Skip to content

Modules usage update: permissions config #4178

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Modules usage update: permissions config #4178

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 27 additions & 9 deletions workflows/pipe-common/shell/modules_setup
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,16 @@ elif [ "$CP_CAP_MODULES_TYPE" == "lmod" ]; then

module_dir=$(dirname "$1")
permissions_path="$module_dir/permissions.json"
result="You are not allowed to launch this module. Please contact your administrator."
result="You don't have permissions to launch this module."
result_body="Please contact"

config_path="$2"
result_body_support="your administrator"
if [[ -f "$config_path" ]]; then
support_users=$(jq -r '.support | join(" / ")' "$config_path" 2>/dev/null)
if ! [[ -z "$support_users" ]]; then result_body_support="$support_users"; fi
fi
result_body="$result_body $result_body_support"

delimiter="."
current_user_info_base64=$(echo "$API_TOKEN" | cut -d "$delimiter" -f 2)
Expand All @@ -189,14 +198,18 @@ current_user_info=$(echo "$current_user_info_base64" | base64 -d)
current_user=$(echo "$current_user_info" | jq -r '.sub')

if [[ -z "$current_user" ]]; then
result="User ID is undefined. $result"
result="User ID is undefined.\n$result $result_body to resolve the issue."
elif [[ -f "$permissions_path" ]]; then
permissions_mode=$(jq -r '.mode' "$permissions_path")
allowed_values=$(jq -r '.values | @sh' "$permissions_path")
permissions_mode=$(jq -r '.mode' "$permissions_path" 2>/dev/null)
allowed_values=$(jq -r '.values | join(", ")' "$permissions_path" 2>/dev/null)

if [[ "$permissions_mode" == 'user' ]]; then
if [[ -z "$permissions_mode" ]]; then
result="Module permissions file has incorrect format.\n$result_body to resolve the issue."
elif [[ "$permissions_mode" == 'user' ]]; then
if printf "%s\0" "$allowed_values" | grep -w -F -i -- "$current_user" > /dev/null; then
result="true"
else
result="$result $result_body to request access."
fi

elif [[ "$permissions_mode" == 'location' ]]; then
Expand All @@ -206,14 +219,19 @@ elif [[ -f "$permissions_path" ]]; then
-d ["$user_entity"] "${API}metadata/load" | jq '.payload[0].data.user_region.value' | tr -d '" ')

if [[ -n "$user_region" && "$user_region" != null ]]; then
if printf "%s\0" "$allowed_values" | grep -w -F -i -- "$user_region" > /dev/null; then
if [[ "$user_region" == 'all' ]]; then
result="true"
elif printf "%s\0" "$allowed_values" | grep -w -F -i -- "$user_region" > /dev/null; then
result="true"
else
result="Region does not match permissions. $result"
result="This module can be used in $allowed_values only.\n$result_body to request access from your location."
fi
else
result="Region is undefined. $result"
result="This module can be used in $allowed_values only. Your region is undefined.\n$result_body to resolve the issue."
fi

else
result="true"
fi
else
result="true"
Expand All @@ -230,7 +248,7 @@ local module_msg = {}
local function load_hook(t)
if (mode() ~= "load") then return end

local cmdCheckPermissions = "bash " .. "$CP_CAP_MODULES_CONFIG_DIR" .. "/CheckPermissions.sh " .. t.fn
local cmdCheckPermissions = "bash " .. "$CP_CAP_MODULES_CONFIG_DIR" .. "/CheckPermissions.sh " .. t.fn .. " $CP_CAP_MODULES_PERMISSIONS_CONFIG_PATH"
local handle = io.popen(cmdCheckPermissions)
local cmdResult = handle:read("*a")
handle:close()
Expand Down