search

jacquayj / GoRODS

Golang binding for iRODS C API: An iRODS client library written in Golang + C
https://godoc.org/github.com/jjacquay712/GoRODS
BSD 3-Clause "New" or "Revised" License
17 stars 5 forks source link

Implement access control functionality #10

Closed jjacquay712 closed 8 years ago

jjacquay712 commented 8 years ago

rcModAccessControl, ichmod

simont commented 8 years ago

Ive been running into the ACL functionality a lot more.

Goal #1 here would be to be able to access the existing permissions for a given file/collection for a specific user or group. The primary use case at the moment is being able to show if a collection/data Object is read only, or can be modified by a given user. Knowing where these permissions come from would also be useful - i.e. are these permissions granted at the level of a given user or for a group that the user belongs to. Knowing if a collection has permissions inheritance set would be useful so that this information could be passed on to the user, particularly for a collection that is shared with others ('All new files/collections created in this collection will have the following default access permissions:').

Goal #2 would then be to be able to modify permissions for collections/data objects - this will likely come with the need to be able to get lists of users and groups (and the users in those groups) in order to be able to grant permissions to those users/groups, etc. via some appropriate method, e.g. via a dropdown list or set of checkboxes on a web UI.

S.

jjacquay712 commented 8 years ago

Notes:

Goal 1: List collection/dataobject owner and groups (ACL):

DataObj ACL: https://github.com/irods/irods/blob/ef18afc8b6bb7c0e7494795b6d36db746bd859fc/lib/core/src/lsUtil.cpp#L566

Collection ACL: https://github.com/irods/irods/blob/ef18afc8b6bb7c0e7494795b6d36db746bd859fc/lib/core/src/lsUtil.cpp#L616

$ ils -A

Goal 2a: List available users and groups (with users) for given zone:

$ igroupadmin || iadmin
> lg
> lg #{group-name}

Goal 2b: Modify ownership of data object/collection. Add/Remove groups:

$ ichmod -r #{access} #{group} #{object-or-collection}

Goal 3: Manage groups?

$ igroupadmin

lg [name] (list group info (user member list))
mkuser Name Password (make a user and set the initial password)
atg groupName userName[#Zone] (add to group - add a user to a group)
rfg groupName userName[#Zone] (remove from group - remove a user from a group)
mkgroup groupName[#Zone] (make a new group)
help (or h) [command] (this help, or more details on a command)
jacquayj commented 8 years ago 
f, _ := notesFile.GetACL()

for _, acl := range f {
    if acl.Type == gorods.UserType {
        p(acl.User())
    } else {
        p(acl.Group())
    }
}

// acl.AccessLevel:
// Null
// Read
// Write
// Own