Changeset 234
- Timestamp:
- Nov 12, 2007, 3:44:12 AM (17 years ago)
- Location:
- trunk/web/templates
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/web/templates/getafsgroups.py
r209 r234 25 25 # return False 26 26 27 class MyException(Exception): 28 pass 29 30 def getAfsGroupMembers(group, cell): 31 p = subprocess.Popen(["pts", "membership", group, '-c', cell], 32 stdout=subprocess.PIPE, stderr=subprocess.PIPE) 33 if p.wait(): 34 return [] 35 return [line.strip() for line in p.stdout.readlines()[1:]] 36 27 37 def checkAfsGroup(user, group, cell): 28 38 """ 29 39 checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell 30 40 """ 31 p = subprocess.Popen(["pts", "membership", group, '-c', cell], 32 stdout=subprocess.PIPE, stderr=subprocess.PIPE) 33 if p.wait(): 34 return False 35 for line in p.stdout.readlines()[1:]: 36 if line.strip() == user: 37 return True 38 return False 41 return user in getAfsGroupMembers(group, cell) 39 42 40 def checkLockerOwner(user, locker, verbose=False): 41 """ 42 checkLockerOwner(user, locker) returns True if and only if user administers locker. 43 44 If verbose is true, instead return the reason for failure, or None 45 if there is no failure. 46 """ 43 def getCell(locker): 47 44 p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker], 48 45 stdout=subprocess.PIPE, stderr=subprocess.PIPE) 49 46 if p.wait(): 50 if verbose:51 return p.stderr.read()52 return False 53 cell = p.stdout.read().split()[-1][1:-1] 47 raise MyException(p.stderr.read()) 48 return p.stdout.read().split()[-1][1:-1] 49 50 def getLockerAcl(locker): 54 51 p = subprocess.Popen(["fs", "listacl", "/mit/" + locker], 55 52 stdout=subprocess.PIPE, stderr=subprocess.PIPE) 56 53 if p.wait(): 57 if verbose:58 return p.stderr.read()59 return False60 for line in p.stdout.readlines()[1:]:61 entry= line.split()62 if not entry or entry[0] == "Negative":54 raise MyException(p.stderr.read()) 55 lines = p.stdout.readlines() 56 values = [] 57 for line in lines[1:]: 58 fields = line.split() 59 if fields[0] == 'Negative': 63 60 break 64 if entry[1] == "rlidwka": 65 if entry[0] == user or (entry[0][0:6] == "system" and 66 checkAfsGroup(user, entry[0], cell)): 67 if verbose: 68 return None 69 return True 70 if verbose: 71 return "You don't have admin bits on /mit/" + locker 72 return False 61 if 'rlidwka' in fields[1]: 62 values.append(fields[0]) 63 return values 64 65 def notLockerOwner(user, locker): 66 """ 67 notLockerOwner(user, locker) returns false if and only if user administers locker. 68 69 If the user does not own the locker, returns the string reason for 70 the failure. 71 """ 72 try: 73 cell = getCell(locker) 74 values = getLockerAcl(locker) 75 except MyException, e: 76 return str(e) 77 78 for entry in values: 79 if entry[0] == user or (entry[0][0:6] == "system" and 80 checkAfsGroup(user, entry[0], cell)): 81 return False 82 return "You don't have admin bits on /mit/" + locker 73 83 74 84 … … 79 89 print checkAfsGroup("tabbott", "system:debathena-root", 'athena.mit.edu') 80 90 print checkAfsGroup("tabbott", "system:hmmt-request", 'athena.mit.edu') 81 print checkLockerOwner("tabbott", "tabbott")82 print checkLockerOwner("tabbott", "debathena")83 print checkLockerOwner("tabbott", "sipb")84 print checkLockerOwner("tabbott", "lsc")85 print checkLockerOwner("tabbott", "scripts")86 print checkLockerOwner("ecprice", "hmmt")91 print notLockerOwner("tabbott", "tabbott") 92 print notLockerOwner("tabbott", "debathena") 93 print notLockerOwner("tabbott", "sipb") 94 print notLockerOwner("tabbott", "lsc") 95 print notLockerOwner("tabbott", "scripts") 96 print notLockerOwner("ecprice", "hmmt") -
trunk/web/templates/list.tmpl
r229 r234 68 68 <td>${machine.memory}M</td> 69 69 <td>$machine.owner</td> 70 <td>$machine.administrator</td> 70 71 #if $machine.nics 71 72 #set $nic = $machine.nics[0] … … 107 108 <td>Memory</td> 108 109 <td>Owner</td> 110 <td>Administrator</td> 109 111 <td>IP</td> 110 112 <td>Uptime</td> -
trunk/web/templates/validation.py
r229 r234 76 76 'athena.mit.edu'): #XXX Cell? 77 77 return True 78 if getafsgroups.checkLockerOwner(user, machine.owner):78 if not getafsgroups.notLockerOwner(user, machine.owner): 79 79 return True 80 80 return owns(user, machine) … … 84 84 if user == 'moo': 85 85 return True 86 return getafsgroups.checkLockerOwner(user, machine.owner)86 return not getafsgroups.notLockerOwner(user, machine.owner) 87 87 88 88 def validMachineName(name): … … 169 169 if owner is None: 170 170 raise InvalidInput('owner', owner, "Owner must be specified") 171 value = getafsgroups. checkLockerOwner(user, owner, verbose=True)171 value = getafsgroups.notLockerOwner(user, owner) 172 172 if not value: 173 173 return owner
Note: See TracChangeset
for help on using the changeset viewer.