Changeset 2981


Ignore:
Timestamp:
Feb 1, 2010, 3:47:14 PM (15 years ago)
Author:
iannucci
Message:

Made cache_acls use invirt.authz.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/packages/invirt-web/code/cache_acls.py

    r2590 r2981  
    22from invirt.database import *
    33from invirt.config import structs as config
    4 import sys
    5 import getafsgroups
    6 import subprocess
    7 
    8 def expandLocker(name):
    9     try:
    10         groups = getafsgroups.getLockerAcl(name)
    11     except getafsgroups.AfsProcessError, e:
    12         if e.message.startswith("fs: You don't have the required access rights on"):
    13             return []
    14         elif e.message.endswith("doesn't exist\n"):
    15             # presumably deactivated
    16             return []
    17         else:
    18             raise
    19     cell = getafsgroups.getCell(name)
    20     ans = set()
    21     for group in groups:
    22         if ':' in group:
    23             ans.update(getafsgroups.getAfsGroupMembers(group, cell))
    24         else:
    25             ans.add(group)
    26     return ans
    27 
    28 def isUser(name):
    29     p = subprocess.Popen(['vos', 'examine', 'user.'+name],
    30                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    31     if p.wait():
    32         return False
    33     return True
    34    
    35 
    36 def expandName(name):
    37     if ':' not in name:
    38         if isUser(name):
    39             return [name]
    40         return []
    41     try:
    42         return getafsgroups.getAfsGroupMembers(name, config.authz.afs.cells[0].cell)
    43     except getafsgroups.AfsProcessError:
    44         return []
     4from invirt import authz
    455
    466def accessList(m):
    477    people = set()
    48     people.update(expandLocker(m.owner))
     8    people.update(authz.expandOwner(m.owner))
    499    if m.administrator is not None:
    50         people.update(expandName(m.administrator))
     10        people.update(authz.expandAdmin(m.administrator))
    5111    return people
    5212
     
    6121        m.acl.append(ma)
    6222        session.save_or_update(ma)
    63    
     23
    6424def refreshCache():
    6525    session.begin()
     
    7030            refreshMachine(m)
    7131        session.flush()
    72            
     32
    7333        # Update the admin ACL as well
    74         admin_acl = set(expandName(config.adminacl))
     34        admin_acl = set(authz.expandAdmin(config.adminacl))
    7535        old_admin_acl = set(a.user for a in Admin.query())
    7636        for removed in old_admin_acl - admin_acl:
Note: See TracChangeset for help on using the changeset viewer.