PyPI - rucio - Versions diffs - 35.7.0__py3-none-any.whl → 37.0.0rc2__py3-none-any.whl - Mend

rucio 35.7.0py3-none-any.whl → 37.0.0rc2py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rucio might be problematic. Click here for more details.

Files changed (268) hide show

rucio/alembicrevision.py +1 -1
rucio/{daemons/c3po/collectors → cli}/__init__.py +1 -0
rucio/cli/account.py +216 -0
rucio-35.7.0.data/scripts/rucio → rucio/cli/bin_legacy/rucio.py +769 -486
rucio-35.7.0.data/scripts/rucio-admin → rucio/cli/bin_legacy/rucio_admin.py +476 -423
rucio/cli/command.py +272 -0
rucio/cli/config.py +72 -0
rucio/cli/did.py +191 -0
rucio/cli/download.py +128 -0
rucio/cli/lifetime_exception.py +33 -0
rucio/cli/replica.py +162 -0
rucio/cli/rse.py +293 -0
rucio/cli/rule.py +158 -0
rucio/cli/scope.py +40 -0
rucio/cli/subscription.py +73 -0
rucio/cli/upload.py +60 -0
rucio/cli/utils.py +226 -0
rucio/client/accountclient.py +0 -1
rucio/client/baseclient.py +33 -24
rucio/client/client.py +45 -1
rucio/client/didclient.py +5 -3
rucio/client/downloadclient.py +6 -8
rucio/client/replicaclient.py +0 -2
rucio/client/richclient.py +317 -0
rucio/client/rseclient.py +4 -4
rucio/client/uploadclient.py +26 -12
rucio/common/bittorrent.py +234 -0
rucio/common/cache.py +66 -29
rucio/common/checksum.py +168 -0
rucio/common/client.py +122 -0
rucio/common/config.py +22 -35
rucio/common/constants.py +61 -3
rucio/common/didtype.py +72 -24
rucio/common/dumper/__init__.py +45 -38
rucio/common/dumper/consistency.py +75 -30
rucio/common/dumper/data_models.py +63 -19
rucio/common/dumper/path_parsing.py +19 -8
rucio/common/exception.py +65 -8
rucio/common/extra.py +5 -10
rucio/common/logging.py +13 -13
rucio/common/pcache.py +8 -7
rucio/common/plugins.py +59 -27
rucio/common/policy.py +12 -3
rucio/common/schema/__init__.py +84 -34
rucio/common/schema/generic.py +0 -17
rucio/common/schema/generic_multi_vo.py +0 -17
rucio/common/stomp_utils.py +383 -119
rucio/common/test_rucio_server.py +12 -6
rucio/common/types.py +132 -52
rucio/common/utils.py +93 -643
rucio/core/account_limit.py +14 -12
rucio/core/authentication.py +2 -2
rucio/core/config.py +23 -42
rucio/core/credential.py +14 -15
rucio/core/did.py +5 -1
rucio/core/did_meta_plugins/elasticsearch_meta.py +407 -0
rucio/core/did_meta_plugins/filter_engine.py +62 -3
rucio/core/did_meta_plugins/json_meta.py +2 -2
rucio/core/did_meta_plugins/mongo_meta.py +43 -30
rucio/core/did_meta_plugins/postgres_meta.py +75 -39
rucio/core/identity.py +6 -5
rucio/core/importer.py +4 -3
rucio/core/lifetime_exception.py +2 -2
rucio/core/lock.py +8 -7
rucio/core/message.py +6 -0
rucio/core/monitor.py +30 -29
rucio/core/naming_convention.py +2 -2
rucio/core/nongrid_trace.py +2 -2
rucio/core/oidc.py +11 -9
rucio/core/permission/__init__.py +79 -37
rucio/core/permission/generic.py +1 -7
rucio/core/permission/generic_multi_vo.py +1 -7
rucio/core/quarantined_replica.py +4 -3
rucio/core/replica.py +464 -139
rucio/core/replica_sorter.py +55 -59
rucio/core/request.py +34 -32
rucio/core/rse.py +301 -97
rucio/core/rse_counter.py +1 -2
rucio/core/rse_expression_parser.py +7 -7
rucio/core/rse_selector.py +9 -7
rucio/core/rule.py +41 -40
rucio/core/rule_grouping.py +42 -40
rucio/core/scope.py +5 -4
rucio/core/subscription.py +26 -28
rucio/core/topology.py +11 -11
rucio/core/trace.py +2 -2
rucio/core/transfer.py +29 -15
rucio/core/volatile_replica.py +4 -3
rucio/daemons/atropos/atropos.py +1 -1
rucio/daemons/auditor/__init__.py +2 -2
rucio/daemons/auditor/srmdumps.py +6 -6
rucio/daemons/automatix/automatix.py +32 -21
rucio/daemons/badreplicas/necromancer.py +2 -2
rucio/daemons/bb8/nuclei_background_rebalance.py +1 -1
rucio/daemons/bb8/t2_background_rebalance.py +1 -1
rucio/daemons/cache/consumer.py +26 -90
rucio/daemons/common.py +15 -25
rucio/daemons/conveyor/finisher.py +2 -2
rucio/daemons/conveyor/poller.py +18 -28
rucio/daemons/conveyor/receiver.py +53 -123
rucio/daemons/conveyor/stager.py +1 -0
rucio/daemons/conveyor/submitter.py +3 -3
rucio/daemons/hermes/hermes.py +129 -369
rucio/daemons/judge/evaluator.py +2 -2
rucio/daemons/oauthmanager/oauthmanager.py +3 -3
rucio/daemons/reaper/dark_reaper.py +7 -3
rucio/daemons/reaper/reaper.py +12 -16
rucio/daemons/rsedecommissioner/config.py +1 -1
rucio/daemons/rsedecommissioner/profiles/generic.py +5 -4
rucio/daemons/rsedecommissioner/profiles/types.py +7 -6
rucio/daemons/rsedecommissioner/rse_decommissioner.py +1 -1
rucio/daemons/storage/consistency/actions.py +8 -6
rucio/daemons/tracer/kronos.py +117 -142
rucio/db/sqla/constants.py +5 -0
rucio/db/sqla/migrate_repo/versions/1677d4d803c8_split_rse_availability_into_multiple.py +4 -4
rucio/db/sqla/migrate_repo/versions/30d5206e9cad_increase_oauthrequest_redirect_msg_.py +37 -0
rucio/db/sqla/models.py +157 -154
rucio/db/sqla/session.py +58 -27
rucio/db/sqla/types.py +2 -2
rucio/db/sqla/util.py +2 -2
rucio/gateway/account.py +18 -12
rucio/gateway/account_limit.py +137 -60
rucio/gateway/authentication.py +18 -12
rucio/gateway/config.py +30 -20
rucio/gateway/credential.py +9 -10
rucio/gateway/did.py +70 -53
rucio/gateway/dirac.py +6 -4
rucio/gateway/exporter.py +3 -2
rucio/gateway/heartbeat.py +6 -4
rucio/gateway/identity.py +36 -51
rucio/gateway/importer.py +3 -2
rucio/gateway/lifetime_exception.py +3 -2
rucio/gateway/meta_conventions.py +17 -6
rucio/gateway/permission.py +4 -1
rucio/gateway/quarantined_replica.py +3 -2
rucio/gateway/replica.py +31 -22
rucio/gateway/request.py +27 -18
rucio/gateway/rse.py +69 -37
rucio/gateway/rule.py +46 -26
rucio/gateway/scope.py +3 -2
rucio/gateway/subscription.py +14 -11
rucio/gateway/vo.py +12 -8
rucio/rse/__init__.py +3 -3
rucio/rse/protocols/bittorrent.py +11 -1
rucio/rse/protocols/cache.py +0 -11
rucio/rse/protocols/dummy.py +0 -11
rucio/rse/protocols/gfal.py +14 -9
rucio/rse/protocols/globus.py +1 -1
rucio/rse/protocols/http_cache.py +1 -1
rucio/rse/protocols/posix.py +2 -2
rucio/rse/protocols/protocol.py +84 -317
rucio/rse/protocols/rclone.py +2 -1
rucio/rse/protocols/rfio.py +10 -1
rucio/rse/protocols/ssh.py +2 -1
rucio/rse/protocols/storm.py +2 -13
rucio/rse/protocols/webdav.py +74 -30
rucio/rse/protocols/xrootd.py +2 -1
rucio/rse/rsemanager.py +170 -53
rucio/rse/translation.py +260 -0
rucio/tests/common.py +23 -13
rucio/tests/common_server.py +26 -9
rucio/transfertool/bittorrent.py +15 -14
rucio/transfertool/bittorrent_driver.py +5 -7
rucio/transfertool/bittorrent_driver_qbittorrent.py +9 -8
rucio/transfertool/fts3.py +20 -16
rucio/transfertool/mock.py +2 -3
rucio/vcsversion.py +4 -4
rucio/version.py +7 -0
rucio/web/rest/flaskapi/v1/accounts.py +17 -3
rucio/web/rest/flaskapi/v1/auth.py +5 -5
rucio/web/rest/flaskapi/v1/credentials.py +3 -2
rucio/web/rest/flaskapi/v1/dids.py +21 -15
rucio/web/rest/flaskapi/v1/identities.py +33 -9
rucio/web/rest/flaskapi/v1/redirect.py +5 -4
rucio/web/rest/flaskapi/v1/replicas.py +12 -8
rucio/web/rest/flaskapi/v1/rses.py +15 -4
rucio/web/rest/flaskapi/v1/traces.py +56 -19
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/etc/alembic.ini.template +1 -1
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/etc/alembic_offline.ini.template +1 -1
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/etc/rucio.cfg.atlas.client.template +3 -2
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/etc/rucio.cfg.template +3 -19
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/etc/rucio_multi_vo.cfg.template +1 -18
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/requirements.server.txt +97 -68
rucio-37.0.0rc2.data/scripts/rucio +133 -0
rucio-37.0.0rc2.data/scripts/rucio-admin +97 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-atropos +2 -2
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-auditor +2 -1
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-automatix +2 -2
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-cache-client +17 -10
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-conveyor-receiver +1 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-kronos +1 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-minos +2 -2
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-minos-temporary-expiration +2 -2
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-necromancer +2 -2
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-reaper +6 -6
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-transmogrifier +2 -2
rucio-37.0.0rc2.dist-info/METADATA +92 -0
{rucio-35.7.0.dist-info → rucio-37.0.0rc2.dist-info}/RECORD +239 -245
{rucio-35.7.0.dist-info → rucio-37.0.0rc2.dist-info}/licenses/AUTHORS.rst +3 -0
rucio/common/schema/atlas.py +0 -413
rucio/common/schema/belleii.py +0 -408
rucio/common/schema/domatpc.py +0 -401
rucio/common/schema/escape.py +0 -426
rucio/common/schema/icecube.py +0 -406
rucio/core/permission/atlas.py +0 -1348
rucio/core/permission/belleii.py +0 -1077
rucio/core/permission/escape.py +0 -1078
rucio/daemons/c3po/algorithms/__init__.py +0 -13
rucio/daemons/c3po/algorithms/simple.py +0 -134
rucio/daemons/c3po/algorithms/t2_free_space.py +0 -128
rucio/daemons/c3po/algorithms/t2_free_space_only_pop.py +0 -130
rucio/daemons/c3po/algorithms/t2_free_space_only_pop_with_network.py +0 -294
rucio/daemons/c3po/c3po.py +0 -371
rucio/daemons/c3po/collectors/agis.py +0 -108
rucio/daemons/c3po/collectors/free_space.py +0 -81
rucio/daemons/c3po/collectors/jedi_did.py +0 -57
rucio/daemons/c3po/collectors/mock_did.py +0 -51
rucio/daemons/c3po/collectors/network_metrics.py +0 -71
rucio/daemons/c3po/collectors/workload.py +0 -112
rucio/daemons/c3po/utils/__init__.py +0 -13
rucio/daemons/c3po/utils/dataset_cache.py +0 -50
rucio/daemons/c3po/utils/expiring_dataset_cache.py +0 -56
rucio/daemons/c3po/utils/expiring_list.py +0 -62
rucio/daemons/c3po/utils/popularity.py +0 -85
rucio/daemons/c3po/utils/timeseries.py +0 -89
rucio/rse/protocols/gsiftp.py +0 -92
rucio-35.7.0.data/scripts/rucio-c3po +0 -85
rucio-35.7.0.dist-info/METADATA +0 -72
/rucio/{daemons/c3po → cli/bin_legacy}/__init__.py +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/etc/globus-config.yml.template +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/etc/ldap.cfg.template +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/etc/mail_templates/rule_approval_request.tmpl +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/etc/mail_templates/rule_approved_admin.tmpl +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/etc/mail_templates/rule_approved_user.tmpl +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/etc/mail_templates/rule_denied_admin.tmpl +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/etc/mail_templates/rule_denied_user.tmpl +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/etc/mail_templates/rule_ok_notification.tmpl +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/etc/rse-accounts.cfg.template +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/tools/bootstrap.py +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/tools/merge_rucio_configs.py +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/data/rucio/tools/reset_database.py +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-abacus-account +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-abacus-collection-replica +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-abacus-rse +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-bb8 +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-cache-consumer +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-conveyor-finisher +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-conveyor-poller +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-conveyor-preparer +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-conveyor-stager +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-conveyor-submitter +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-conveyor-throttler +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-dark-reaper +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-dumper +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-follower +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-hermes +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-judge-cleaner +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-judge-evaluator +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-judge-injector +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-judge-repairer +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-oauth-manager +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-replica-recoverer +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-rse-decommissioner +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-storage-consistency-actions +0 -0
{rucio-35.7.0.data → rucio-37.0.0rc2.data}/scripts/rucio-undertaker +0 -0
{rucio-35.7.0.dist-info → rucio-37.0.0rc2.dist-info}/WHEEL +0 -0
{rucio-35.7.0.dist-info → rucio-37.0.0rc2.dist-info}/licenses/LICENSE +0 -0
{rucio-35.7.0.dist-info → rucio-37.0.0rc2.dist-info}/top_level.txt +0 -0

rucio/core/permission/belleii.py DELETED Viewed

@@ -1,1077 +0,0 @@
-# Copyright European Organization for Nuclear Research (CERN) since 2012
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-from typing import TYPE_CHECKING
-import rucio.core.scope
-from rucio.common.config import config_get
-from rucio.common.constants import RseAttr
-from rucio.common.types import InternalAccount, InternalScope
-from rucio.core.account import has_account_attribute, list_account_attributes
-from rucio.core.did import get_metadata
-from rucio.core.identity import exist_identity_account
-from rucio.core.lifetime_exception import list_exceptions
-from rucio.core.rse import list_rse_attributes
-from rucio.core.rse_expression_parser import parse_expression
-from rucio.core.rule import get_rule
-from rucio.db.sqla.constants import IdentityType
-if TYPE_CHECKING:
-    from typing import Optional
-    from sqlalchemy.orm import Session
-def has_permission(issuer: "InternalAccount", action: str, kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account has the specified permission to
-    execute an action with parameters.
-    :param issuer: Account identifier which issues the command..
-    :param action:  The action(API call) called by the account.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    perm = {'add_account': perm_add_account,
-            'del_account': perm_del_account,
-            'update_account': perm_update_account,
-            'add_rule': perm_add_rule,
-            'add_subscription': perm_add_subscription,
-            'add_scope': perm_add_scope,
-            'add_rse': perm_add_rse,
-            'update_rse': perm_update_rse,
-            'add_protocol': perm_add_protocol,
-            'del_protocol': perm_del_protocol,
-            'update_protocol': perm_update_protocol,
-            'declare_bad_file_replicas': perm_declare_bad_file_replicas,
-            'declare_suspicious_file_replicas': perm_declare_suspicious_file_replicas,
-            'add_replicas': perm_add_replicas,
-            'delete_replicas': perm_delete_replicas,
-            'skip_availability_check': perm_skip_availability_check,
-            'update_replicas_states': perm_update_replicas_states,
-            'add_rse_attribute': perm_add_rse_attribute,
-            'del_rse_attribute': perm_del_rse_attribute,
-            'del_rse': perm_del_rse,
-            'del_rule': perm_del_rule,
-            'update_rule': perm_update_rule,
-            'approve_rule': perm_approve_rule,
-            'update_subscription': perm_update_subscription,
-            'reduce_rule': perm_reduce_rule,
-            'move_rule': perm_move_rule,
-            'get_auth_token_user_pass': perm_get_auth_token_user_pass,
-            'get_auth_token_gss': perm_get_auth_token_gss,
-            'get_auth_token_x509': perm_get_auth_token_x509,
-            'get_auth_token_saml': perm_get_auth_token_saml,
-            'add_account_identity': perm_add_account_identity,
-            'add_did': perm_add_did,
-            'add_dids': perm_add_dids,
-            'attach_dids': perm_attach_dids,
-            'detach_dids': perm_detach_dids,
-            'attach_dids_to_dids': perm_attach_dids_to_dids,
-            'create_did_sample': perm_create_did_sample,
-            'set_metadata': perm_set_metadata,
-            'set_metadata_bulk': perm_set_metadata_bulk,
-            'set_status': perm_set_status,
-            'queue_requests': perm_queue_requests,
-            'set_rse_usage': perm_set_rse_usage,
-            'set_rse_limits': perm_set_rse_limits,
-            'get_request_by_did': perm_get_request_by_did,
-            'cancel_request': perm_cancel_request,
-            'get_next': perm_get_next,
-            'set_local_account_limit': perm_set_local_account_limit,
-            'set_global_account_limit': perm_set_global_account_limit,
-            'delete_local_account_limit': perm_delete_local_account_limit,
-            'delete_global_account_limit': perm_delete_global_account_limit,
-            'config_sections': perm_config,
-            'config_add_section': perm_config,
-            'config_has_section': perm_config,
-            'config_options': perm_config,
-            'config_has_option': perm_config,
-            'config_get': perm_config,
-            'config_items': perm_config,
-            'config_set': perm_config,
-            'config_remove_section': perm_config,
-            'config_remove_option': perm_config,
-            'get_local_account_usage': perm_get_local_account_usage,
-            'get_global_account_usage': perm_get_global_account_usage,
-            'add_attribute': perm_add_account_attribute,
-            'del_attribute': perm_del_account_attribute,
-            'list_heartbeats': perm_list_heartbeats,
-            'resurrect': perm_resurrect,
-            'update_lifetime_exceptions': perm_update_lifetime_exceptions,
-            'get_auth_token_ssh': perm_get_auth_token_ssh,
-            'get_signed_url': perm_get_signed_url,
-            'add_bad_pfns': perm_add_bad_pfns,
-            'del_account_identity': perm_del_account_identity,
-            'del_identity': perm_del_identity,
-            'remove_did_from_followed': perm_remove_did_from_followed,
-            'remove_dids_from_followed': perm_remove_dids_from_followed}
-    return perm.get(action, perm_default)(issuer=issuer, kwargs=kwargs, session=session)
-def _is_root(issuer):
-    return issuer.external == 'root'
-def _perm_country(issuer: "InternalAccount", rses: list, roles: list, *, session: "Optional[Session]" = None) -> bool:
-    admin_in_country = []
-    for kv in list_account_attributes(account=issuer, session=session):
-        if kv['key'].startswith('country-') and kv['value'] == 'admin':
-            admin_in_country.append(kv['key'].partition('-')[2])
-    if admin_in_country:
-        for rse in rses:
-            if list_rse_attributes(rse_id=rse['id'], session=session).get(RseAttr.COUNTRY) in admin_in_country:
-                return True
-    return False
-def perm_default(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Default permission.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return _is_root(issuer) or has_account_attribute(account=issuer, key='admin', session=session)
-def perm_add_rse(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can add a RSE.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='rse_admin', session=session)
-def perm_update_rse(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can update a RSE.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='rse_admin', session=session)
-def perm_add_rule(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can add a replication rule.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    restricted_scopes = config_get('permission', 'restricted_scopes', raise_exception=False, default=[], session=session)
-    # TODO change to config_get_list
-    if kwargs['account'] == issuer:
-        if kwargs.get('scope') and restricted_scopes and kwargs['scope'] in restricted_scopes:
-            return False
-        if kwargs.get('dids'):
-            for did in kwargs['dids']:
-                if restricted_scopes and did['scope'] in restricted_scopes:
-                    return False
-        return True
-    return perm_default(issuer, kwargs, session=session) or has_account_attribute(account=issuer, key='rule_admin', session=session)
-def perm_add_subscription(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can add a subscription.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='subscription_admin', session=session)
-def perm_add_rse_attribute(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can add a RSE attribute.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='rse_admin', session=session)
-def perm_del_rse_attribute(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can delete a RSE attribute.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='rse_admin', session=session)
-def perm_del_rse(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can delete a RSE.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='rse_admin', session=session)
-def perm_add_account(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can add an account.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='account_admin', session=session)
-def perm_del_account(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can del an account.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='account_admin', session=session)
-def perm_update_account(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can update an account.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='account_admin', session=session)
-def perm_add_scope(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can add a scope to an account.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='scope_admin', session=session)
-def perm_get_auth_token_user_pass(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if a user can request a token with user_pass for an account.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    if exist_identity_account(identity=kwargs['username'], type_=IdentityType.USERPASS, account=kwargs['account'], session=session):
-        return True
-    return False
-def perm_get_auth_token_gss(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if a user can request a token with user_pass for an account.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    if exist_identity_account(identity=kwargs['gsscred'], type_=IdentityType.GSS, account=kwargs['account'], session=session):
-        return True
-    return False
-def perm_get_auth_token_x509(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if a user can request a token with user_pass for an account.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    if exist_identity_account(identity=kwargs['dn'], type_=IdentityType.X509, account=kwargs['account'], session=session):
-        return True
-    return False
-def perm_get_auth_token_saml(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if a user can request a token with user_pass for an account.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    if exist_identity_account(identity=kwargs['saml_nameid'], type_=IdentityType.SAML, account=kwargs['account'], session=session):
-        return True
-    return False
-def perm_add_account_identity(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can add an identity to an account.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='account_admin', session=session)
-def perm_del_account_identity(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can delete an identity to an account.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='account_admin', session=session)
-def perm_del_identity(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can delete an identity.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='account_admin', session=session)
-def perm_add_did(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can add an data identifier to a scope.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    # Check the accounts of the issued rules
-    for rule in kwargs.get('rules', []):
-        kwargs_rule = rule
-        if 'scope' not in kwargs_rule:
-            if kwargs['scope'] and not isinstance(kwargs['scope'], str):
-                kwargs_rule['scope'] = kwargs['scope'].external
-            else:
-                kwargs_rule['scope'] = kwargs['scope']
-        if not perm_add_rule(issuer, kwargs=kwargs_rule, session=session):
-            return False
-    scope = kwargs['scope']
-    if isinstance(kwargs['scope'], str):
-        scope = InternalScope(kwargs['scope'])
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='did_admin', session=session)\
-        or has_account_attribute(account=issuer, key='production_account', session=session)\
-        or rucio.core.scope.is_scope_owner(scope=scope, account=issuer, session=session)\
-        or (kwargs.get('name', False) and kwargs['name'].startswith('/belle/scout'))
-def perm_add_dids(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can bulk add data identifiers.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    # Check the accounts of the issued rules
-    for did in kwargs['dids']:
-        if not perm_add_did(issuer, kwargs=did, session=session):
-            return False
-    return True
-def perm_attach_dids(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can append an data identifier to the other data identifier.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='did_admin', session=session)\
-        or rucio.core.scope.is_scope_owner(scope=kwargs['scope'], account=issuer, session=session)
-def perm_attach_dids_to_dids(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can append an data identifier to the other data identifier.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    if perm_default(issuer, kwargs, session=session) or has_account_attribute(account=issuer, key='did_admin', session=session):
-        return True
-    else:
-        attachments = kwargs['attachments']
-        scopes = [did['scope'] for did in attachments]
-        scopes = list(set(scopes))
-        for scope in scopes:
-            if not rucio.core.scope.is_scope_owner(scope, issuer, session=session):
-                return False
-        return True
-def perm_create_did_sample(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can create a sample of a data identifier collection.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='did_admin', session=session)\
-        or rucio.core.scope.is_scope_owner(scope=kwargs['scope'], account=issuer, session=session)\
-        or kwargs['scope'].external == 'mock'
-def perm_del_rule(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an issuer can delete a replication rule.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed to call the API call, otherwise False
-    """
-    rule = get_rule(rule_id=kwargs['rule_id'], session=session)
-    rses = parse_expression(rule['rse_expression'], filter_={'vo': issuer.vo}, session=session)
-    # Check if user is a country admin
-    if _perm_country(issuer=issuer, rses=rses, roles=['admin', ], session=session):
-        return True
-    # DELETERS can delete the rule
-    for rse in rses:
-        rse_attr = list_rse_attributes(rse_id=rse['id'], session=session)
-        if rse_attr.get(RseAttr.RULE_DELETERS):
-            if issuer.external in rse_attr.get(RseAttr.RULE_DELETERS).split(','):
-                return True
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='rule_admin', session=session)\
-        or get_rule(kwargs['rule_id'], session=session)['account'] == issuer
-def perm_update_rule(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an issuer can update a replication rule.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed to call the API call, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='rule_admin', session=session)\
-        or (kwargs.get('rule_id', False) and get_rule(kwargs['rule_id'], session=session)['account'] == issuer)
-def perm_approve_rule(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an issuer can approve a replication rule.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed to call the API call, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='rule_admin', session=session)
-def perm_reduce_rule(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an issuer can reduce a replication rule.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed to call the API call, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='rule_admin', session=session)
-def perm_move_rule(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an issuer can move a replication rule.
-    :param issuer:   Account identifier which issues the command.
-    :param kwargs:   List of arguments for the action.
-    :param session: The DB session to use
-    :returns:        True if account is allowed to call the API call, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='rule_admin', session=session)\
-        or get_rule(kwargs['rule_id'], session=session)['account'] == issuer
-def perm_update_subscription(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can update a subscription.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='subscription_admin', session=session)
-def perm_detach_dids(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can detach an data identifier from the other data identifier.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='did_admin', session=session)\
-        or rucio.core.scope.is_scope_owner(scope=kwargs['scope'], account=issuer, session=session)
-def perm_set_metadata_bulk(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can set a metadata on a data identifier.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    meta = get_metadata(kwargs['scope'], kwargs['name'], session=session)
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='did_admin', session=session)\
-        or meta.get('account', '') == issuer\
-        or rucio.core.scope.is_scope_owner(scope=kwargs['scope'], account=issuer, session=session)
-def perm_set_metadata(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can set a metadata on a data identifier.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    meta = get_metadata(kwargs['scope'], kwargs['name'], session=session)
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='did_admin', session=session)\
-        or meta.get('account', '') == issuer\
-        or rucio.core.scope.is_scope_owner(scope=kwargs['scope'], account=issuer, session=session)
-def perm_set_status(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can set status on an data identifier.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    meta = get_metadata(kwargs['scope'], kwargs['name'], session=session)
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='did_admin', session=session)\
-        or meta.get('account', '') == issuer\
-        or rucio.core.scope.is_scope_owner(scope=kwargs['scope'], account=issuer, session=session)
-def perm_add_protocol(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can add a protocol to an RSE.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='rse_admin', session=session)
-def perm_del_protocol(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can delete protocols from an RSE.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='rse_admin', session=session)
-def perm_update_protocol(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can update protocols of an RSE.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='rse_admin', session=session)
-def perm_declare_bad_file_replicas(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can declare bad file replicas.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)
-def perm_declare_suspicious_file_replicas(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can declare suspicious file replicas.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return True
-def perm_add_replicas(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can add replicas.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    rses = [{'id': kwargs['rse_id']}]
-    if str(kwargs.get('rse', '')).endswith('LOCAL-SE')\
-            and _perm_country(issuer=issuer, rses=rses, roles=['admin', 'user'], session=session):
-        return True
-    return str(kwargs.get('rse', '')).endswith('TMP-SE')\
-        or perm_default(issuer, kwargs, session=session)
-def perm_skip_availability_check(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can skip the availabity check to add/delete file replicas.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)
-def perm_delete_replicas(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can delete replicas.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return False
-def perm_update_replicas_states(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can delete replicas.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)
-def perm_queue_requests(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can submit transfer or deletion requests on destination RSEs for data identifiers.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return _is_root(issuer)
-def perm_query_request(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can query a request.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return _is_root(issuer)
-def perm_get_request_by_did(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can get a request by DID.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return True
-def perm_cancel_request(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can cancel a request.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return _is_root(issuer)
-def perm_get_next(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can retrieve the next request matching the request type and state.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return _is_root(issuer)
-def perm_set_rse_usage(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can set RSE usage information.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed to call the API call, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='rse_admin', session=session)
-def perm_set_rse_limits(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can set RSE limits.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed to call the API call, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='rse_admin', session=session)
-def perm_set_local_account_limit(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can set an account limit.
-    :param account: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    rses = [{'id': kwargs['rse_id']}]
-    if _perm_country(issuer=issuer, rses=rses, roles=['admin', ], session=session):
-        return True
-    return perm_default(issuer, kwargs, session=session)\
-        or (has_account_attribute(account=issuer, key='rse_admin', session=session) and has_account_attribute(account=issuer, key='account_admin', session=session))
-def perm_set_global_account_limit(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can set a global account limit.
-    :param account: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or (has_account_attribute(account=issuer, key='rse_admin', session=session) and has_account_attribute(account=issuer, key='account_admin', session=session))
-def perm_delete_local_account_limit(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can delete an account limit.
-    :param account: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or (has_account_attribute(account=issuer, key='rse_admin', session=session) and has_account_attribute(account=issuer, key='account_admin', session=session))
-def perm_delete_global_account_limit(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can delete a global account limit.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or (has_account_attribute(account=issuer, key='rse_admin', session=session) and has_account_attribute(account=issuer, key='account_admin', session=session))
-def perm_config(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can read/write the configuration.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed to call the API call, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='config_admin', session=session)
-def perm_get_local_account_usage(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can get the account usage of an account.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or kwargs.get('account') == issuer\
-        or has_account_attribute(account=issuer, key='rse_admin', session=session)\
-        or has_account_attribute(account=issuer, key='account_admin', session=session)
-def perm_get_global_account_usage(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can get the account usage of an account.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or kwargs.get('account') == issuer\
-        or has_account_attribute(account=issuer, key='rse_admin', session=session)\
-        or has_account_attribute(account=issuer, key='account_admin', session=session)
-def perm_add_account_attribute(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can add attributes to accounts.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed to call the API call, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='account_admin', session=session)
-def perm_del_account_attribute(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can add attributes to accounts.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed to call the API call, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='account_admin', session=session)
-def perm_list_heartbeats(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can list heartbeats.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed to call the API call, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)
-def perm_resurrect(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can resurrect DIDS.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed to call the API call, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)
-def perm_update_lifetime_exceptions(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can approve/reject Lifetime Model exceptions.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed to call the API call, otherwise False
-    """
-    if kwargs['vo'] is not None:
-        exceptions = next(list_exceptions(exception_id=kwargs['exception_id'], states=False, session=session))
-        if exceptions['scope'].vo != kwargs['vo']:
-            return False
-    return perm_default(issuer, kwargs, session=session)
-def perm_get_auth_token_ssh(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can request an ssh token.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed to call the API call, otherwise False
-    """
-    return True
-def perm_get_signed_url(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can request a signed URL.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed to call the API call, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or has_account_attribute(account=issuer, key='sign-gcs', session=session)
-def perm_add_bad_pfns(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can declare bad PFNs.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)
-def perm_remove_did_from_followed(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can remove did from followed table.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or kwargs['account'] == issuer
-def perm_remove_dids_from_followed(issuer: "InternalAccount", kwargs: dict, *, session: "Optional[Session]" = None) -> bool:
-    """
-    Checks if an account can bulk remove dids from followed table.
-    :param issuer: Account identifier which issues the command.
-    :param kwargs: List of arguments for the action.
-    :param session: The DB session to use
-    :returns: True if account is allowed, otherwise False
-    """
-    return perm_default(issuer, kwargs, session=session)\
-        or kwargs['account'] == issuer

rucio 35.7.0__py3-none-any.whl → 37.0.0rc2__py3-none-any.whl

Potentially problematic release.

rucio 35.7.0py3-none-any.whl → 37.0.0rc2py3-none-any.whl