Changeset 413
- Timestamp:
- Apr 14, 2008, 12:44:00 AM (16 years ago)
- Location:
- trunk/packages/sipb-xen-www/code
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/packages/sipb-xen-www/code/cache_acls.py
r410 r413 29 29 return [name] 30 30 name = 'system:'+name 31 return getafsgroups.getAfsGroupMembers(name, 'athena.mit.edu') 31 try: 32 return getafsgroups.getAfsGroupMembers(name, 'athena.mit.edu') 33 except getafsgroups.AfsProcessError: 34 return [] 32 35 33 36 def accessList(m): -
trunk/packages/sipb-xen-www/code/getafsgroups.py
r412 r413 29 29 30 30 def getAfsGroupMembers(group, cell): 31 p = subprocess.Popen(["pts", "membership", group, '-c', cell],31 p = subprocess.Popen(["pts", "membership", "-noauth", group, '-c', cell], 32 32 stdout=subprocess.PIPE, stderr=subprocess.PIPE) 33 if p.wait(): 34 return [] 33 err = p.stderr.read() 34 if err: #Error code doesn't reveal missing groups, but stderr does 35 raise AfsProcessError(err) 35 36 return [line.strip() for line in p.stdout.readlines()[1:]] 36 37 … … 39 40 raise AfsProcessError("Locker '%s' is invalid." % locker) 40 41 return '/mit/' + locker 41 42 def checkAfsGroup(user, group, cell):43 """44 checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell45 """46 return user in getAfsGroupMembers(group, cell)47 42 48 43 def getCell(locker): … … 82 77 83 78 for entry in values: 84 if entry == user or (entry[0:6] == "system" and 85 checkAfsGroup(user,entry, cell)):79 if entry == user or (entry[0:6] == "system" and 80 user in getAfsGroupMembers(entry, cell)): 86 81 return False 87 82 return "You don't have admin bits on " + getLockerPath(locker) … … 90 85 if __name__ == "__main__": 91 86 # print list(getldapgroups("tabbott")) 92 print checkAfsGroup("tabbott","system:debathena", 'athena.mit.edu')93 print checkAfsGroup("tabbott","system:debathena", 'sipb.mit.edu')94 print checkAfsGroup("tabbott","system:debathena-root", 'athena.mit.edu')95 print checkAfsGroup("tabbott","system:hmmt-request", 'athena.mit.edu')87 print "tabbott" in getAfsGroupMembers("system:debathena", 'athena.mit.edu') 88 print "tabbott" in getAfsGroupMembers("system:debathena", 'sipb.mit.edu') 89 print "tabbott" in getAfsGroupMembers("system:debathena-root", 'athena.mit.edu') 90 print "tabbott" in getAfsGroupMembers("system:hmmt-request", 'athena.mit.edu') 96 91 print notLockerOwner("tabbott", "tabbott") 97 92 print notLockerOwner("tabbott", "debathena") -
trunk/packages/sipb-xen-www/code/validation.py
r411 r413 159 159 return admin 160 160 admin = 'system:' + admin 161 if getafsgroups.checkAfsGroup(user, admin, 'athena.mit.edu'): 162 return admin 163 #XXX Should we require that user is in cache_acls.expandName(admin)? 161 try: 162 if user in getafsgroups.getAfsGroupMembers(admin, 'athena.mit.edu'): 163 return admin 164 except getafsgroups.AfsProcessError, e: 165 raise InvalidInput('administrator', admin, str(e)) 166 #XXX Should we require that user is in the admin group? 164 167 return admin 165 168
Note: See TracChangeset
for help on using the changeset viewer.