IPP Software Navigation Tools IPP Links Communication Pan-STARRS Links

Ignore:
Timestamp:
Apr 18, 2015, 6:27:41 AM (11 years ago)
Author:
eugene
Message:

merge changes from trunk (updates for pstamp, remote tools, ippToPsps schema 20)

Location:
branches/eam_branches/ipp-20150405
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/eam_branches/ipp-20150405

  • branches/eam_branches/ipp-20150405/pstamp/scripts/pstampparse.pl

    r38062 r38152  
    5555die "invalid mode '$mode'" unless ($mode eq "list_uri") or ($mode eq "queue_job");
    5656die "--file is required"   unless defined($request_file_name);
    57 
    58 if ($mode ne "list_uri") {
    59     die "req_id is required"  if !$req_id;
     57die "req_id is required"  unless defined $req_id;
     58if ($mode ne 'list_uri') {
    6059    die "outdir is required"  if !$outdir;
    61     die "product is required" if !$product;
    6260} else {
    63     # mode eq 'list_uri' (used for parser testing)
    64     # these values won't be used for anything but should be defined to avoid errors
    65     $req_id  = 0;
    66     $outdir  = "nowhere";
    67     $product = "dummy";
     61    $outdir = "somewhere" if !$outdir
    6862}
    6963
     
    9589# do not update the database
    9690$no_update = 1 if $mode ne "queue_job";
     91
     92$product = 'NULL' unless $product;
     93
     94
     95# look up some defaults
     96my $defaultAccessLevel = metadataLookupS32($ipprc->{_siteConfig}, 'PSTAMP_DEFAULT_ACCESS_LEVEL');
     97if (!defined $defaultAccessLevel) {
     98    warn("cannot find 'PSTAMP_DEFAULT_ACCESS_LEVEL' in site config");
     99    exit ($PS_EXIT_CONFIG_ERROR);
     100}
     101
     102# look up the default data store product.
     103my $defaultDSProduct = metadataLookupStr($ipprc->{_siteConfig}, 'PSTAMP_DATA_STORE_PRODUCT');
     104if (!defined $defaultDSProduct) {
     105    # Don't panic yet that it's not defined.
     106    #  exit ($PS_EXIT_CONFIG_ERROR);
     107    $defaultDSProduct = ''; # set to empty string to simplify some comparisions below
     108    print STDERR "Warning PSTAMP_DATA_STORE_PRODUCT not found in the site config.\n" if  $product eq 'NULL';
     109}
     110
     111my $productIsDefault = 0;
     112if ($product and $defaultDSProduct) {
     113    $productIsDefault = ($product eq $defaultDSProduct);
     114}
    97115
    98116my $mdcParser = PS::IPP::Metadata::Config->new; # Parser for metadata config files
     
    159177    my $exitStatus = $error_code >> 8;
    160178    if ($success) {
    161         # -listreq succeeded duplicate request name
     179        # -listreq succeeded there is already a request in the database with this name
    162180        print STDERR "REQ_NAME $req_name has already been used\n";
    163181        insertFakeJobForRow(undef, 0, $PSTAMP_DUP_REQUEST);
     
    170188
    171189
    172 # Adjust the label for requests coming in over the web interface
     190# Adjust the label for requests coming in over the web upload interface
     191# XXX: do this later based on the user information
    173192
    174193my $label_changed = 0;
     194# We now use the access tabels to set the label.
     195if (0) {
    175196if ($label and $label eq "WEB.UP") {
    176197    my $lcname = lc($req_name);
     
    199220    print "Setting label for $req_name to $label\n" if $label_changed;
    200221}
    201 
     222}
     223
     224# XXX: update these comments
     225# product passed in is either one specific to the submitting pstampDataStore or the default
     226# "pstampresults"
     227# Here, we need to decide whether to change that based on email
     228# WE can't use label (yet) because the PSI cgi script sets it to PSI
     229# Do we ever need to use label? Is it obsolete? Check test procedures.
     230
     231my $productForUser;
     232my $labelForUser = $label;  # for now I pass the current label for use in hacking permissions for V1 requests
     233
     234my $accessLevel = getUsersAccessLevel($email, \$labelForUser, \$productForUser);
     235if ($accessLevel < 0) {
     236    print STDERR "Data access is forbidden.\n";
     237    insertFakeJobForRow(undef, 0, $PSTAMP_NOT_AUTHORIZED);
     238}
     239
     240# if the request came through the upload channel, change it to the user's specific label
     241# if any is known.
     242if ($label and $label eq 'WEB.UP') {
     243    if ($labelForUser) {
     244        $label = $labelForUser;
     245        $label_changed = 1;
     246    }
     247}
     248
     249# XXX: Think through when and if we change the product.
     250# If the product is the system default, set it to the product for the user@domain. That way
     251# if the request came through a data store that target will be used.
     252# We really only need to redirect the results with greater access level than the default
     253if ($productIsDefault or $product eq 'NULL') {
     254    if ($productForUser) {
     255        $product = $productForUser;
     256    }
     257} else {
     258    # if we don't have a product use default
     259    if ($product eq 'NULL') {
     260        $product = $defaultDSProduct;
     261    }
     262}
     263
     264if (!$product or $product eq 'NULL') {
     265    # this will only happen if the site.config variable is missing.
     266    my_die("No product found.\n", $PS_EXIT_CONFIG_ERROR);
     267}
    202268
    203269{
    204     # update the database with the request name. This will be used as the
    205     # the fileset name in the output data store
     270    # update the request's row with the new parameters.
     271    # The requset name will be used to set the output fileset name in the output data store.
    206272    my $command = "$pstamptool -updatereq -req_id $req_id  -set_name $req_name";
    207273    $command .= " -set_username $email" if $email ne 'null';
     
    223289}
    224290
     291if ($accessLevel < 0) {
     292    exit 0;
     293}
     294
     295
    225296#
    226297# now convert the request table to an array of metadatas
     
    271342my $num_jobs = 0;
    272343
    273 my $accessLevel = getUsersAccessLevel($email, $label);
    274 if ($accessLevel < 0) {
    275     print STDERR "Data access forbidden.\n";
    276     insertFakeJobForRow(undef, 0, $PSTAMP_NOT_AUTHORIZED);
    277     exit 0;
    278 }
    279344
    280345foreach my $row (@$rows) {
     
    528593        # avoid error from print below if $id isn't needed
    529594        $row->{ID} = "" if !$row->{ID};
     595
     596        # if this user does not have unlimited access rights adjust the date cut
     597        # to avoid more recent data
     598        my $mjd_max;
     599        # We do not adjust dates for stacks since they are not well defined enough.
     600        # We'll need to filter them by accessLevel during the lookup
     601        my $stage = $row->{IMG_TYPE};
     602        if ($stage ne 'stack' and adjustDateCuts($row, \$mjd_max)) {
     603            # if lower limit was supplied by user we can leave the value alone
     604            if ($row->{MJD_MAX}) {
     605                if ($row->{MJD_MAX} > $mjd_max) {
     606                    print STDERR "Access rights require limiting MJD_MAX to $mjd_max\n";
     607                    $row->{MJD_MAX} = $mjd_max;
     608                }
     609            } else {
     610                # no limit supplied we silently adjust it
     611                $row->{MJD_MAX} = $mjd_max;
     612            }
     613        }
    530614    }
    531615   
     
    11781262}
    11791263
    1180 # Prototype function for setting access level.
    1181 # XXX: Implement something more flexible using the database.
     1264# get user's access level default label and output product
    11821265sub getUsersAccessLevel {
    11831266    my $email = shift;
    1184     my $label = shift;
    1185 
     1267    my $r_label = shift;
     1268    my $r_product = shift;
     1269
     1270    # $r_label is a copy of the initial label. We change it to a user specific one
     1271    # if one is found.
     1272    my $label = $$r_label;
     1273
     1274    # default settings
     1275    $$r_label   =  undef;
     1276    $$r_product =  undef;
    11861277    my $level = -1;
    11871278
    11881279    if (!$email) {
    1189         # No email provided. Eventually this will be forbidden.
    1190         # For now in order to temporarily continue to support the version 1 request format
     1280        # No email provided.
     1281        # For now in order to temporarily continue to support the version 1 request format.
    11911282        # set the access rights based on the assigned label.
     1283        # Before deployment this will be forbidden.
    11921284        if ($label eq 'IFA' or $label eq 'QUB' or $label =~ 'MOPS') {
    1193             $level = 0;
     1285            $level = 2;
    11941286        } else {
    1195             # access rights PS1 data only
    1196             $level = 1;
     1287            $level = $defaultAccessLevel;
     1288        }
     1289        return $level
     1290    }
     1291
     1292    # we've got an email check the domain
     1293    my ($user, $domain) = split '@', $email;
     1294    unless ($user and $domain) {
     1295        print STDERR "Error $email is not an acceptable email adddress.\n";
     1296        return -1;
     1297    }
     1298
     1299    my $cmd = "$pstamptool -listuser -user $user -domain $domain";
     1300    my $results = runToolAndParse($cmd, $verbose);
     1301    my $userinfo = $results->[0];
     1302    if ($userinfo) {
     1303        $level = $userinfo->{accessLevel};
     1304        if ($userinfo->{userProduct}) {
     1305            $$r_product = $userinfo->{userProduct};
     1306        } elsif ($userinfo->{domainProduct}) {
     1307            $$r_product = $userinfo->{domainProduct};
     1308        }
     1309        if ($userinfo->{userLabel}) {
     1310            $$r_label = $userinfo->{userLabel};
     1311        } elsif ($userinfo->{domainLabel}) {
     1312            $$r_label = $userinfo->{domainLabel};
    11971313        }
    11981314    } else {
    1199         # we've got an email check the domain
    1200         my ($user, $domain) = split '@', $email;
    1201         if ($domain) {
    1202             $domain = lc($domain);
    1203             if ($domain eq 'ifa.hawaii.edu' or $domain eq 'qub.ac.uk') {
    1204                 $level = 0;
    1205             } else {
    1206                 # XXX check for special users
    1207                 # access rights PS1 data only
    1208                 $level = 1;
    1209             }
    1210         } else {
    1211             print STDERR "Error: $email is not a valid email address\n";
     1315        my $cmd = "$pstamptool -listdomain -domain $domain";
     1316        my $results = runToolAndParse($cmd, $verbose);
     1317        my $domaininfo = $results->[0];
     1318        if ($domaininfo) {
     1319            $level = $domaininfo->{accessLevel};
     1320            if ($domaininfo->{defaultProduct}) {
     1321                $$r_product = $domaininfo->{defaultProduct};
     1322            }
     1323            if ($domaininfo->{defaultLabel}) {
     1324                $$r_label = $domaininfo->{defaultLabel};
     1325            }
     1326    } else {
     1327            # no specific user or domain information found in the database. Use the defaults
     1328            $level = $defaultAccessLevel;
     1329            $$r_label =  undef;
     1330            $$r_product =  undef;
    12121331        }
    12131332    }
     
    12251344
    12261345    my $MJD_PS1_BEGIN = 54922;    # 2009-04-01
    1227     my $MJD_PS1_END   = 56838;    # 2014-06-30      XXX get the actual date
     1346    my $MJD_PS1_END   = 57082;    # 2015-03-01
    12281347
    12291348    if ($row->{accessLevel} == 1) {
Note: See TracChangeset for help on using the changeset viewer.