|
Last change
on this file since 712 was
589,
checked in by ecprice, 17 years ago
|
|
Set machine_access to be a private attribute of machine, so the acl is
deleted automatically when the machine is destroyed.
|
|
File size:
1.8 KB
|
| Line | |
|---|
| 1 | #!/usr/bin/python |
|---|
| 2 | from sipb_xen_database import * |
|---|
| 3 | import sys |
|---|
| 4 | import getafsgroups |
|---|
| 5 | import subprocess |
|---|
| 6 | |
|---|
| 7 | def expandLocker(name): |
|---|
| 8 | groups = getafsgroups.getLockerAcl(name) |
|---|
| 9 | cell = getafsgroups.getCell(name) |
|---|
| 10 | ans = set() |
|---|
| 11 | for group in groups: |
|---|
| 12 | if ':' in group: |
|---|
| 13 | ans.update(getafsgroups.getAfsGroupMembers(group, cell)) |
|---|
| 14 | else: |
|---|
| 15 | ans.add(group) |
|---|
| 16 | return ans |
|---|
| 17 | |
|---|
| 18 | def isUser(name): |
|---|
| 19 | p = subprocess.Popen(['vos', 'examine', 'user.'+name], |
|---|
| 20 | stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
|---|
| 21 | if p.wait(): |
|---|
| 22 | return False |
|---|
| 23 | return True |
|---|
| 24 | |
|---|
| 25 | |
|---|
| 26 | def expandName(name): |
|---|
| 27 | if ':' not in name: |
|---|
| 28 | if isUser(name): |
|---|
| 29 | return [name] |
|---|
| 30 | return [] |
|---|
| 31 | try: |
|---|
| 32 | return getafsgroups.getAfsGroupMembers(name, 'athena.mit.edu') |
|---|
| 33 | except getafsgroups.AfsProcessError: |
|---|
| 34 | return [] |
|---|
| 35 | |
|---|
| 36 | def accessList(m): |
|---|
| 37 | people = set() |
|---|
| 38 | people.update(expandLocker(m.owner)) |
|---|
| 39 | people.update(expandName(m.administrator)) |
|---|
| 40 | return people |
|---|
| 41 | |
|---|
| 42 | def refreshMachine(m): |
|---|
| 43 | people = accessList(m) |
|---|
| 44 | old_people = set(a.user for a in m.acl) |
|---|
| 45 | for removed in old_people - people: |
|---|
| 46 | ma = [x for x in m.acl if x.user == removed][0] |
|---|
| 47 | ctx.current.delete(ma) |
|---|
| 48 | for p in people - old_people: |
|---|
| 49 | ma = MachineAccess(user=p) |
|---|
| 50 | m.acl.append(ma) |
|---|
| 51 | ctx.current.save(ma) |
|---|
| 52 | |
|---|
| 53 | def refreshCache(): |
|---|
| 54 | transaction = ctx.current.create_transaction() |
|---|
| 55 | |
|---|
| 56 | try: |
|---|
| 57 | machines = Machine.select() |
|---|
| 58 | for m in machines: |
|---|
| 59 | refreshMachine(m) |
|---|
| 60 | ctx.current.flush() |
|---|
| 61 | |
|---|
| 62 | # Atomically execute our changes |
|---|
| 63 | transaction.commit() |
|---|
| 64 | except: |
|---|
| 65 | # Failed! Rollback all the changes. |
|---|
| 66 | transaction.rollback() |
|---|
| 67 | raise |
|---|
| 68 | |
|---|
| 69 | if __name__ == '__main__': |
|---|
| 70 | connect('postgres://sipb-xen@sipb-xen-dev/sipb_xen') |
|---|
| 71 | refreshCache() |
|---|
Note: See
TracBrowser
for help on using the repository browser.
