From 76d189cf95306860afc49b5bf31247a7e6d7d5d9 Mon Sep 17 00:00:00 2001 From: "David K. Jackson" Date: Sun, 3 Nov 2024 18:58:31 +0000 Subject: [PATCH 1/2] change isReadableByUser logic regarding zones change from checking the zone of the acl matches the zone of the file to it matching the zone passed to the function FIX: vestigial irods/util import --- server/irods.go | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/server/irods.go b/server/irods.go index 0145c27..f85f0ff 100644 --- a/server/irods.go +++ b/server/irods.go @@ -27,7 +27,6 @@ import ( ifs "github.com/cyverse/go-irodsclient/fs" "github.com/cyverse/go-irodsclient/icommands" "github.com/cyverse/go-irodsclient/irods/types" - "github.com/cyverse/go-irodsclient/irods/util" "github.com/rs/zerolog" ) @@ -196,14 +195,10 @@ func NewIRODSAccount(logger zerolog.Logger, func isReadableByUser(logger zerolog.Logger, filesystem *ifs.FileSystem, userZone string, userName string, rodsPath string) (_ bool, err error) { var acl []*types.IRODSAccess - var pathZone string if acl, err = filesystem.ListACLs(rodsPath); err != nil { return false, err } - if pathZone, err = util.GetIRODSZone(rodsPath); err != nil { - return false, err - } for _, ac := range acl { // ACL user zone may be empty if it refers to the local zone @@ -214,7 +209,7 @@ func isReadableByUser(logger zerolog.Logger, filesystem *ifs.FileSystem, effectiveUserZone = userZone } - if effectiveUserZone == pathZone && + if effectiveUserZone == userZone && ac.UserName == userName && ac.AccessLevel == types.IRODSAccessLevelReadObject { logger.Trace(). From 243e1c630c17ad1341125ea34460541aebacf15c Mon Sep 17 00:00:00 2001 From: "David K. Jackson" Date: Sun, 3 Nov 2024 19:50:51 +0000 Subject: [PATCH 2/2] isReadableByUser true for 'own' as well as 'read' --- server/irods.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/server/irods.go b/server/irods.go index f85f0ff..a50e33f 100644 --- a/server/irods.go +++ b/server/irods.go @@ -211,7 +211,8 @@ func isReadableByUser(logger zerolog.Logger, filesystem *ifs.FileSystem, if effectiveUserZone == userZone && ac.UserName == userName && - ac.AccessLevel == types.IRODSAccessLevelReadObject { + ( ac.AccessLevel == types.IRODSAccessLevelReadObject || + ac.AccessLevel == types.IRODSAccessLevelOwner ) { logger.Trace(). Str("path", rodsPath). Str("user", userName).