forked from pydio/cells
/
lock-session.go
176 lines (142 loc) · 4.85 KB
/
lock-session.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
package permissions
import (
"context"
"time"
"github.com/pydio/cells/common/log"
"github.com/pydio/cells/common/proto/tree"
"github.com/golang/protobuf/ptypes"
"github.com/golang/protobuf/ptypes/any"
"github.com/pydio/cells/common"
"github.com/pydio/cells/common/proto/idm"
"github.com/pydio/cells/common/registry"
service "github.com/pydio/cells/common/service/proto"
)
type SessionLocker interface {
Lock(ctx context.Context) error
UpdateExpiration(ctx context.Context, expireAfter time.Duration) error
Unlock(ctx context.Context) error
AddChildTarget(parentUUID, targetChildName string)
}
type LockSession struct {
nodeUUID string
sessionUUID string
expireAfter time.Duration
targetParentUuid string
targetChildName string
}
// NewLockSession creates a new LockSession object
func NewLockSession(nodeUUID, sessionUUID string, expireAfter time.Duration) *LockSession {
return &LockSession{
nodeUUID: nodeUUID,
sessionUUID: sessionUUID,
expireAfter: expireAfter,
}
}
func (l *LockSession) AddChildTarget(parentUUID, targetChildName string) {
l.targetParentUuid = parentUUID
l.targetChildName = targetChildName
}
// Lock sets an expirable lock ACL on the NodeUUID with SessionUUID as value
func (l *LockSession) Lock(ctx context.Context) error {
aclClient := idm.NewACLServiceClient(registry.GetClient(common.ServiceAcl))
if l.nodeUUID != "" {
lock := &idm.ACLAction{Name: AclLock.Name, Value: l.sessionUUID}
if err := l.create(ctx, aclClient, l.nodeUUID, lock); err != nil {
return err
}
if err := l.updateExpiration(ctx, aclClient, l.nodeUUID, lock, l.expireAfter); err != nil {
return err
}
}
if l.targetParentUuid != "" && l.targetChildName != "" {
childLock := &idm.ACLAction{Name: AclChildLock.Name + ":" + l.targetChildName, Value: l.sessionUUID}
if err := l.create(ctx, aclClient, l.targetParentUuid, childLock); err != nil {
return err
}
if err := l.updateExpiration(ctx, aclClient, l.targetParentUuid, childLock, l.expireAfter); err != nil {
return err
}
}
return nil
}
// UpdateExpiration set a new expiration date on the current lock
func (l *LockSession) UpdateExpiration(ctx context.Context, expireAfter time.Duration) error {
aclClient := idm.NewACLServiceClient(registry.GetClient(common.ServiceAcl))
if l.nodeUUID != "" {
searchLock := &idm.ACLAction{Name: AclLock.Name, Value: l.sessionUUID}
if err := l.updateExpiration(ctx, aclClient, l.nodeUUID, searchLock, expireAfter); err != nil {
return err
}
}
if l.targetParentUuid != "" && l.targetChildName != "" {
childLock := &idm.ACLAction{Name: AclChildLock.Name + ":" + l.targetChildName, Value: l.sessionUUID}
return l.updateExpiration(ctx, aclClient, l.targetParentUuid, childLock, expireAfter)
}
return nil
}
// Unlock manually removes the ACL
func (l *LockSession) Unlock(ctx context.Context) error {
aclClient := idm.NewACLServiceClient(registry.GetClient(common.ServiceAcl))
err1 := l.remove(ctx, aclClient, &idm.ACLAction{Name: AclLock.Name, Value: l.sessionUUID})
err2 := l.remove(ctx, aclClient, &idm.ACLAction{Name: AclChildLock.Name + ":*", Value: l.sessionUUID})
if err1 != nil {
return err1
} else if err2 != nil {
return err1
} else {
return nil
}
}
func (l *LockSession) create(ctx context.Context, cli idm.ACLServiceClient, nodeUUID string, action *idm.ACLAction) error {
_, err := cli.CreateACL(ctx, &idm.CreateACLRequest{
ACL: &idm.ACL{
NodeID: nodeUUID,
Action: action,
},
})
return err
}
func (l *LockSession) remove(ctx context.Context, cli idm.ACLServiceClient, action *idm.ACLAction) error {
q, _ := ptypes.MarshalAny(&idm.ACLSingleQuery{
Actions: []*idm.ACLAction{action},
})
_, err := cli.DeleteACL(ctx, &idm.DeleteACLRequest{
Query: &service.Query{
SubQueries: []*any.Any{q},
},
})
return err
}
func (l *LockSession) updateExpiration(ctx context.Context, cli idm.ACLServiceClient, nodeUUID string, action *idm.ACLAction, expireAfter time.Duration) error {
q, _ := ptypes.MarshalAny(&idm.ACLSingleQuery{
Actions: []*idm.ACLAction{action},
NodeIDs: []string{nodeUUID},
})
_, err := cli.ExpireACL(ctx, &idm.ExpireACLRequest{
Query: &service.Query{
SubQueries: []*any.Any{q},
},
Timestamp: time.Now().Add(expireAfter).Unix(),
})
return err
}
func HasChildLocks(ctx context.Context, node *tree.Node) bool {
aclClient := idm.NewACLServiceClient(registry.GetClient(common.ServiceAcl))
q, _ := ptypes.MarshalAny(&idm.ACLSingleQuery{
Actions: []*idm.ACLAction{{Name: AclChildLock.Name + ":*"}},
NodeIDs: []string{node.GetUuid()},
})
if st, e := aclClient.SearchACL(ctx, &idm.SearchACLRequest{Query: &service.Query{SubQueries: []*any.Any{q}}}); e == nil {
defer st.Close()
for {
_, er := st.Recv()
if er != nil {
break
}
log.Logger(ctx).Info("Found childLock on ", node.Zap())
return true
}
}
log.Logger(ctx).Debug("No childLock on ", node.Zap())
return false
}