source: trunk/packages/invirt-web/code/cache_acls.py @ 2482

Last change on this file since 2482 was 2226, checked in by price, 15 years ago

Don't use a SA 0.5ism

  • Property svn:executable set to *
File size: 2.5 KB
RevLine 
[249]1#!/usr/bin/python
[863]2from invirt.database import *
[879]3from invirt.config import structs as config
[249]4import sys
5import getafsgroups
6import subprocess
7
8def expandLocker(name):
[1155]9    try:
10        groups = getafsgroups.getLockerAcl(name)
11    except getafsgroups.AfsProcessError, e:
12        if e.message.startswith("fs: You don't have the required access rights on"):
[1986]13            return []
14        elif e.message.endswith("doesn't exist\n"):
15            # presumably deactivated
16            return []
[1958]17        else:
18            raise
[249]19    cell = getafsgroups.getCell(name)
20    ans = set()
21    for group in groups:
22        if ':' in group:
23            ans.update(getafsgroups.getAfsGroupMembers(group, cell))
24        else:
25            ans.add(group)
26    return ans
27
28def isUser(name):
29    p = subprocess.Popen(['vos', 'examine', 'user.'+name],
30                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
31    if p.wait():
32        return False
33    return True
34   
35
36def expandName(name):
37    if ':' not in name:
38        if isUser(name):
39            return [name]
[434]40        return []
[413]41    try:
[879]42        return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell)
[413]43    except getafsgroups.AfsProcessError:
44        return []
[249]45
[410]46def accessList(m):
[263]47    people = set()
48    people.update(expandLocker(m.owner))
[1709]49    if m.administrator is not None:
50        people.update(expandName(m.administrator))
[410]51    return people
52
53def refreshMachine(m):
54    people = accessList(m)
[263]55    old_people = set(a.user for a in m.acl)
56    for removed in old_people - people:
57        ma = [x for x in m.acl if x.user == removed][0]
[1013]58        session.delete(ma)
[263]59    for p in people - old_people:
[589]60        ma = MachineAccess(user=p)
61        m.acl.append(ma)
[1013]62        session.save_or_update(ma)
[263]63   
[262]64def refreshCache():
[1013]65    session.begin()
[257]66
67    try:
[1095]68        machines = Machine.query().all()
[257]69        for m in machines:
[263]70            refreshMachine(m)
[1013]71        session.flush()
[257]72           
[2223]73        # Update the admin ACL as well
74        admin_acl = set(expandName(config.adminacl))
75        old_admin_acl = set(a.user for a in Admin.query())
76        for removed in old_admin_acl - admin_acl:
[2226]77            old = Admin.query.filter_by(user=removed).first()
78            session.delete(old)
[2223]79        for added in admin_acl - old_admin_acl:
80            a = Admin(user=added)
81            session.save_or_update(a)
82        session.flush()
83   
[257]84        # Atomically execute our changes
[1013]85        session.commit()
[257]86    except:
87        # Failed! Rollback all the changes.
[1013]88        session.rollback()
[257]89        raise
[262]90
91if __name__ == '__main__':
[863]92    connect()
[262]93    refreshCache()
Note: See TracBrowser for help on using the repository browser.