Last change
on this file since 1115 was
1095,
checked in by broder, 16 years ago
|
Fix a SQLAlchemy bug in the web ACL caching code
|
File size:
1.8 KB
|
Rev | Line | |
---|
[249] | 1 | #!/usr/bin/python |
---|
[863] | 2 | from invirt.database import * |
---|
[879] | 3 | from invirt.config import structs as config |
---|
[249] | 4 | import sys |
---|
| 5 | import getafsgroups |
---|
| 6 | import subprocess |
---|
| 7 | |
---|
| 8 | def expandLocker(name): |
---|
| 9 | groups = getafsgroups.getLockerAcl(name) |
---|
| 10 | cell = getafsgroups.getCell(name) |
---|
| 11 | ans = set() |
---|
| 12 | for group in groups: |
---|
| 13 | if ':' in group: |
---|
| 14 | ans.update(getafsgroups.getAfsGroupMembers(group, cell)) |
---|
| 15 | else: |
---|
| 16 | ans.add(group) |
---|
| 17 | return ans |
---|
| 18 | |
---|
| 19 | def isUser(name): |
---|
| 20 | p = subprocess.Popen(['vos', 'examine', 'user.'+name], |
---|
| 21 | stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
---|
| 22 | if p.wait(): |
---|
| 23 | return False |
---|
| 24 | return True |
---|
| 25 | |
---|
| 26 | |
---|
| 27 | def expandName(name): |
---|
| 28 | if ':' not in name: |
---|
| 29 | if isUser(name): |
---|
| 30 | return [name] |
---|
[434] | 31 | return [] |
---|
[413] | 32 | try: |
---|
[879] | 33 | return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell) |
---|
[413] | 34 | except getafsgroups.AfsProcessError: |
---|
| 35 | return [] |
---|
[249] | 36 | |
---|
[410] | 37 | def accessList(m): |
---|
[263] | 38 | people = set() |
---|
| 39 | people.update(expandLocker(m.owner)) |
---|
| 40 | people.update(expandName(m.administrator)) |
---|
[410] | 41 | return people |
---|
| 42 | |
---|
| 43 | def refreshMachine(m): |
---|
| 44 | people = accessList(m) |
---|
[263] | 45 | old_people = set(a.user for a in m.acl) |
---|
| 46 | for removed in old_people - people: |
---|
| 47 | ma = [x for x in m.acl if x.user == removed][0] |
---|
[1013] | 48 | session.delete(ma) |
---|
[263] | 49 | for p in people - old_people: |
---|
[589] | 50 | ma = MachineAccess(user=p) |
---|
| 51 | m.acl.append(ma) |
---|
[1013] | 52 | session.save_or_update(ma) |
---|
[263] | 53 | |
---|
[262] | 54 | def refreshCache(): |
---|
[1013] | 55 | session.begin() |
---|
[257] | 56 | |
---|
| 57 | try: |
---|
[1095] | 58 | machines = Machine.query().all() |
---|
[257] | 59 | for m in machines: |
---|
[263] | 60 | refreshMachine(m) |
---|
[1013] | 61 | session.flush() |
---|
[257] | 62 | |
---|
| 63 | # Atomically execute our changes |
---|
[1013] | 64 | session.commit() |
---|
[257] | 65 | except: |
---|
| 66 | # Failed! Rollback all the changes. |
---|
[1013] | 67 | session.rollback() |
---|
[257] | 68 | raise |
---|
[262] | 69 | |
---|
| 70 | if __name__ == '__main__': |
---|
[863] | 71 | connect() |
---|
[262] | 72 | refreshCache() |
---|
Note: See
TracBrowser
for help on using the repository browser.