source: trunk/packages/sipb-xen-www/code/cache_acls.py @ 990

Last change on this file since 990 was 879, checked in by y_z, 16 years ago
  • further integration of invirt.config
File size: 1.8 KB
RevLine 
[249]1#!/usr/bin/python
[863]2from invirt.database import *
[879]3from invirt.config import structs as config
[249]4import sys
5import getafsgroups
6import subprocess
7
8def expandLocker(name):
9    groups = getafsgroups.getLockerAcl(name)
10    cell = getafsgroups.getCell(name)
11    ans = set()
12    for group in groups:
13        if ':' in group:
14            ans.update(getafsgroups.getAfsGroupMembers(group, cell))
15        else:
16            ans.add(group)
17    return ans
18
19def isUser(name):
20    p = subprocess.Popen(['vos', 'examine', 'user.'+name],
21                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
22    if p.wait():
23        return False
24    return True
25   
26
27def expandName(name):
28    if ':' not in name:
29        if isUser(name):
30            return [name]
[434]31        return []
[413]32    try:
[879]33        return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell)
[413]34    except getafsgroups.AfsProcessError:
35        return []
[249]36
[410]37def accessList(m):
[263]38    people = set()
39    people.update(expandLocker(m.owner))
40    people.update(expandName(m.administrator))
[410]41    return people
42
43def refreshMachine(m):
44    people = accessList(m)
[263]45    old_people = set(a.user for a in m.acl)
46    for removed in old_people - people:
47        ma = [x for x in m.acl if x.user == removed][0]
48        ctx.current.delete(ma)
49    for p in people - old_people:
[589]50        ma = MachineAccess(user=p)
51        m.acl.append(ma)
[263]52        ctx.current.save(ma)
53   
[262]54def refreshCache():
[257]55    transaction = ctx.current.create_transaction()
56
57    try:
58        machines = Machine.select()
59        for m in machines:
[263]60            refreshMachine(m)
61        ctx.current.flush()
[257]62           
63        # Atomically execute our changes
[249]64        transaction.commit()
[257]65    except:
66        # Failed! Rollback all the changes.
67        transaction.rollback()
68        raise
[262]69
70if __name__ == '__main__':
[863]71    connect()
[262]72    refreshCache()
Note: See TracBrowser for help on using the repository browser.