 die "req_id is required" if !$req_id; 57 die "req_id is required" unless defined $req_id; 58 if ($mode ne 'list_uri') { 60 59 die "outdir is required" if !$outdir; 61 die "product is required" if !$product;62 60 } else { 63 # mode eq 'list_uri' (used for parser testing) 64 # these values won't be used for anything but should be defined to avoid errors 65 $req_id = 0; 66 $outdir = "nowhere"; 67 $product = "dummy"; 61 $outdir = "somewhere" if !$outdir 68 62 } 69 63 … … 95 89 # do not update the database 96 90 $no_update = 1 if $mode ne "queue_job"; 91 92 $product = 'NULL' unless $product; 93 94 95 # look up some defaults 96 my $defaultAccessLevel = metadataLookupS32($ipprc->{_siteConfig}, 'PSTAMP_DEFAULT_ACCESS_LEVEL'); 97 if (!defined $defaultAccessLevel) { 98 warn("cannot find 'PSTAMP_DEFAULT_ACCESS_LEVEL' in site config"); 99 exit ($PS_EXIT_CONFIG_ERROR); 100 } 101 102 # look up the default data store product. 103 my $defaultDSProduct = metadataLookupStr($ipprc->{_siteConfig}, 'PSTAMP_DATA_STORE_PRODUCT'); 104 if (!defined $defaultDSProduct) { 105 # Don't panic yet that it's not defined. 106 # exit ($PS_EXIT_CONFIG_ERROR); 107 $defaultDSProduct = ''; # set to empty string to simplify some comparisions below 108 print STDERR "Warning PSTAMP_DATA_STORE_PRODUCT not found in the site config.\n" if $product eq 'NULL'; 109 } 110 111 my $productIsDefault = 0; 112 if ($product and $defaultDSProduct) { 113 $productIsDefault = ($product eq $defaultDSProduct); 114 } 97 115 98 116 my $mdcParser = PS::IPP::Metadata::Config->new; # Parser for metadata config files … … 159 177 my $exitStatus = $error_code >> 8; 160 178 if ($success) { 161 # -listreq succeeded duplicate requestname179 # -listreq succeeded there is already a request in the database with this name 162 180 print STDERR "REQ_NAME $req_name has already been used\n"; 163 181 insertFakeJobForRow(undef, 0, $PSTAMP_DUP_REQUEST); … … 170 188 171 189 172 # Adjust the label for requests coming in over the web interface 190 # Adjust the label for requests coming in over the web upload interface 191 # XXX: do this later based on the user information 173 192 174 193 my $label_changed = 0; 194 # We now use the access tabels to set the label. 195 if (0) { 175 196 if ($label and $label eq "WEB.UP") { 176 197 my $lcname = lc($req_name); … … 199 220 print "Setting label for $req_name to $label\n" if $label_changed; 200 221 } 201 222 } 223 224 # XXX: update these comments 225 # product passed in is either one specific to the submitting pstampDataStore or the default 226 # "pstampresults" 227 # Here, we need to decide whether to change that based on email 228 # WE can't use label (yet) because the PSI cgi script sets it to PSI 229 # Do we ever need to use label? Is it obsolete? Check test procedures. 230 231 my $productForUser; 232 my $labelForUser = $label; # for now I pass the current label for use in hacking permissions for V1 requests 233 234 my $accessLevel = getUsersAccessLevel($email, \$labelForUser, \$productForUser); 235 if ($accessLevel < 0) { 236 print STDERR "Data access is forbidden.\n"; 237 insertFakeJobForRow(undef, 0, $PSTAMP_NOT_AUTHORIZED); 238 } 239 240 # if the request came through the upload channel, change it to the user's specific label 241 # if any is known. 242 if ($label and $label eq 'WEB.UP') { 243 if ($labelForUser) { 244 $label = $labelForUser; 245 $label_changed = 1; 246 } 247 } 248 249 # XXX: Think through when and if we change the product. 250 # If the product is the system default, set it to the product for the user@domain. That way 251 # if the request came through a data store that target will be used. 252 # We really only need to redirect the results with greater access level than the default 253 if ($productIsDefault or $product eq 'NULL') { 254 if ($productForUser) { 255 $product = $productForUser; 256 } 257 } else { 258 # if we don't have a product use default 259 if ($product eq 'NULL') { 260 $product = $defaultDSProduct; 261 } 262 } 263 264 if (!$product or $product eq 'NULL') { 265 # this will only happen if the site.config variable is missing. 266 my_die("No product found.\n", $PS_EXIT_CONFIG_ERROR); 267 } 202 268 203 269 { 204 # update the database with the request name. This will be used as the205 # the fileset name in the output data store270 # update the request's row with the new parameters. 271 # The requset name will be used to set the output fileset name in the output data store. 206 272 my $command = "$pstamptool -updatereq -req_id $req_id -set_name $req_name"; 207 273 $command .= " -set_username $email" if $email ne 'null'; … … 223 289 } 224 290 291 if ($accessLevel < 0) { 292 exit 0; 293 } 294 295 225 296 # 226 297 # now convert the request table to an array of metadatas … … 271 342 my $num_jobs = 0; 272 343 273 my $accessLevel = getUsersAccessLevel($email, $label);274 if ($accessLevel < 0) {275 print STDERR "Data access forbidden.\n";276 insertFakeJobForRow(undef, 0, $PSTAMP_NOT_AUTHORIZED);277 exit 0;278 }279 344 280 345 foreach my $row (@$rows) { … … 528 593 # avoid error from print below if $id isn't needed 529 594 $row->{ID} = "" if !$row->{ID}; 595 596 # if this user does not have unlimited access rights adjust the date cut 597 # to avoid more recent data 598 my $mjd_max; 599 # We do not adjust dates for stacks since they are not well defined enough. 600 # We'll need to filter them by accessLevel during the lookup 601 my $stage = $row->{IMG_TYPE}; 602 if ($stage ne 'stack' and adjustDateCuts($row, \$mjd_max)) { 603 # if lower limit was supplied by user we can leave the value alone 604 if ($row->{MJD_MAX}) { 605 if ($row->{MJD_MAX} > $mjd_max) { 606 print STDERR "Access rights require limiting MJD_MAX to $mjd_max\n"; 607 $row->{MJD_MAX} = $mjd_max; 608 } 609 } else { 610 # no limit supplied we silently adjust it 611 $row->{MJD_MAX} = $mjd_max; 612 } 613 } 530 614 } 531 615 … … 1178 1262 } 1179 1263 1180 # Prototype function for setting access level. 1181 # XXX: Implement something more flexible using the database. 1264 # get user's access level default label and output product 1182 1265 sub getUsersAccessLevel { 1183 1266 my $email = shift; 1184 my $label = shift; 1185 1267 my $r_label = shift; 1268 my $r_product = shift; 1269 1270 # $r_label is a copy of the initial label. We change it to a user specific one 1271 # if one is found. 1272 my $label = $$r_label; 1273 1274 # default settings 1275 $$r_label = undef; 1276 $$r_product = undef; 1186 1277 my $level = -1; 1187 1278 1188 1279 if (!$email) { 1189 # No email provided. Eventually this will be forbidden.1190 # For now in order to temporarily continue to support the version 1 request format 1280 # No email provided. 1281 # For now in order to temporarily continue to support the version 1 request format. 1191 1282 # set the access rights based on the assigned label. 1283 # Before deployment this will be forbidden. 1192 1284 if ($label eq 'IFA' or $label eq 'QUB' or $label =~ 'MOPS') { 1193 $level = 0;1285 $level = 2; 1194 1286 } else { 1195 # access rights PS1 data only 1196 $level = 1; 1287 $level = $defaultAccessLevel; 1288 } 1289 return $level 1290 } 1291 1292 # we've got an email check the domain 1293 my ($user, $domain) = split '@', $email; 1294 unless ($user and $domain) { 1295 print STDERR "Error $email is not an acceptable email adddress.\n"; 1296 return -1; 1297 } 1298 1299 my $cmd = "$pstamptool -listuser -user $user -domain $domain"; 1300 my $results = runToolAndParse($cmd, $verbose); 1301 my $userinfo = $results->[0]; 1302 if ($userinfo) { 1303 $level = $userinfo->{accessLevel}; 1304 if ($userinfo->{userProduct}) { 1305 $$r_product = $userinfo->{userProduct}; 1306 } elsif ($userinfo->{domainProduct}) { 1307 $$r_product = $userinfo->{domainProduct}; 1308 } 1309 if ($userinfo->{userLabel}) { 1310 $$r_label = $userinfo->{userLabel}; 1311 } elsif ($userinfo->{domainLabel}) { 1312 $$r_label = $userinfo->{domainLabel}; 1197 1313 } 1198 1314 } else { 1199 # we've got an email check the domain 1200 my ($user, $domain) = split '@', $email; 1201 if ($domain) { 1202 $domain = lc($domain); 1203 if ($domain eq 'ifa.hawaii.edu' or $domain eq 'qub.ac.uk') { 1204 $level = 0; 1205 } else { 1206 # XXX check for special users 1207 # access rights PS1 data only 1208 $level = 1; 1209 } 1210 } else { 1211 print STDERR "Error: $email is not a valid email address\n"; 1315 my $cmd = "$pstamptool -listdomain -domain $domain"; 1316 my $results = runToolAndParse($cmd, $verbose); 1317 my $domaininfo = $results->[0]; 1318 if ($domaininfo) { 1319 $level = $domaininfo->{accessLevel}; 1320 if ($domaininfo->{defaultProduct}) { 1321 $$r_product = $domaininfo->{defaultProduct}; 1322 } 1323 if ($domaininfo->{defaultLabel}) { 1324 $$r_label = $domaininfo->{defaultLabel}; 1325 } 1326 } else { 1327 # no specific user or domain information found in the database. Use the defaults 1328 $level = $defaultAccessLevel; 1329 $$r_label = undef; 1330 $$r_product = undef; 1212 1331 } 1213 1332 } … … 1225 1344 1226 1345 my $MJD_PS1_BEGIN = 54922; # 2009-04-01 1227 my $MJD_PS1_END = 5 6838; # 2014-06-30 XXX get the actual date1346 my $MJD_PS1_END = 57082; # 2015-03-01 1228 1347 1229 1348 if ($row->{accessLevel} == 1) {
Note:
See TracChangeset
for help on using the changeset viewer.
