Use expandOwner/expandAdmin rather than removed expandLocker
[invirt/packages/invirt-web.git] / code / cache_acls.py
1 #!/usr/bin/python
2 from invirt.database import *
3 from invirt.config import structs as config
4 from invirt import authz
5
6 def accessList(m):
7     people = set()
8     people.update(authz.expandOwner(m.owner))
9     if m.administrator is not None:
10         people.update(authz.expandAdmin(m.administrator))
11     return people
12
13 def refreshMachine(m):
14     people = accessList(m)
15     old_people = set(a.user for a in m.acl)
16     for removed in old_people - people:
17         ma = [x for x in m.acl if x.user == removed][0]
18         session.delete(ma)
19     for p in people - old_people:
20         ma = MachineAccess(user=p)
21         m.acl.append(ma)
22         session.save_or_update(ma)
23
24 def refreshCache():
25     session.begin()
26
27     try:
28         machines = Machine.query().all()
29         for m in machines:
30             refreshMachine(m)
31         session.flush()
32
33         # Update the admin ACL as well
34         admin_acl = set(authz.expandAdmin(config.adminacl))
35         old_admin_acl = set(a.user for a in Admin.query())
36         for removed in old_admin_acl - admin_acl:
37             old = Admin.query.filter_by(user=removed).first()
38             session.delete(old)
39         for added in admin_acl - old_admin_acl:
40             a = Admin(user=added)
41             session.save_or_update(a)
42         session.flush()
43     
44         # Atomically execute our changes
45         session.commit()
46     except:
47         # Failed! Rollback all the changes.
48         session.rollback()
49         raise
50
51 if __name__ == '__main__':
52     connect()
53     refreshCache()