Changeset 234 for trunk


Ignore:
Timestamp:
Nov 12, 2007, 3:44:12 AM (17 years ago)
Author:
ecprice
Message:

Now ignore negative rights, rather than treat them as positive.

Also, rearrange and clean up code.

Location:
trunk/web/templates
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/web/templates/getafsgroups.py

    r209 r234  
    2525#     return False
    2626
     27class MyException(Exception):
     28    pass
     29
     30def getAfsGroupMembers(group, cell):
     31    p = subprocess.Popen(["pts", "membership", group, '-c', cell],
     32                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     33    if p.wait():
     34        return []
     35    return [line.strip() for line in p.stdout.readlines()[1:]]
     36
    2737def checkAfsGroup(user, group, cell):
    2838    """
    2939    checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
    3040    """
    31     p = subprocess.Popen(["pts", "membership", group, '-c', cell],
    32                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    33     if p.wait():
    34         return False
    35     for line in p.stdout.readlines()[1:]:
    36         if line.strip() == user:
    37             return True
    38     return False
     41    return user in getAfsGroupMembers(group, cell)
    3942
    40 def checkLockerOwner(user, locker, verbose=False):
    41     """
    42     checkLockerOwner(user, locker) returns True if and only if user administers locker.
    43 
    44     If verbose is true, instead return the reason for failure, or None
    45     if there is no failure.
    46     """
     43def getCell(locker):
    4744    p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker],
    4845                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    4946    if p.wait():
    50         if verbose:
    51             return p.stderr.read()
    52         return False
    53     cell = p.stdout.read().split()[-1][1:-1]
     47        raise MyException(p.stderr.read())
     48    return p.stdout.read().split()[-1][1:-1]
     49
     50def getLockerAcl(locker):
    5451    p = subprocess.Popen(["fs", "listacl", "/mit/" + locker],
    5552                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    5653    if p.wait():
    57         if verbose:
    58             return p.stderr.read()
    59         return False
    60     for line in p.stdout.readlines()[1:]:
    61         entry = line.split()
    62         if not entry or entry[0] == "Negative":
     54        raise MyException(p.stderr.read())
     55    lines = p.stdout.readlines()
     56    values = []
     57    for line in lines[1:]:
     58        fields = line.split()
     59        if fields[0] == 'Negative':
    6360            break
    64         if entry[1] == "rlidwka":
    65             if entry[0] == user or (entry[0][0:6] == "system" and
    66                                     checkAfsGroup(user, entry[0], cell)):
    67                 if verbose:
    68                     return None
    69                 return True
    70     if verbose:
    71         return "You don't have admin bits on /mit/" + locker
    72     return False
     61        if 'rlidwka' in fields[1]:
     62            values.append(fields[0])
     63    return values
     64
     65def notLockerOwner(user, locker):
     66    """
     67    notLockerOwner(user, locker) returns false if and only if user administers locker.
     68
     69    If the user does not own the locker, returns the string reason for
     70    the failure.
     71    """
     72    try:
     73        cell = getCell(locker)
     74        values = getLockerAcl(locker)
     75    except MyException, e:
     76        return str(e)
     77
     78    for entry in values:
     79        if entry[0] == user or (entry[0][0:6] == "system" and
     80                                checkAfsGroup(user, entry[0], cell)):
     81            return False
     82    return "You don't have admin bits on /mit/" + locker
    7383
    7484
     
    7989    print checkAfsGroup("tabbott", "system:debathena-root", 'athena.mit.edu')
    8090    print checkAfsGroup("tabbott", "system:hmmt-request", 'athena.mit.edu')
    81     print checkLockerOwner("tabbott", "tabbott")
    82     print checkLockerOwner("tabbott", "debathena")
    83     print checkLockerOwner("tabbott", "sipb")
    84     print checkLockerOwner("tabbott", "lsc")
    85     print checkLockerOwner("tabbott", "scripts")
    86     print checkLockerOwner("ecprice", "hmmt")
     91    print notLockerOwner("tabbott", "tabbott")
     92    print notLockerOwner("tabbott", "debathena")
     93    print notLockerOwner("tabbott", "sipb")
     94    print notLockerOwner("tabbott", "lsc")
     95    print notLockerOwner("tabbott", "scripts")
     96    print notLockerOwner("ecprice", "hmmt")
  • trunk/web/templates/list.tmpl

    r229 r234  
    6868        <td>${machine.memory}M</td>
    6969        <td>$machine.owner</td>
     70        <td>$machine.administrator</td>
    7071#if $machine.nics
    7172#set $nic = $machine.nics[0]
     
    107108        <td>Memory</td>
    108109        <td>Owner</td>
     110        <td>Administrator</td>
    109111        <td>IP</td>
    110112        <td>Uptime</td>
  • trunk/web/templates/validation.py

    r229 r234  
    7676                                  'athena.mit.edu'): #XXX Cell?
    7777        return True
    78     if getafsgroups.checkLockerOwner(user, machine.owner):
     78    if not getafsgroups.notLockerOwner(user, machine.owner):
    7979        return True
    8080    return owns(user, machine)
     
    8484    if user == 'moo':
    8585        return True
    86     return getafsgroups.checkLockerOwner(user, machine.owner)
     86    return not getafsgroups.notLockerOwner(user, machine.owner)
    8787
    8888def validMachineName(name):
     
    169169    if owner is None:
    170170        raise InvalidInput('owner', owner, "Owner must be specified")
    171     value = getafsgroups.checkLockerOwner(user, owner, verbose=True)
     171    value = getafsgroups.notLockerOwner(user, owner)
    172172    if not value:
    173173        return owner
Note: See TracChangeset for help on using the changeset viewer.