#!/usr/bin/python
from invirt.database import *
from invirt.config import structs as config
-import sys
-import getafsgroups
-import subprocess
-
-def expandLocker(name):
- try:
- groups = getafsgroups.getLockerAcl(name)
- except getafsgroups.AfsProcessError, e:
- if e.message.startswith("fs: You don't have the required access rights on"):
- groups = []
- else:
- raise
- cell = getafsgroups.getCell(name)
- ans = set()
- for group in groups:
- if ':' in group:
- ans.update(getafsgroups.getAfsGroupMembers(group, cell))
- else:
- ans.add(group)
- return ans
-
-def isUser(name):
- p = subprocess.Popen(['vos', 'examine', 'user.'+name],
- stdout=subprocess.PIPE, stderr=subprocess.PIPE)
- if p.wait():
- return False
- return True
-
-
-def expandName(name):
- if ':' not in name:
- if isUser(name):
- return [name]
- return []
- try:
- return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell)
- except getafsgroups.AfsProcessError:
- return []
+from invirt import authz
def accessList(m):
people = set()
- people.update(expandLocker(m.owner))
+ people.update(authz.expandOwner(m.owner))
if m.administrator is not None:
- people.update(expandName(m.administrator))
+ people.update(authz.expandAdmin(m.administrator))
return people
def refreshMachine(m):
ma = MachineAccess(user=p)
m.acl.append(ma)
session.save_or_update(ma)
-
+
def refreshCache():
session.begin()
for m in machines:
refreshMachine(m)
session.flush()
-
+
+ # Update the admin ACL as well
+ admin_acl = set(authz.expandAdmin(config.adminacl))
+ old_admin_acl = set(a.user for a in Admin.query())
+ for removed in old_admin_acl - admin_acl:
+ old = Admin.query.filter_by(user=removed).first()
+ session.delete(old)
+ for added in admin_acl - old_admin_acl:
+ a = Admin(user=added)
+ session.save_or_update(a)
+ session.flush()
+
# Atomically execute our changes
session.commit()
except:
projects / invirt/packages/invirt-web.git / blobdiff