A Globus access rule should exist in the Globus collection for each SMRT Link project member whose "login" is a valid Globus identity.
The set of access rules on the Globus collection associated with the app
Access rules created by the app are identifiable only by the app maintaining a database of access rule ids.
Identifying access rules created by the app
The access rule document includes a field "role_id" which indirectly links the access rule to the identity of the "principal" who created it. The conversion from an access rule to its owner goes like this:
class GlobusRequestDenied(Exception):
pass
app_client_id: str = ...
transfer_client: globus.TransferClient = ...
ENDPOINT_ID: str = ...
role_docs: list[dict] = transfer_client.endpoint_role_list(ENDPOINT_ID)
try:
APP_ROLE_ID = [role_d['id'] for role_d in role_docs if role_d['role'] == 'access_manager' and role_d['principal'] == app_client_id][0]
except:
raise GlobusRequestDenied(f'App client does not have access manager role on collection {ENDPOINT_ID}')
def belongs_to_app(access_rule: dict) -> str:
role_id: str = access_rule['role_id']
return True if role_id == APP_ROLE_ID else False
A Globus access rule should exist in the Globus collection for each SMRT Link project member whose "login" is a valid Globus identity.
The set of access rules on the Globus collection associated with the app
Access rules created by the app are identifiable only by the app maintaining a database of access rule ids.
Identifying access rules created by the app
The access rule document includes a field "role_id" which indirectly links the access rule to the identity of the "principal" who created it. The conversion from an access rule to its owner goes like this:
Globus Documentation
Globus API Documentation on the Access Rule document Globus SDK Documentation on
get_endpoint_role
Globus API Documentation on the Role document