Skip to content

Commit

Permalink
YDA-5992: clean up scheduled admin jobs
Browse files Browse the repository at this point in the history
  • Loading branch information
@lwesterhof
lwesterhof committed Dec 4, 2024
1 parent 991fc21 commit b8797bb
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 14 deletions.
11 changes: 2 additions & 9 deletions iiFolderStatusTransitions.r
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,21 +18,14 @@ iiFolderStatus(*folder, *folderStatus) {
}
}

# \brief Schedule copy-to-vault (asynchronously).
#
iiScheduleCopyToVault() {
delay ("<INST_NAME>irods_rule_engine_plugin-irods_rule_language-instance</INST_NAME><PLUSET>1s</PLUSET>") {
msiExecCmd("scheduled-copytovault.sh", "", "", "", 0, *out);
}
}

# \brief Schedule copy-to-vault for just one coll (asynchronously).
#
# \param[in] folder Path of folder
#
iiScheduleCollCopyToVault(*coll) {
delay ("<INST_NAME>irods_rule_engine_plugin-irods_rule_language-instance</INST_NAME><PLUSET>1s</PLUSET>") {
msiExecCmd("scheduled-copytovault.sh", "'*coll'", "", "", 0, *out);
msiExecCmd("admin-scheduled-copytovault.sh", "'*coll'", "", "", 0, *out);
}
}

Expand Down Expand Up @@ -332,7 +325,7 @@ iiCanTransitionFolderStatus(*folder, *transitionFrom, *transitionTo, *actor, *al
}

# Note: The folders will not transition to SECURED status.
if (*transitionFrom == ACCEPTED && *transitionTo == FOLDER) {
if (*transitionFrom == ACCEPTED && *transitionTo == FOLDER) {
*allowed = false;
*reason = "Only a rodsadmin is allowed to secure a folder to the vault";
succeed;
Expand Down
10 changes: 5 additions & 5 deletions policies.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -503,17 +503,17 @@ def py_acPreProcForExecCmd(ctx, cmd, args, addr, hint):
if not (hint == addr == ''):
return policy.fail('Disallowed hint/addr in execcmd')

# allow 'admin-*' scripts, if first arg is the actor username&zone.
# Allow scheduled admin scripts.
if cmd.startswith('admin-scheduled-'):
return policy.succeed()

# Allow 'admin-*' scripts, if first arg is the actor username&zone.
if cmd.startswith('admin-'):
if args == str(actor) or args.startswith(str(actor) + ' '):
return policy.succeed()
else:
return policy.fail('Actor not given as first arg to admin- execcmd')

# Allow scheduled scripts.
if cmd.startswith('scheduled-'):
return policy.succeed()

return policy.fail('No execcmd privileges for this command')


Expand Down

0 comments on commit b8797bb

Please sign in to comment.