Changeset 234

Timestamp:

Nov 12, 2007, 3:44:12 AM (16 years ago)

Author:

ecprice

Message:

Now ignore negative rights, rather than treat them as positive.

Also, rearrange and clean up code.

Location:

trunk/web/templates

Files:

• getafsgroups.py (modified) (2 diffs)
• list.tmpl (modified) (2 diffs)
• validation.py (modified) (3 diffs)

trunk/web/templates/getafsgroups.py

@@ -25 +25 @@
 #     return False
 
+class MyException(Exception):
+    pass
+
+def getAfsGroupMembers(group, cell):
+    p = subprocess.Popen(["pts", "membership", group, '-c', cell], 
+                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    if p.wait():
+        return []
+    return [line.strip() for line in p.stdout.readlines()[1:]]
+
 def checkAfsGroup(user, group, cell):
     """
     checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
     """
-    p = subprocess.Popen(["pts", "membership", group, '-c', cell], 
-                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-    if p.wait():
-        return False
-    for line in p.stdout.readlines()[1:]:
-        if line.strip() == user:
-            return True
-    return False
+    return user in getAfsGroupMembers(group, cell)
 
-def checkLockerOwner(user, locker, verbose=False):
-    """
-    checkLockerOwner(user, locker) returns True if and only if user administers locker.
-
-    If verbose is true, instead return the reason for failure, or None
-    if there is no failure.
-    """
+def getCell(locker):
     p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker], 
                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     if p.wait():
-        if verbose:
-            return p.stderr.read()
-        return False
-    cell = p.stdout.read().split()[-1][1:-1]
+        raise MyException(p.stderr.read())
+    return p.stdout.read().split()[-1][1:-1]
+
+def getLockerAcl(locker):
     p = subprocess.Popen(["fs", "listacl", "/mit/" + locker], 
                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     if p.wait():
-        if verbose:
-            return p.stderr.read()
-        return False
-    for line in p.stdout.readlines()[1:]:
-        entry = line.split()
-        if not entry or entry[0] == "Negative":
+        raise MyException(p.stderr.read())
+    lines = p.stdout.readlines()
+    values = []
+    for line in lines[1:]:
+        fields = line.split()
+        if fields[0] == 'Negative':
             break
-        if entry[1] == "rlidwka":
-            if entry[0] == user or (entry[0][0:6] == "system" and 
-                                    checkAfsGroup(user, entry[0], cell)):
-                if verbose:
-                    return None
-                return True
-    if verbose:
-        return "You don't have admin bits on /mit/" + locker
-    return False
+        if 'rlidwka' in fields[1]:
+            values.append(fields[0])
+    return values
+
+def notLockerOwner(user, locker):
+    """
+    notLockerOwner(user, locker) returns false if and only if user administers locker.
+
+    If the user does not own the locker, returns the string reason for
+    the failure.
+    """
+    try:
+        cell = getCell(locker)
+        values = getLockerAcl(locker)
+    except MyException, e:
+        return str(e)
+
+    for entry in values:
+        if entry[0] == user or (entry[0][0:6] == "system" and 
+                                checkAfsGroup(user, entry[0], cell)):
+            return False
+    return "You don't have admin bits on /mit/" + locker
 
 
@@ -79 +89 @@
     print checkAfsGroup("tabbott", "system:debathena-root", 'athena.mit.edu')
     print checkAfsGroup("tabbott", "system:hmmt-request", 'athena.mit.edu')
-    print checkLockerOwner("tabbott", "tabbott")
-    print checkLockerOwner("tabbott", "debathena")
-    print checkLockerOwner("tabbott", "sipb")
-    print checkLockerOwner("tabbott", "lsc")
-    print checkLockerOwner("tabbott", "scripts")
-    print checkLockerOwner("ecprice", "hmmt")
+    print notLockerOwner("tabbott", "tabbott")
+    print notLockerOwner("tabbott", "debathena")
+    print notLockerOwner("tabbott", "sipb")
+    print notLockerOwner("tabbott", "lsc")
+    print notLockerOwner("tabbott", "scripts")
+    print notLockerOwner("ecprice", "hmmt")

trunk/web/templates/list.tmpl

@@ -68 +68 @@
         <td>${machine.memory}M</td>
         <td>$machine.owner</td>
+        <td>$machine.administrator</td>
 #if $machine.nics
 #set $nic = $machine.nics[0]
@@ -107 +108 @@
         <td>Memory</td>
         <td>Owner</td>
+        <td>Administrator</td>
         <td>IP</td>
         <td>Uptime</td>

trunk/web/templates/validation.py

@@ -76 +76 @@
                                   'athena.mit.edu'): #XXX Cell?
         return True
-    if getafsgroups.checkLockerOwner(user, machine.owner):
+    if not getafsgroups.notLockerOwner(user, machine.owner):
         return True
     return owns(user, machine)
@@ -84 +84 @@
     if user == 'moo':
         return True
-    return getafsgroups.checkLockerOwner(user, machine.owner)
+    return not getafsgroups.notLockerOwner(user, machine.owner)
 
 def validMachineName(name):
@@ -169 +169 @@
     if owner is None:
         raise InvalidInput('owner', owner, "Owner must be specified")
-    value = getafsgroups.checkLockerOwner(user, owner, verbose=True)
+    value = getafsgroups.notLockerOwner(user, owner)
     if not value:
         return owner