.. Warning: this file is automatically generated. Edits will be lost .. list-table:: Functions defined in :mod:`CNAuthorization` :widths: 3 3 10 10 30 :header-rows: 1 * - Tier - Version - REST - Function - Parameters * - Tier 2 - 1.0, 2.0 - ``PUT /owner/{id}`` - :func:`setRightsHolder` - (:class:`session`, :class:`id`, :class:`userId`, ``serialVersion``) ``->`` :class:`Types.Identifier` * - Tier 2 - 1.0, 2.0 - ``GET /isAuthorized/{id}?action={action}`` - :func:`isAuthorized` - (:class:`session`, :class:`id`, :class:`action`) ``->`` boolean * - Tier 2 - 1.0, 2.0 - ``PUT /accessRules/{id}`` - :func:`setAccessPolicy` - (:class:`session`, :class:`id`, :class:`accessPolicy`, ``serialVersion``) ``->`` boolean .. function:: setRightsHolder(session,id,userId,serialVersion) -> Identifier Changes ownership (RightsHolder) of the specified object to the :term:`subject` specified by `userId` v2.0: The supplied identifier may be a :term:`PID` or a :term:`SID`. :Version: 1.0, 2.0 :Use Cases: :doc:`UC16 ` :REST URL: ``PUT /owner/{id}`` :param session: Session information that contains the identity of the calling user as retrieved from the X.509 certificate which must be traceable to the CILogon service. The subject of the session defaults to the :term:`public user` if the certificate was not provided with the request. Transmitted as part of the SSL handshake process. :type session: :class:`Types.Session` :param id: Identifier of the object to be modified. May be either a PID or a SID, the latter acting on the HEAD PID. Transmitted as part of the URL path and must be escaped accordingly. :type id: :class:`Types.Identifier` :param userId: The subject that will be taking ownership of the specified object. Transmitted as a UTF-8 String as a *Param part* of the MIME multipart/mixed message. :type userId: :class:`Types.Subject` :param serialVersion: The serialVersion of the system metadata that is the intended target for the change. Transmitted as a UTF-8 String as a *Param part* of the MIME multipart/mixed message. :type serialVersion: unsigned long :returns: Identifier of the object that was modified :rtype: :class:`Types.Identifier` :raises Exceptions.ServiceFailure: ``(errorCode=500, detailCode=4490)`` :raises Exceptions.InvalidToken: ``(errorCode=401, detailCode=4480)`` :raises Exceptions.NotAuthorized: ``(errorCode=401, detailCode=4440)`` The supplied subject does not have permission to change ownership of the object :raises Exceptions.NotFound: ``(errorCode=404, detailCode=4460)`` The specified object does not exist in the DataONE system :raises Exceptions.NotImplemented: ``(errorCode=501, detailCode=4441)`` :raises Exceptions.InvalidRequest: ``(errorCode=400, detailCode=4442)`` :raises Exceptions.VersionMismatch: ``(errorCode=409, detailCode=4443)`` The serialVersion supplied with the request does not match the serialVersion of the target .. function:: isAuthorized(session,id,action) -> boolean Test if the user identified by the provided token has authorization for operation on the specified object. A successful operation is indicated by a return HTTP status of 200. Failure is indicated by an exception such as :exc:`NotAuthorized` being returned. A successful response is indicated by a response HTTP status of 200. The body of the response is arbitrary and SHOULD be ignored by the caller. If the action is not authorized, then a :exc:`NotAuthorized` exception MUST be raised. v2.0: The supplied identifier may be a :term:`PID` or a :term:`SID`. :Version: 1.0, 2.0 :Use Cases: :doc:`UC01 `, :doc:`UC02 `, :doc:`UC36 `, :doc:`UC37 ` :REST URL: ``GET /isAuthorized/{id}?action={action}`` :param session: Session information that contains the identity of the calling user as retrieved from the X.509 certificate which must be traceable to the CILogon service. The subject of the session defaults to the :term:`public user` if the certificate was not provided with the request. Transmitted as part of the SSL handshake process. :type session: :class:`Types.Session` :param id: The identifer of the resource for which access is being checked. May be either a PID or a SID, the latter returning results as if called with the HEAD PID. Transmitted as part of the URL path and must be escaped accordingly. :type id: :class:`Types.Identifier` :param action: The type of operation which is being requested for the given identifier. Transmitted as a URL query parameter, and so must be escaped accordingly. :type action: :class:`Types.Permission` :returns: True if the operation is allowed :rtype: boolean :raises Exceptions.ServiceFailure: ``(errorCode=500, detailCode=1760)`` :raises Exceptions.InvalidToken: ``(errorCode=401, detailCode=1840)`` :raises Exceptions.NotFound: ``(errorCode=404, detailCode=1800)`` :raises Exceptions.NotAuthorized: ``(errorCode=401, detailCode=1820)`` This error is raised if the request comes from a black listed source (e.g. a temporary block may be imposed on a source that calls this method too many times within some time interval) :raises Exceptions.NotImplemented: ``(errorCode=501, detailCode=1780)`` :raises Exceptions.InvalidRequest: ``(errorCode=400, detailCode=1761)`` .. function:: setAccessPolicy(session,id,accessPolicy,serialVersion) -> boolean Sets the access permissions for an object identified by *id*. Triggers a change to the system metadata modified time stamp. Successful completion of this operation is indicated by a HTTP response status code of 200. Unsuccessful completion of this operation MUST be indicated by returning an appropriate exception such as :exc:`NotAuthorized`. v2.0: The supplied identifier may be a :term:`PID` or a :term:`SID`. :Version: 1.0, 2.0 :Use Cases: :doc:`UC16 ` :REST URL: ``PUT /accessRules/{id}`` :param session: Session information that contains the identity of the calling user as retrieved from the X.509 certificate which must be traceable to the CILogon service. The subject of the session defaults to the :term:`public user` if the certificate was not provided with the request. Transmitted as part of the SSL handshake process. :type session: :class:`Types.Session` :param id: The object for which access control is being updated. May be either a PID or a SID, the latter acting on the HEAD PID only. Transmitted as part of the URL path and must be escaped accordingly. :type id: :class:`Types.Identifier` :param accessPolicy: The desired privileges to be assigned to the object. Transmitted as an UTF-8 encoded XML structure for the respective type as defined in the DataONE types schema, as a *File part* of the MIME multipart/mixed message. :type accessPolicy: :class:`Types.AccessPolicy` :param serialVersion: The serialVersion of the system metadata that is the intended target for the change. Transmitted as a UTF-8 String as a *Param part* of the MIME multipart/mixed message. :type serialVersion: unsigned long :returns: True if the operation succeeds, otherwise false. :rtype: boolean :raises Exceptions.InvalidToken: ``(errorCode=401, detailCode=4410)`` The supplied token is invalid :raises Exceptions.ServiceFailure: ``(errorCode=500, detailCode=4430)`` :raises Exceptions.NotFound: ``(errorCode=404, detailCode=4400)`` The specified object does not exist in the DataONE system :raises Exceptions.NotAuthorized: ``(errorCode=401, detailCode=4420)`` The :term:`Subject` does not have permission to alter access control rules for the object. :raises Exceptions.NotImplemented: ``(errorCode=501, detailCode=4401)`` :raises Exceptions.InvalidRequest: ``(errorCode=400, detailCode=4402)`` :raises Exceptions.VersionMismatch: ``(errorCode=409, detailCode=4403)`` The serialVersion supplied with the request does not match the serialVersion of the target