source: trunk/packages/invirt-web/code/cache_acls.py @ 1971

Last change on this file since 1971 was 1958, checked in by broder, 16 years ago

Correct the incomplete fix from r1155

File size: 2.0 KB
RevLine 
[249]1#!/usr/bin/python
[863]2from invirt.database import *
[879]3from invirt.config import structs as config
[249]4import sys
5import getafsgroups
6import subprocess
7
8def expandLocker(name):
[1155]9    try:
10        groups = getafsgroups.getLockerAcl(name)
11    except getafsgroups.AfsProcessError, e:
12        if e.message.startswith("fs: You don't have the required access rights on"):
13            groups = []
[1958]14        else:
15            raise
[249]16    cell = getafsgroups.getCell(name)
17    ans = set()
18    for group in groups:
19        if ':' in group:
20            ans.update(getafsgroups.getAfsGroupMembers(group, cell))
21        else:
22            ans.add(group)
23    return ans
24
25def isUser(name):
26    p = subprocess.Popen(['vos', 'examine', 'user.'+name],
27                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
28    if p.wait():
29        return False
30    return True
31   
32
33def expandName(name):
34    if ':' not in name:
35        if isUser(name):
36            return [name]
[434]37        return []
[413]38    try:
[879]39        return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell)
[413]40    except getafsgroups.AfsProcessError:
41        return []
[249]42
[410]43def accessList(m):
[263]44    people = set()
45    people.update(expandLocker(m.owner))
[1709]46    if m.administrator is not None:
47        people.update(expandName(m.administrator))
[410]48    return people
49
50def refreshMachine(m):
51    people = accessList(m)
[263]52    old_people = set(a.user for a in m.acl)
53    for removed in old_people - people:
54        ma = [x for x in m.acl if x.user == removed][0]
[1013]55        session.delete(ma)
[263]56    for p in people - old_people:
[589]57        ma = MachineAccess(user=p)
58        m.acl.append(ma)
[1013]59        session.save_or_update(ma)
[263]60   
[262]61def refreshCache():
[1013]62    session.begin()
[257]63
64    try:
[1095]65        machines = Machine.query().all()
[257]66        for m in machines:
[263]67            refreshMachine(m)
[1013]68        session.flush()
[257]69           
70        # Atomically execute our changes
[1013]71        session.commit()
[257]72    except:
73        # Failed! Rollback all the changes.
[1013]74        session.rollback()
[257]75        raise
[262]76
77if __name__ == '__main__':
[863]78    connect()
[262]79    refreshCache()
Note: See TracBrowser for help on using the repository browser.