source: trunk/packages/sipb-xen-www/code/cache_acls.py @ 1314

Last change on this file since 1314 was 1155, checked in by broder, 16 years ago

Revert r1154 and instead apply the patch in cache_acls so that an error is
still thrown when the ACL is looked up as part of the website code
File size: 1.9 KB
Line 
1#!/usr/bin/python
2from invirt.database import *
3from invirt.config import structs as config
4import sys
5import getafsgroups
6import subprocess
7
8def expandLocker(name):
9    try:
10        groups = getafsgroups.getLockerAcl(name)
11    except getafsgroups.AfsProcessError, e:
12        if e.message.startswith("fs: You don't have the required access rights on"):
13            groups = []
14        raise
15    cell = getafsgroups.getCell(name)
16    ans = set()
17    for group in groups:
18        if ':' in group:
19            ans.update(getafsgroups.getAfsGroupMembers(group, cell))
20        else:
21            ans.add(group)
22    return ans
23
24def isUser(name):
25    p = subprocess.Popen(['vos', 'examine', 'user.'+name],
26                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
27    if p.wait():
28        return False
29    return True
30   
31
32def expandName(name):
33    if ':' not in name:
34        if isUser(name):
35            return [name]
36        return []
37    try:
38        return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell)
39    except getafsgroups.AfsProcessError:
40        return []
41
42def accessList(m):
43    people = set()
44    people.update(expandLocker(m.owner))
45    people.update(expandName(m.administrator))
46    return people
47
48def refreshMachine(m):
49    people = accessList(m)
50    old_people = set(a.user for a in m.acl)
51    for removed in old_people - people:
52        ma = [x for x in m.acl if x.user == removed][0]
53        session.delete(ma)
54    for p in people - old_people:
55        ma = MachineAccess(user=p)
56        m.acl.append(ma)
57        session.save_or_update(ma)
58   
59def refreshCache():
60    session.begin()
61
62    try:
63        machines = Machine.query().all()
64        for m in machines:
65            refreshMachine(m)
66        session.flush()
67           
68        # Atomically execute our changes
69        session.commit()
70    except:
71        # Failed! Rollback all the changes.
72        session.rollback()
73        raise
74
75if __name__ == '__main__':
76    connect()
77    refreshCache()
Note: See TracBrowser for help on using the repository browser.