Plugin allows non-admins to remove guarded metadata via PRC's atomic metadata operations

[mstfdkmn]

I'm running iRODS 4.2.10 on CentOS 7. The plugin is 4.2.10.1 Release python-irodsclient 1.1.1

Metadata that needs to be guarded cannot be protected against the python iRODS client's atomic metadata operations.

As a rodsadmin:

imeta set -C /tempZone irods::metadata_guard '{"prefixes": ["rule::"], "admin_only": true}'

As a rodsuser:

[user1@dev-u0137480 ~]$ imeta ls -d test.txt
AVUs defined for dataObj /tempZone/home/test.txt:
attribute: rule::atr
value: val
units:

The rods user runs the python script:

from irods.meta import iRODSMeta
from irods.meta import iRODSMeta, AVUOperation

obj = session.data_objects.get("/tempZone/home/test.txt")
obj.metadata.apply_atomic_operations( AVUOperation(operation='add', avu=iRODSMeta('rule::atr1','val1')),
                                       AVUOperation(operation='remove', avu=iRODSMeta('rule::atr','val')))
print obj.metadata.items()

The result: [<iRODSMeta 10063 rule::atr1 val1 None>]

The same happens also for collection objects.

[trel]

I think this is a duplicate of https://github.com/irods/irods_rule_engine_plugin_metadata_guard/issues/38

[mstfdkmn]

oops, indeed it is. My bad, I had seen it but... Could you delete/close this then?

[trel]

We can leave it open for now - keeps it more visible. I'll mark it as duplicate. No worries.

[korydraughn]

I'll aim to have this resolved this week.

[trel]

38 is marked as an enhancement... so changing this to match.