diff --git a/uuGroupPolicies.r b/uuGroupPolicies.r index 410690eaa..60a95919e 100644 --- a/uuGroupPolicies.r +++ b/uuGroupPolicies.r @@ -132,27 +132,24 @@ uuGroupPreSudoGroupRemove(*groupName, *policyKv) { # Specific handling for rodsadmin when removing a group uuGroupPreSudoGroupRemoveForAdmin(*groupName, *policyKv) { - - *prefix = ""; - *base = ""; - - uuChop(*groupName, *prefix, *base, "-", true); - *vaultName = "vault-*base"; - *zoneName = $rodsZoneClient; - *vaultIsEmpty = true; - - # Check whether vault still holds data - msiMakeGenQuery("COLL_NAME", - "COLL_NAME like '/*zoneName/home/*vaultName/%'", *genQIn); - msiExecGenQuery(*genQIn, *genQOut); - foreach(*genQOut){ - *vaultIsEmpty = false; break; - } - if (*vaultIsEmpty) { - succeed; - } - - fail; + *prefix = ""; + *base = ""; + + uuChop(*groupName, *prefix, *base, "-", true); + *vaultName = "vault-*base"; + *zoneName = $rodsZoneClient; + *vaultIsEmpty = true; + + # Check whether vault still holds data + msiMakeGenQuery("COLL_NAME","COLL_NAME like '/*zoneName/home/*vaultName/%'", *genQIn); + msiExecGenQuery(*genQIn, *genQOut); + foreach(*genQOut){ + *vaultIsEmpty = false; break; + } + if (*vaultIsEmpty) { + succeed; + } + fail; } uuGroupPreSudoGroupMemberAdd(*groupName, *userName, *policyKv) { diff --git a/uuGroupPolicyChecks.r b/uuGroupPolicyChecks.r index 7209d4ab5..bdf2e1266 100644 --- a/uuGroupPolicyChecks.r +++ b/uuGroupPolicyChecks.r @@ -203,7 +203,7 @@ uuGroupPolicyCanGroupAdd(*actor, *groupName, *category, *subcategory, *expiratio } else { *reason = "Invalid expiration date when adding group: '*expiration_date'"; } - + } else { # schema not valid -> report error *reason = "Invalid schema-id used when adding group: '*schema_id'"; @@ -376,28 +376,28 @@ uuGroupPolicyCanGroupRemove(*actor, *groupName, *allowed, *reason) { } if (*homeCollectionIsEmpty) { - if (*groupName like regex "(research)-.*") { - # Research groups an only be removed when nu vault packages exist - uuChop(*groupName, *prefix, *base, "-", true); - *vaultName = "vault-*base"; - *zoneName = $rodsZoneClient; - *vaultIsEmpty = true; - - # Check whether vault still holds data - msiMakeGenQuery("COLL_NAME", - "COLL_NAME like '/*zoneName/home/*vaultName/%'", *genQIn); - msiExecGenQuery(*genQIn, *genQOut); - foreach(*genQOut){ - *vaultIsEmpty = false; break; - } - if (*vaultIsEmpty) { - *allowed = 1; - } else { - *reason = "There are still datapackages in the vault for group: *groupName. Please remove these first before removing this group."; - } - } else { - *allowed = 1; - } + if (*groupName like regex "(research)-.*") { + # Research groups can only be removed when no vault packages exist + uuChop(*groupName, *prefix, *base, "-", true); + *vaultName = "vault-*base"; + *zoneName = $rodsZoneClient; + *vaultIsEmpty = true; + + # Check whether vault still holds data + msiMakeGenQuery("COLL_NAME", "COLL_NAME like '/*zoneName/home/*vaultName/%'", *genQIn); + msiExecGenQuery(*genQIn, *genQOut); + foreach(*genQOut){ + *vaultIsEmpty = false; + break; + } + if (*vaultIsEmpty) { + *allowed = 1; + } else { + *reason = "There are still datapackages in the vault for group: *groupName. Please remove these first before removing this group."; + } + } else { + *allowed = 1; + } } else { *reason = "The group's directory is not empty. Please remove all of its files and subdirectories before removing this group."; } diff --git a/uuSudoPolicies.r b/uuSudoPolicies.r index 1d5202636..b11c0a33f 100644 --- a/uuSudoPolicies.r +++ b/uuSudoPolicies.r @@ -59,8 +59,8 @@ acPreSudoGroupRemove(*groupName, *policyKv) { writeLine("serverLog", "In acPreSudoGroupRemove, group is <*groupName>, actor is <$userNameClient#$rodsZoneClient>"); uuGetUserType(uuClientFullName, *userType); if (*userType != "rodsadmin") { fail; } - # So we're an admin. Now check whether the vault has no datapackages left for this research group - uuGroupPreSudoGroupRemoveForAdmin(*groupName, *policyKv); + # User is admin, check whether the vault has no datapackages. + uuGroupPreSudoGroupRemoveForAdmin(*groupName, *policyKv); } acPreSudoGroupMemberAdd(*groupName, *userName, *policyKv) {