2 from invirt.database import *
3 from invirt.config import structs as config
8 def expandLocker(name):
10 groups = getafsgroups.getLockerAcl(name)
11 except getafsgroups.AfsProcessError, e:
12 if e.message.startswith("fs: You don't have the required access rights on"):
14 elif e.message.endswith("doesn't exist\n"):
15 # presumably deactivated
19 cell = getafsgroups.getCell(name)
23 ans.update(getafsgroups.getAfsGroupMembers(group, cell))
29 p = subprocess.Popen(['vos', 'examine', 'user.'+name],
30 stdout=subprocess.PIPE, stderr=subprocess.PIPE)
42 return getafsgroups.getAfsGroupMembers(name, config.authz.afs.cells[0].cell)
43 except getafsgroups.AfsProcessError:
48 people.update(expandLocker(m.owner))
49 if m.administrator is not None:
50 people.update(expandName(m.administrator))
53 def refreshMachine(m):
54 people = accessList(m)
55 old_people = set(a.user for a in m.acl)
56 for removed in old_people - people:
57 ma = [x for x in m.acl if x.user == removed][0]
59 for p in people - old_people:
60 ma = MachineAccess(user=p)
62 session.save_or_update(ma)
68 machines = Machine.query().all()
73 # Update the admin ACL as well
74 admin_acl = set(expandName(config.adminacl))
75 old_admin_acl = set(a.user for a in Admin.query())
76 for removed in old_admin_acl - admin_acl:
77 old = Admin.query.filter_by(user=removed).first()
79 for added in admin_acl - old_admin_acl:
81 session.save_or_update(a)
84 # Atomically execute our changes
87 # Failed! Rollback all the changes.
91 if __name__ == '__main__':