source: trunk/packages/sipb-xen-www/code/cache_acls.py @ 1301

Last change on this file since 1301 was 1155, checked in by broder, 16 years ago

Revert r1154 and instead apply the patch in cache_acls so that an error is
still thrown when the ACL is looked up as part of the website code

File size: 1.9 KB
RevLine 
[249]1#!/usr/bin/python
[863]2from invirt.database import *
[879]3from invirt.config import structs as config
[249]4import sys
5import getafsgroups
6import subprocess
7
8def expandLocker(name):
[1155]9    try:
10        groups = getafsgroups.getLockerAcl(name)
11    except getafsgroups.AfsProcessError, e:
12        if e.message.startswith("fs: You don't have the required access rights on"):
13            groups = []
14        raise
[249]15    cell = getafsgroups.getCell(name)
16    ans = set()
17    for group in groups:
18        if ':' in group:
19            ans.update(getafsgroups.getAfsGroupMembers(group, cell))
20        else:
21            ans.add(group)
22    return ans
23
24def isUser(name):
25    p = subprocess.Popen(['vos', 'examine', 'user.'+name],
26                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
27    if p.wait():
28        return False
29    return True
30   
31
32def expandName(name):
33    if ':' not in name:
34        if isUser(name):
35            return [name]
[434]36        return []
[413]37    try:
[879]38        return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell)
[413]39    except getafsgroups.AfsProcessError:
40        return []
[249]41
[410]42def accessList(m):
[263]43    people = set()
44    people.update(expandLocker(m.owner))
45    people.update(expandName(m.administrator))
[410]46    return people
47
48def refreshMachine(m):
49    people = accessList(m)
[263]50    old_people = set(a.user for a in m.acl)
51    for removed in old_people - people:
52        ma = [x for x in m.acl if x.user == removed][0]
[1013]53        session.delete(ma)
[263]54    for p in people - old_people:
[589]55        ma = MachineAccess(user=p)
56        m.acl.append(ma)
[1013]57        session.save_or_update(ma)
[263]58   
[262]59def refreshCache():
[1013]60    session.begin()
[257]61
62    try:
[1095]63        machines = Machine.query().all()
[257]64        for m in machines:
[263]65            refreshMachine(m)
[1013]66        session.flush()
[257]67           
68        # Atomically execute our changes
[1013]69        session.commit()
[257]70    except:
71        # Failed! Rollback all the changes.
[1013]72        session.rollback()
[257]73        raise
[262]74
75if __name__ == '__main__':
[863]76    connect()
[262]77    refreshCache()
Note: See TracBrowser for help on using the repository browser.