source: trunk/packages/invirt-web/code/cache_acls.py @ 3011

Last change on this file since 3011 was 2981, checked in by iannucci, 15 years ago

Made cache_acls use invirt.authz.

  • Property svn:executable set to *
File size: 1.5 KB
RevLine 
[249]1#!/usr/bin/python
[863]2from invirt.database import *
[879]3from invirt.config import structs as config
[2981]4from invirt import authz
[249]5
[410]6def accessList(m):
[263]7    people = set()
[2981]8    people.update(authz.expandOwner(m.owner))
[1709]9    if m.administrator is not None:
[2981]10        people.update(authz.expandAdmin(m.administrator))
[410]11    return people
12
13def refreshMachine(m):
14    people = accessList(m)
[263]15    old_people = set(a.user for a in m.acl)
16    for removed in old_people - people:
17        ma = [x for x in m.acl if x.user == removed][0]
[1013]18        session.delete(ma)
[263]19    for p in people - old_people:
[589]20        ma = MachineAccess(user=p)
21        m.acl.append(ma)
[1013]22        session.save_or_update(ma)
[2981]23
[262]24def refreshCache():
[1013]25    session.begin()
[257]26
27    try:
[1095]28        machines = Machine.query().all()
[257]29        for m in machines:
[263]30            refreshMachine(m)
[1013]31        session.flush()
[2981]32
[2223]33        # Update the admin ACL as well
[2981]34        admin_acl = set(authz.expandAdmin(config.adminacl))
[2223]35        old_admin_acl = set(a.user for a in Admin.query())
36        for removed in old_admin_acl - admin_acl:
[2226]37            old = Admin.query.filter_by(user=removed).first()
38            session.delete(old)
[2223]39        for added in admin_acl - old_admin_acl:
40            a = Admin(user=added)
41            session.save_or_update(a)
42        session.flush()
43   
[257]44        # Atomically execute our changes
[1013]45        session.commit()
[257]46    except:
47        # Failed! Rollback all the changes.
[1013]48        session.rollback()
[257]49        raise
[262]50
51if __name__ == '__main__':
[863]52    connect()
[262]53    refreshCache()
Note: See TracBrowser for help on using the repository browser.