Changeset 234 for trunk/web/templates/getafsgroups.py
- Timestamp:
- Nov 12, 2007, 3:44:12 AM (16 years ago)
- File:
-
- 1 edited
-
trunk/web/templates/getafsgroups.py (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/web/templates/getafsgroups.py
r209 r234 25 25 # return False 26 26 27 class MyException(Exception): 28 pass 29 30 def getAfsGroupMembers(group, cell): 31 p = subprocess.Popen(["pts", "membership", group, '-c', cell], 32 stdout=subprocess.PIPE, stderr=subprocess.PIPE) 33 if p.wait(): 34 return [] 35 return [line.strip() for line in p.stdout.readlines()[1:]] 36 27 37 def checkAfsGroup(user, group, cell): 28 38 """ 29 39 checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell 30 40 """ 31 p = subprocess.Popen(["pts", "membership", group, '-c', cell], 32 stdout=subprocess.PIPE, stderr=subprocess.PIPE) 33 if p.wait(): 34 return False 35 for line in p.stdout.readlines()[1:]: 36 if line.strip() == user: 37 return True 38 return False 41 return user in getAfsGroupMembers(group, cell) 39 42 40 def checkLockerOwner(user, locker, verbose=False): 41 """ 42 checkLockerOwner(user, locker) returns True if and only if user administers locker. 43 44 If verbose is true, instead return the reason for failure, or None 45 if there is no failure. 46 """ 43 def getCell(locker): 47 44 p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker], 48 45 stdout=subprocess.PIPE, stderr=subprocess.PIPE) 49 46 if p.wait(): 50 if verbose:51 return p.stderr.read()52 return False 53 cell = p.stdout.read().split()[-1][1:-1] 47 raise MyException(p.stderr.read()) 48 return p.stdout.read().split()[-1][1:-1] 49 50 def getLockerAcl(locker): 54 51 p = subprocess.Popen(["fs", "listacl", "/mit/" + locker], 55 52 stdout=subprocess.PIPE, stderr=subprocess.PIPE) 56 53 if p.wait(): 57 if verbose:58 return p.stderr.read()59 return False60 for line in p.stdout.readlines()[1:]:61 entry= line.split()62 if not entry or entry[0] == "Negative":54 raise MyException(p.stderr.read()) 55 lines = p.stdout.readlines() 56 values = [] 57 for line in lines[1:]: 58 fields = line.split() 59 if fields[0] == 'Negative': 63 60 break 64 if entry[1] == "rlidwka": 65 if entry[0] == user or (entry[0][0:6] == "system" and 66 checkAfsGroup(user, entry[0], cell)): 67 if verbose: 68 return None 69 return True 70 if verbose: 71 return "You don't have admin bits on /mit/" + locker 72 return False 61 if 'rlidwka' in fields[1]: 62 values.append(fields[0]) 63 return values 64 65 def notLockerOwner(user, locker): 66 """ 67 notLockerOwner(user, locker) returns false if and only if user administers locker. 68 69 If the user does not own the locker, returns the string reason for 70 the failure. 71 """ 72 try: 73 cell = getCell(locker) 74 values = getLockerAcl(locker) 75 except MyException, e: 76 return str(e) 77 78 for entry in values: 79 if entry[0] == user or (entry[0][0:6] == "system" and 80 checkAfsGroup(user, entry[0], cell)): 81 return False 82 return "You don't have admin bits on /mit/" + locker 73 83 74 84 … … 79 89 print checkAfsGroup("tabbott", "system:debathena-root", 'athena.mit.edu') 80 90 print checkAfsGroup("tabbott", "system:hmmt-request", 'athena.mit.edu') 81 print checkLockerOwner("tabbott", "tabbott")82 print checkLockerOwner("tabbott", "debathena")83 print checkLockerOwner("tabbott", "sipb")84 print checkLockerOwner("tabbott", "lsc")85 print checkLockerOwner("tabbott", "scripts")86 print checkLockerOwner("ecprice", "hmmt")91 print notLockerOwner("tabbott", "tabbott") 92 print notLockerOwner("tabbott", "debathena") 93 print notLockerOwner("tabbott", "sipb") 94 print notLockerOwner("tabbott", "lsc") 95 print notLockerOwner("tabbott", "scripts") 96 print notLockerOwner("ecprice", "hmmt")
Note: See TracChangeset
for help on using the changeset viewer.
