- Timestamp:
- Apr 14, 2008, 12:01:30 AM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/packages/sipb-xen-www/code/validation.py
r277 r411 1 1 #!/usr/bin/python 2 2 3 import cache_acls 3 4 import getafsgroups 4 5 import re … … 72 73 def haveAccess(user, machine): 73 74 """Return whether a user has administrative access to a machine""" 74 if user in (machine.administrator, machine.owner): 75 return True 76 if getafsgroups.checkAfsGroup(user, machine.administrator, 77 'athena.mit.edu'): #XXX Cell? 78 return True 79 if not getafsgroups.notLockerOwner(user, machine.owner): 80 return True 81 return owns(user, machine) 75 return user in cache_acls.accessList(machine) 82 76 83 77 def owns(user, machine): 84 78 """Return whether a user owns a machine""" 85 return not getafsgroups.notLockerOwner(user,machine.owner)79 return user in expandLocker(machine.owner) 86 80 87 81 def validMachineName(name): … … 152 146 153 147 def testAdmin(user, admin, machine): 148 """Determine whether a user can set the admin of a machine to this value. 149 150 Return the value to set the admin field to (possibly 'system:' + 151 admin). XXX is modifying this a good idea? 152 """ 154 153 if admin in (None, machine.administrator): 155 154 return None 156 155 if admin == user: 157 156 return admin 157 if ':' not in admin: 158 if cache_acls.isUser(admin): 159 return admin 160 admin = 'system:' + admin 158 161 if getafsgroups.checkAfsGroup(user, admin, 'athena.mit.edu'): 159 162 return admin 160 if getafsgroups.checkAfsGroup(user, 'system:'+admin, 161 'athena.mit.edu'): 162 return 'system:'+admin 163 #XXX Should we require that user is in cache_acls.expandName(admin)? 163 164 return admin 164 165 165 166 def testOwner(user, owner, machine=None): 167 """Determine whether a user can set the owner of a machine to this value. 168 169 If machine is None, this is the owner of a new machine. 170 """ 166 171 if owner == user or machine is not None and owner == machine.owner: 167 172 return owner 168 173 if owner is None: 169 174 raise InvalidInput('owner', owner, "Owner must be specified") 170 value = getafsgroups.notLockerOwner(user, owner) 171 if not value: 172 return owner 173 raise InvalidInput('owner', owner, value) 175 try: 176 if user not in cache_acls.expandLocker(owner): 177 raise InvalidInput('owner', owner, 'You do not have access to the ' 178 + owner + ' locker') 179 except getafsgroups.AfsProcessError, e: 180 raise InvalidInput('owner', owner, str(e)) 181 return owner 174 182 175 183 def testContact(user, contact, machine=None):
Note: See TracChangeset
for help on using the changeset viewer.