Close the changelog entry for invirt-web
[invirt/packages/invirt-web.git] / code / cache_acls.py
1 #!/usr/bin/python
2 from invirt.database import *
3 from invirt.config import structs as config
4 import sys
5 import getafsgroups
6 import subprocess
7
8 def expandLocker(name):
9     try:
10         groups = getafsgroups.getLockerAcl(name)
11     except getafsgroups.AfsProcessError, e:
12         if e.message.startswith("fs: You don't have the required access rights on"):
13             groups = []
14         raise
15     cell = getafsgroups.getCell(name)
16     ans = set()
17     for group in groups:
18         if ':' in group:
19             ans.update(getafsgroups.getAfsGroupMembers(group, cell))
20         else:
21             ans.add(group)
22     return ans
23
24 def isUser(name):
25     p = subprocess.Popen(['vos', 'examine', 'user.'+name],
26                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
27     if p.wait():
28         return False
29     return True
30     
31
32 def expandName(name):
33     if ':' not in name:
34         if isUser(name):
35             return [name]
36         return []
37     try:
38         return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell)
39     except getafsgroups.AfsProcessError:
40         return []
41
42 def accessList(m):
43     people = set()
44     people.update(expandLocker(m.owner))
45     if m.administrator is not None:
46         people.update(expandName(m.administrator))
47     return people
48
49 def refreshMachine(m):
50     people = accessList(m)
51     old_people = set(a.user for a in m.acl)
52     for removed in old_people - people:
53         ma = [x for x in m.acl if x.user == removed][0]
54         session.delete(ma)
55     for p in people - old_people:
56         ma = MachineAccess(user=p)
57         m.acl.append(ma)
58         session.save_or_update(ma)
59     
60 def refreshCache():
61     session.begin()
62
63     try:
64         machines = Machine.query().all()
65         for m in machines:
66             refreshMachine(m)
67         session.flush()
68             
69         # Atomically execute our changes
70         session.commit()
71     except:
72         # Failed! Rollback all the changes.
73         session.rollback()
74         raise
75
76 if __name__ == '__main__':
77     connect()
78     refreshCache()