PIM-6080

Add `strict_permission` flag to core file operations

This commit introduces an optional `strict_permission` parameter to multiple file operation methods, which enables enhanced permission validation before executing actions like copy, move, upload, delete, and rename.

Author: udirctera

cterasdk/asynchronous/core/files/browser.py

@@ -142,7 +142,7 @@ async def public_link(self, path, access='RO', expire_in=30):
         """
         return await Link(io.public_link, self._core, path, access, expire_in).a_execute()
 
-    async def copy(self, *paths, destination=None, resolver=None, cursor=None, wait=False):
+    async def copy(self, *paths, destination=None, resolver=None, cursor=None, wait=False, strict_permission=False):
         """
         Copy one or more files or folders.
 
@@ -156,7 +156,16 @@ async def copy(self, *paths, destination=None, resolver=None, cursor=None, wait=
         :raises cterasdk.exceptions.io.core.CopyError: Raised on failure copying resources.
         """
         try:
-            return await Copy(io.copy, self._core, wait, *paths, destination=destination, resolver=resolver, cursor=cursor).a_execute()
+            return await Copy(
+                io.copy,
+                self._core,
+                wait,
+                *paths,
+                destination=destination,
+                resolver=resolver,
+                cursor=cursor,
+                strict_permission=strict_permission
+            ).a_execute()
         except ValueError:
             raise ValueError('Copy destination was not specified.')
 
@@ -175,7 +184,7 @@ async def permalink(self, path):
 class CloudDrive(FileBrowser):
     """Async CloudDrive API with upload and sharing functionality."""
 
-    async def upload(self, destination, handle, name=None, size=None):
+    async def upload(self, destination, handle, name=None, size=None, strict_permission=False):
         """
         Upload from file handle.
 
@@ -187,9 +196,18 @@ async def upload(self, destination, handle, name=None, size=None):
         :rtype: str
         :raises cterasdk.exceptions.io.core.UploadError: Raised on upload failure.
         """
-        return await Upload(io.upload, self._core, io.listdir, destination, handle, name, size).a_execute()
+        return await Upload(
+            io.upload,
+            self._core,
+            io.listdir,
+            destination,
+            handle,
+            name,
+            size,
+            strict_permission=strict_permission
+        ).a_execute()
 
-    async def upload_file(self, path, destination):
+    async def upload_file(self, path, destination, strict_permission=False):
         """
         Upload a file.
 
@@ -201,9 +219,15 @@ async def upload_file(self, path, destination):
         """
         _, name = commonfs.split_file_directory(path)
         with open(path, 'rb') as handle:
-            return await self.upload(destination, handle, name, commonfs.properties(path)['size'])
+            return await self.upload(
+                destination,
+                handle,
+                name,
+                commonfs.properties(path)['size'],
+                strict_permission=strict_permission
+            )
 
-    async def mkdir(self, path):
+    async def mkdir(self, path, strict_permission=False):
         """
         Create a directory.
 
@@ -212,9 +236,9 @@ async def mkdir(self, path):
         :rtype: str
         :raises cterasdk.exceptions.io.core.CreateDirectoryError: Raised on error creating directory.
         """
-        return await CreateDirectory(io.mkdir, self._core, path).a_execute()
+        return await CreateDirectory(io.mkdir, self._core, path, strict_permission=strict_permission).a_execute()
 
-    async def makedirs(self, path):
+    async def makedirs(self, path, strict_permission=False):
         """
         Recursively create a directory.
 
@@ -223,9 +247,9 @@ async def makedirs(self, path):
         :rtype: str
         :raises cterasdk.exceptions.io.core.CreateDirectoryError: Raised on error creating directory.
         """
-        return await CreateDirectory(io.mkdir, self._core, path, True).a_execute()
+        return await CreateDirectory(io.mkdir, self._core, path, True, strict_permission=strict_permission).a_execute()
 
-    async def rename(self, path, name, *, resolver=None, wait=False):
+    async def rename(self, path, name, *, resolver=None, wait=False, strict_permission=False):
         """
         Rename a file or folder.
 
@@ -237,9 +261,17 @@ async def rename(self, path, name, *, resolver=None, wait=False):
         :rtype: cterasdk.common.object.Object or :class:`cterasdk.lib.tasks.AwaitablePortalTask`
         :raises cterasdk.exceptions.io.core.RenameError: Raised on error renaming object.
         """
-        return await Rename(io.move, self._core, wait, path, name, resolver).a_execute()
+        return await Rename(
+            io.move,
+            self._core,
+            wait,
+            path,
+            name,
+            resolver,
+            strict_permission=strict_permission
+        ).a_execute()
 
-    async def delete(self, *paths, wait=False):
+    async def delete(self, *paths, wait=False, strict_permission=False):
         """
         Delete one or more files or folders.
 
@@ -249,7 +281,7 @@ async def delete(self, *paths, wait=False):
         :rtype: cterasdk.common.object.Object or :class:`cterasdk.lib.tasks.AwaitablePortalTask`
         :raises cterasdk.exceptions.io.core.DeleteError: Raised on error deleting resources.
         """
-        return await Delete(io.delete, self._core, wait, *paths).a_execute()
+        return await Delete(io.delete, self._core, wait, *paths, strict_permission=strict_permission).a_execute()
 
     async def undelete(self, *paths, wait=False):
         """
@@ -263,7 +295,7 @@ async def undelete(self, *paths, wait=False):
         """
         return await Recover(io.undelete, self._core, wait, *paths).a_execute()
 
-    async def move(self, *paths, destination=None, resolver=None, cursor=None, wait=False):
+    async def move(self, *paths, destination=None, resolver=None, cursor=None, wait=False, strict_permission=False):
         """
         Move one or more files or folders.
 
@@ -277,7 +309,16 @@ async def move(self, *paths, destination=None, resolver=None, cursor=None, wait=
         :raises cterasdk.exceptions.io.core.MoveError: Raised on error moving resources.
         """
         try:
-            return await Move(io.move, self._core, wait, *paths, destination=destination, resolver=resolver, cursor=cursor).a_execute()
+            return await Move(
+                io.move,
+                self._core,
+                wait,
+                *paths,
+                destination=destination,
+                resolver=resolver,
+                cursor=cursor,
+                strict_permission=strict_permission
+            ).a_execute()
         except ValueError:
             raise ValueError('Move destination was not specified.')
 

cterasdk/cio/core/commands.py

@@ -20,6 +20,30 @@
 logger = logging.getLogger('cterasdk.core')
 
 
+def _is_permission_denied_message(message):
+    msg = (message or '').lower()
+    return (
+        'permission' in msg
+        or 'denied' in msg
+        or 'read only' in msg
+        or 'action is not allowed' in msg
+    )
+
+
+def _raise_strict_permission_denied(result, path):
+    if result is None:
+        raise exceptions.io.core.PrivilegeError(path)
+    if isinstance(result, str) and not result.strip():
+        raise exceptions.io.core.PrivilegeError(path)
+
+    msg = getattr(result, 'msg', None)
+    rc = getattr(result, 'rc', None)
+    if msg and _is_permission_denied_message(msg):
+        raise exceptions.io.core.PrivilegeError(path)
+    if msg in (None, '') and rc in (0, '0', None):
+        raise exceptions.io.core.PrivilegeError(path)
+
+
 def split_file_directory(listdir, receiver, destination):
     """
     Split a path into its parent directory and final component.
@@ -120,12 +144,13 @@ def ensure_writeable(resource, directory):
 
 class Upload(PortalCommand):
 
-    def __init__(self, function, receiver, listdir, destination, fd, name, size):
+    def __init__(self, function, receiver, listdir, destination, fd, name, size, strict_permission=False):
         super().__init__(function, receiver)
         self.destination = automatic_resolution(destination, receiver.context)
         self._resolver = PathResolver(listdir, receiver, self.destination, name)
         self.size = size
         self.fd = fd
+        self._strict_permission = strict_permission
         self._resource = None
 
     def get_parameter(self):
@@ -156,6 +181,8 @@ async def _a_execute(self):
 
     def _handle_response(self, r):
         path = self.destination.relative
+        if self._strict_permission:
+            _raise_strict_permission_denied(r, path)
         if r.rc:
             error = exceptions.io.core.UploadError(r.msg, path)
             logger.error('Upload failed: %s', path)
@@ -596,10 +623,11 @@ def _handle_exception(self, e):
 class CreateDirectory(PortalCommand):
     """Create Directory"""
 
-    def __init__(self, function, receiver, path, parents=False):
+    def __init__(self, function, receiver, path, parents=False, strict_permission=False):
         super().__init__(function, receiver)
         self.path = automatic_resolution(path, receiver.context)
         self.parents = parents
+        self._strict_permission = strict_permission
 
     def get_parameter(self):
         param = Object()
@@ -622,7 +650,12 @@ def _execute(self):
         if self.parents:
             for path in self._parents_generator():
                 try:
-                    CreateDirectory(self._function, self._receiver, path).execute()
+                    CreateDirectory(
+                        self._function,
+                        self._receiver,
+                        path,
+                        strict_permission=self._strict_permission
+                    ).execute()
                 except exceptions.io.core.CreateDirectoryError as e:
                     CreateDirectory._suppress_file_conflict_error(e)
         with self.trace_execution():
@@ -632,7 +665,12 @@ async def _a_execute(self):
         if self.parents:
             for path in self._parents_generator():
                 try:
-                    await CreateDirectory(self._function, self._receiver, path).a_execute()
+                    await CreateDirectory(
+                        self._function,
+                        self._receiver,
+                        path,
+                        strict_permission=self._strict_permission
+                    ).a_execute()
                 except exceptions.io.core.CreateDirectoryError as e:
                     CreateDirectory._suppress_file_conflict_error(e)
         with self.trace_execution():
@@ -645,6 +683,8 @@ def _suppress_file_conflict_error(e):
 
     def _handle_response(self, r):
         path = self.path.relative
+        if self._strict_permission:
+            _raise_strict_permission_denied(r, path)
         if r is None or r == 'Ok':
             return path
 
@@ -903,10 +943,11 @@ def _handle_response(self, r):
 
 class TaskCommand(PortalCommand):
 
-    def __init__(self, function, receiver, block):
+    def __init__(self, function, receiver, block, strict_permission=False):
         super().__init__(function, receiver)
         self.block = block
         self.background = True
+        self._strict_permission = strict_permission
 
     @abstractmethod
     def _progress_str(self):
@@ -938,6 +979,11 @@ async def _a_execute(self):
             return await function(self.get_parameter())
 
     def _handle_response(self, r):
+        if self._strict_permission:
+            msg = getattr(r, 'msg', None)
+            error_type = getattr(r, 'error_type', None)
+            if _is_permission_denied_message(str(msg)) or _is_permission_denied_message(str(error_type)):
+                raise exceptions.io.core.PrivilegeError('')
         if not self.block:
             return r
 
@@ -958,8 +1004,8 @@ def _task_error(self, task):  # pylint: disable=no-self-use
 
 class MultiResourceCommand(TaskCommand):
 
-    def __init__(self, function, receiver, block, *paths):
-        super().__init__(function, receiver, block)
+    def __init__(self, function, receiver, block, *paths, strict_permission=False):
+        super().__init__(function, receiver, block, strict_permission=strict_permission)
         self.paths = list(automatic_resolution(paths, receiver.context))
 
     def get_parameter(self):
@@ -998,8 +1044,9 @@ def _task_error(self, task):
 
 class ResolverCommand(TaskCommand):
 
-    def __init__(self, function, receiver, block, *paths, destination=None, resolver=None, cursor=None):
-        super().__init__(function, receiver, block)
+    def __init__(self, function, receiver, block, *paths, destination=None, resolver=None, cursor=None,
+                 strict_permission=False):
+        super().__init__(function, receiver, block, strict_permission=strict_permission)
         self.paths = list(automatic_resolution(paths, receiver.context))
         self.destination = automatic_resolution(destination, receiver.context)
         self.resolver = resolver
@@ -1088,11 +1135,13 @@ def _progress_str(self):
 
     def _try_with_resolver(self, cursor):
         return Copy(self._function, self._receiver, self.block, *self.paths,
-                    destination=self.destination, resolver=self.resolver, cursor=cursor).execute()
+                    destination=self.destination, resolver=self.resolver, cursor=cursor,
+                    strict_permission=self._strict_permission).execute()
 
     async def _a_try_with_resolver(self, cursor):
         return await Copy(self._function, self._receiver, self.block, *self.paths,
-                          destination=self.destination, resolver=self.resolver, cursor=cursor).a_execute()
+                          destination=self.destination, resolver=self.resolver, cursor=cursor,
+                          strict_permission=self._strict_permission).a_execute()
 
     @property
     def _error_object(self):
@@ -1106,11 +1155,13 @@ def _progress_str(self):
 
     def _try_with_resolver(self, cursor):
         return Move(self._function, self._receiver, self.block, *self.paths,
-                    destination=self.destination, resolver=self.resolver, cursor=cursor).execute()
+                    destination=self.destination, resolver=self.resolver, cursor=cursor,
+                    strict_permission=self._strict_permission).execute()
 
     async def _a_try_with_resolver(self, cursor):
         return await Move(self._function, self._receiver, self.block, *self.paths,
-                          destination=self.destination, resolver=self.resolver, cursor=cursor).a_execute()
+                          destination=self.destination, resolver=self.resolver, cursor=cursor,
+                          strict_permission=self._strict_permission).a_execute()
 
     @property
     def _error_object(self):
@@ -1122,21 +1173,26 @@ class Rename(Move):
     def _progress_str(self):
         return 'Renaming'
 
-    def __init__(self, function, receiver, block, path, new_name, resolver, cursor=None):
-        super().__init__(function, receiver, block,
-                         *[(path, automatic_resolution(path, receiver.context).parent.join(new_name))],
-                         resolver=resolver, cursor=cursor
-                         )
+    def __init__(self, function, receiver, block, path, new_name, resolver, cursor=None, strict_permission=False):
+        super().__init__(
+            function,
+            receiver,
+            block,
+            *[(path, automatic_resolution(path, receiver.context).parent.join(new_name))],
+            resolver=resolver,
+            cursor=cursor,
+            strict_permission=strict_permission
+        )
 
     def _try_with_resolver(self, cursor):
         source, destination = self.paths[0]
         return Rename(self._function, self._receiver, self.block, source, destination.name,
-                      resolver=self.resolver, cursor=cursor).execute()
+                      resolver=self.resolver, cursor=cursor, strict_permission=self._strict_permission).execute()
 
     async def _a_try_with_resolver(self, cursor):
         source, destination = self.paths[0]
         return await Rename(self._function, self._receiver, self.block, source, destination.name,
-                            resolver=self.resolver, cursor=cursor).a_execute()
+                            resolver=self.resolver, cursor=cursor, strict_permission=self._strict_permission).a_execute()
 
     @property
     def _error_object(self):