Changeset 2981
- Timestamp:
- Feb 1, 2010, 3:47:14 PM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/packages/invirt-web/code/cache_acls.py
r2590 r2981 2 2 from invirt.database import * 3 3 from invirt.config import structs as config 4 import sys 5 import getafsgroups 6 import subprocess 7 8 def expandLocker(name): 9 try: 10 groups = getafsgroups.getLockerAcl(name) 11 except getafsgroups.AfsProcessError, e: 12 if e.message.startswith("fs: You don't have the required access rights on"): 13 return [] 14 elif e.message.endswith("doesn't exist\n"): 15 # presumably deactivated 16 return [] 17 else: 18 raise 19 cell = getafsgroups.getCell(name) 20 ans = set() 21 for group in groups: 22 if ':' in group: 23 ans.update(getafsgroups.getAfsGroupMembers(group, cell)) 24 else: 25 ans.add(group) 26 return ans 27 28 def isUser(name): 29 p = subprocess.Popen(['vos', 'examine', 'user.'+name], 30 stdout=subprocess.PIPE, stderr=subprocess.PIPE) 31 if p.wait(): 32 return False 33 return True 34 35 36 def expandName(name): 37 if ':' not in name: 38 if isUser(name): 39 return [name] 40 return [] 41 try: 42 return getafsgroups.getAfsGroupMembers(name, config.authz.afs.cells[0].cell) 43 except getafsgroups.AfsProcessError: 44 return [] 4 from invirt import authz 45 5 46 6 def accessList(m): 47 7 people = set() 48 people.update( expandLocker(m.owner))8 people.update(authz.expandOwner(m.owner)) 49 9 if m.administrator is not None: 50 people.update( expandName(m.administrator))10 people.update(authz.expandAdmin(m.administrator)) 51 11 return people 52 12 … … 61 21 m.acl.append(ma) 62 22 session.save_or_update(ma) 63 23 64 24 def refreshCache(): 65 25 session.begin() … … 70 30 refreshMachine(m) 71 31 session.flush() 72 32 73 33 # Update the admin ACL as well 74 admin_acl = set( expandName(config.adminacl))34 admin_acl = set(authz.expandAdmin(config.adminacl)) 75 35 old_admin_acl = set(a.user for a in Admin.query()) 76 36 for removed in old_admin_acl - admin_acl:
Note: See TracChangeset
for help on using the changeset viewer.