[#505] create an atomic ACLs endpoint

[d-w-moore]

No test yet, will undraft when I have one.
Exercised now with this script:

# run as rods after 
# $ irm -fr b; itouch b
# $ iadmin mkzone twilight remote
# $ iadmin mkuser dan rodsuser
# $ iadmin mkuser charlie#twilight rodsuser

import irods
from irods.access import iRODSAccess
from irods.exception import iRODSException

s = irods.helpers.make_session()

try:
  pass
  s.acls._call_atomic_acl_api(
   "/tempZone/home/rods/b",
   iRODSAccess("write","","dan"),
   iRODSAccess("write","","public"),
   iRODSAccess("read","","charlie","twilight"),
 )
except iRODSException as exc:
  print(f'{exc!r}')
  e = exc
  print (e.server_msg.get_json_encoded_struct())
#except Exception as exc:
#  print(repr(exc))
else:
  print ('---> success')
  pass

[d-w-moore]

How would the team feel about my deprecating _iRODSAccess_pre_4_3_0, since we're now officially not supporting iRODS < 4.3.0 in PRC?

[korydraughn]

The leading underscore indicates that symbol is private to the implementation. If that's the case, no objections here.

[korydraughn]

Then again, if it's an implementation detail, then we don't have to deprecate it. We can just remove it.

[d-w-moore]

Ready for review. ACLOperation now created as part of an improved interface for atomic ACLs call.

[korydraughn]

Spotted this in the type checking workflow.

irods/manager/access_manager.py:54: error: Incompatible types in assignment (expression has type "list[Any]", target has type "str")  [assignment]

[korydraughn]

Looking good so far.

[d-w-moore]

Sorry for the forced push... just put some ruff changes through and added a structure that maps all permission keys to their respective codes - including all synonyms. It will help someone that say wants to do this:

sorted( [*ses.acls.get(object) , *my_ACLOperation_list ], 
               key= lambda acl:irods.access.all_permissions[acl.access_name] )

which would sort the whole list of retrieved permissions and new applicable ACLOperations together, ordering by increasing numeric permission code.

Yes, I know - very niche. But it affords the customer some pretty good flexibility.

[d-w-moore]

linters and tests are queued up.

Code is ready for final review, I think.

[alanking]

Looks like we're rounding the corner. Still see a couple unresolved comments

[d-w-moore]

I think it's ready for final eyes.... Squashing.

[korydraughn]

We're in the final stretch.

[korydraughn]

What's the reason behind including ichmod in the variable name?

[d-w-moore]

They were copy/paste from output of man ichmod. Definitely open to suggestions on that one.

[korydraughn]

Please explain L138.

I'm trying to guess what it does. Here's what I got (without looking up python docs) ... L138 can be rewritten as:

if '' != implied_zone and implied_zone == other.user_zone:
    other.user_zone = ''

Is my interpretation correct? What does it accomplish?

If implied_zone is tempZone and other.user_zone is tempZone, other.user_zone is cleared. implied_zone remains nonempty.

[d-w-moore]

That's the correct interpretation.

We're forcing other, ie the return value to have null length in the zone field if it matches a non empty "implied" value.

Any modification to the variable implied_zone would of course have no effect on any code external to the call frame. (That's just a python thing.)

[korydraughn]

Highlighting this for follow-up depending on the results of the other ichmod conversation.

[korydraughn]

Does this do what's intended?

[d-w-moore]

I've tested it manually only. I wonder if a test is in order to make sure; wouldn't be that difficult.

[korydraughn]

Consider including "Permissions" in the title. That will make the section easier to find for some readers.