Remove legacy iiCopyACLsFromParent function

Author: lwesterhof

iiVault.r

@@ -22,39 +22,6 @@ iiGenericSecureCopy(*argv, *origin_path, *err) {
         }
 }
 
-# \brief When inheritance is missing we need to copy ACL's when introducing new data in vault package.
-#
-# \param[in] path 		path of object that needs the permissions of parent
-# \param[in] recursiveFlag 	either "default" for no recursion or "recursive"
-#
-iiCopyACLsFromParent(*path, *recursiveFlag) {
-        uuChopPath(*path, *parent, *child);
-
-        foreach(*row in SELECT COLL_ACCESS_NAME, COLL_ACCESS_USER_ID WHERE COLL_NAME = *parent) {
-                *accessName = *row.COLL_ACCESS_NAME;
-                *userId = *row.COLL_ACCESS_USER_ID;
-                *userFound = false;
-
-                foreach(*user in SELECT USER_NAME WHERE USER_ID = *userId) {
-                        *userName = *user.USER_NAME;
-                        *userFound = true;
-                }
-
-                if (*userFound) {
-                        if (*accessName == "own") {
-                                writeString("serverLog", "iiCopyACLsFromParent: granting own to <*userName> on <*path> with recursiveFlag <*recursiveFlag>");
-                                msiSetACL(*recursiveFlag, "own", *userName, *path);
-                        } else if (*accessName == "read_object") {
-                                writeString("serverLog", "iiCopyACLsFromParent: granting read to <*userName> on <*path> with recursiveFlag <*recursiveFlag>");
-                                msiSetACL(*recursiveFlag, "read", *userName, *path);
-                        } else if (*accessName == "modify_object") {
-                                writeString("serverLog", "iiCopyACLsFromParent: granting write to <*userName> on <*path> with recursiveFlag <*recursiveFlag>");
-                                msiSetACL(*recursiveFlag, "write", *userName, *path);
-                        }
-                }
-        }
-}
-
 # \brief Perform a vault ingest as rodsadmin.
 #
 iiAdminVaultIngest() {

meta.py

@@ -1,7 +1,7 @@
 """JSON metadata handling."""
 from __future__ import annotations
 
-__copyright__ = 'Copyright (c) 2019-2025, Utrecht University'
+__copyright__ = 'Copyright (c) 2019-2026, Utrecht University'
 __license__   = 'GPLv3, see LICENSE'
 
 import json
@@ -537,7 +537,7 @@ def set_result(msg_short, msg_long):
     current_json_data = json.loads(json.dumps(current_json))
 
     try:
-        callback.iiCopyACLsFromParent(dest, 'default')
+        vault.copy_acls_from_parent(ctx, dest, "default")
     except Exception:
         set_result('FailedToSetACLs', 'Failed to set vault permissions on <{}>'.format(dest))
         return

schema_transformation.py

@@ -23,6 +23,7 @@
 import provenance
 import schema
 import schema_transformations
+import vault
 from util import *
 
 
@@ -45,7 +46,7 @@ def execute_transformation(ctx: rule.Context, metadata_path: str, transform: Cal
         new_path = '{}/yoda-metadata[{}].json'.format(coll, str(int(time.time())))
         # print('TRANSFORMING in vault <{}> -> <{}>'.format(metadata_path, new_path))
         jsonutil.write(ctx, new_path, metadata)
-        copy_acls_from_parent(ctx, new_path, "default")
+        vault.copy_acls_from_parent(ctx, new_path, "default")
         provenance.log_action(ctx, "system", coll, "updated metadata schema")
         log.write(ctx, "Transformed %s" % (new_path))
     else:
@@ -163,44 +164,6 @@ def rule_get_transformation_info(ctx: rule.Context, json_path: str) -> Tuple[str
     return output
 
 
-def copy_acls_from_parent(ctx: rule.Context, path: str, recursive_flag: str) -> None:
-    """
-    When inheritance is missing we need to copy ACLs when introducing new data in vault package.
-
-    :param ctx:            Combined type of a ctx and rei struct
-    :param path:           Path of object that needs the permissions of parent
-    :param recursive_flag: Either "default" for no recursion or "recursive"
-    """
-    parent = os.path.dirname(path)
-
-    iter = genquery.row_iterator(
-        "COLL_ACCESS_NAME, COLL_ACCESS_USER_ID",
-        "COLL_NAME = '" + parent + "'",
-        genquery.AS_LIST, ctx
-    )
-
-    for row in iter:
-        access_name = row[0]
-        user_id = int(row[1])
-
-        user_name = user.name_from_id(ctx, user_id)
-
-        # iRODS keeps ACLs for deleted users in the iCAT database (https://github.com/irods/irods/issues/7778),
-        # so we need to skip ACLs referring to users that no longer exist.
-        if user_name == "":
-            continue
-
-        if access_name == "own":
-            log.write(ctx, "iiCopyACLsFromParent: granting own to <" + user_name + "> on <" + path + "> with recursiveFlag <" + recursive_flag + ">")
-            msi.set_acl(ctx, recursive_flag, "own", user_name, path)
-        elif access_name == "read_object":
-            log.write(ctx, "iiCopyACLsFromParent: granting read to <" + user_name + "> on <" + path + "> with recursiveFlag <" + recursive_flag + ">")
-            msi.set_acl(ctx, recursive_flag, "read", user_name, path)
-        elif access_name == "modify_object":
-            log.write(ctx, "iiCopyACLsFromParent: granting write to <" + user_name + "> on <" + path + "> with recursiveFlag <" + recursive_flag + ">")
-            msi.set_acl(ctx, recursive_flag, "write", user_name, path)
-
-
 @rule.make(inputs=[0, 1, 2, 3], outputs=[])
 def rule_batch_transform_vault_metadata(ctx: rule.Context, coll_id_s: str, batch_s: str, pause_s: str, delay_s: str) -> None:
     """
@@ -328,7 +291,7 @@ def rule_batch_vault_metadata_correct_orcid_format(ctx: rule.Context, coll_id_s:
                     new_path = '{}/yoda-metadata[{}].json'.format(coll, str(int(time.time())))
                     log.write(ctx, 'TRANSFORMING in vault <{}> -> <{}>'.format(metadata_path, new_path))
                     jsonutil.write(ctx, new_path, result['metadata'])
-                    copy_acls_from_parent(ctx, new_path, "default")
+                    vault.copy_acls_from_parent(ctx, new_path, "default")
                     provenance.log_action(ctx, "system", coll, "updated person identifier metadata")
                     log.write(ctx, "Transformed ORCIDs for: %s" % (new_path))
                 elif result['data_changed']:

util/bagit.py

@@ -1,7 +1,7 @@
 """Functions to copy packages to the vault and manage permissions of vault packages."""
 from __future__ import annotations
 
-__copyright__ = 'Copyright (c) 2023-2025, Utrecht University'
+__copyright__ = 'Copyright (c) 2023-2026, Utrecht University'
 __license__   = 'GPLv3, see LICENSE'
 
 import itertools
@@ -14,6 +14,7 @@
 import log
 import msi
 import rule
+import vault
 
 
 def manifest(ctx: rule.Context, coll: str) -> str:
@@ -73,7 +74,7 @@ def create(ctx: rule.Context, archive: str, coll: str, resource: str) -> None:
 
     if ret.get("code", -1) < 0:
         raise Exception("Archive creation failed: {}".format(ret))
-    ctx.iiCopyACLsFromParent(archive, "default")
+    vault.copy_acls_from_parent(ctx, archive, "default")
 
 
 def extract(ctx: rule.Context, archive: str, coll: str, resource: str = '0') -> None:

vault.py

@@ -1,7 +1,7 @@
 """Functions to copy packages to the vault and manage permissions of vault packages."""
 from __future__ import annotations
 
-__copyright__ = 'Copyright (c) 2019-2025, Utrecht University'
+__copyright__ = 'Copyright (c) 2019-2026, Utrecht University'
 __license__   = 'GPLv3, see LICENSE'
 
 import json
@@ -501,7 +501,7 @@ def vault_write_license(ctx: rule.Context, vault_pkg_coll: str) -> None:
 
             # Fix ACLs.
             try:
-                ctx.iiCopyACLsFromParent(license_file, 'default')
+                copy_acls_from_parent(ctx, license_file, "default")
             except Exception:
                 log.write(ctx, "rule_vault_write_license: Failed to set vault permissions on <{}>".format(license_file))
         else:
@@ -1202,6 +1202,43 @@ def set_vault_permissions(ctx: rule.Context, coll: str, target: str) -> bool:
     return True
 
 
+def copy_acls_from_parent(ctx: rule.Context, path: str, recursive_flag: str) -> None:
+    """
+    When inheritance is missing we need to copy ACLs when introducing new data in vault package.
+
+    :param ctx:            Combined type of a ctx and rei struct
+    :param path:           Path of object that needs the permissions of parent
+    :param recursive_flag: Either "default" for no recursion or "recursive"
+    """
+    parent = os.path.dirname(path)
+
+    iter = genquery.row_iterator(
+        "COLL_ACCESS_NAME, COLL_ACCESS_USER_ID",
+        "COLL_NAME = '" + parent + "'",
+        genquery.AS_LIST, ctx
+    )
+
+    for row in iter:
+        access_name = row[0]
+        user_id = int(row[1])
+        user_name = user.name_from_id(ctx, user_id)
+
+        # iRODS keeps ACLs for deleted users in the iCAT database (https://github.com/irods/irods/issues/7778),
+        # so we need to skip ACLs referring to users that no longer exist.
+        if user_name == "":
+            continue
+
+        if access_name == "own":
+            log.write(ctx, "copy_acls_from_parent: granting own to <" + user_name + "> on <" + path + "> with recursiveFlag <" + recursive_flag + ">")
+            msi.set_acl(ctx, recursive_flag, "own", user_name, path)
+        elif access_name == "read_object":
+            log.write(ctx, "copy_acls_from_parent: granting read to <" + user_name + "> on <" + path + "> with recursiveFlag <" + recursive_flag + ">")
+            msi.set_acl(ctx, recursive_flag, "read", user_name, path)
+        elif access_name == "modify_object":
+            log.write(ctx, "copy_acls_from_parent: granting write to <" + user_name + "> on <" + path + "> with recursiveFlag <" + recursive_flag + ">")
+            msi.set_acl(ctx, recursive_flag, "write", user_name, path)
+
+
 def reader_needs_access(ctx: rule.Context, group_name: str, coll: str) -> bool:
     """Return if research group has access to this group but readers do not"""
     iter = genquery.row_iterator(

vault_archive.py

@@ -1,7 +1,7 @@
 """Functions to archive vault data packages."""
 from __future__ import annotations
 
-__copyright__ = 'Copyright (c) 2023-2025, Utrecht University'
+__copyright__ = 'Copyright (c) 2023-2026, Utrecht University'
 __license__   = 'GPLv3, see LICENSE'
 
 import json
@@ -16,6 +16,7 @@
 import meta
 import notifications
 import provenance
+import vault
 from util import *
 
 __all__ = ['api_vault_archive',
@@ -242,7 +243,7 @@ def vault_extract_archive(ctx: rule.Context, coll: str) -> str:
 
         extract_archive(ctx, coll)
         collection.rename(ctx, coll + "/archive/data", coll + "/original")
-        ctx.iiCopyACLsFromParent(coll + "/original", "recursive")
+        vault.copy_acls_from_parent(ctx, coll + "/original", "recursive")
         collection.remove(ctx, coll + "/archive", force=True)
         data_object.remove(ctx, coll + "/archive.tar", force=True)