projects / invirt/packages/invirt-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use daemon/sipb-xen.mit.edu and don't give user fake auth token in an HTML comment.
[invirt/packages/invirt-web.git] / templates / getafsgroups.py
diff --git a/templates/getafsgroups.py b/templates/getafsgroups.py
index 0567efe..2086ccb 100644 (file)
--- a/templates/getafsgroups.py
+++ b/templates/getafsgroups.py
@@ -28,35 +28,47 @@ def checkAfsGroup(user, group, cell):
     """
     checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
     """
-    print user, group
-    p = subprocess.Popen(["pts", "membership", group, '-c', cell], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-    p2 = subprocess.Popen(["grep", "-v", "^Members"], stdin=p.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-    if p2.wait():
+    p = subprocess.Popen(["pts", "membership", group, '-c', cell], 
+                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    if p.wait():
         return False
-    for member in p2.stdout.read().split():
-        if member == user:
+    for line in p.stdout.readlines()[1:]:
+        if line.strip() == user:
             return True
     return False
 
-def checkLockerOwner(user, locker):
+def checkLockerOwner(user, locker, verbose=False):
     """
-    checkLockerOwner(user, locker) returns True if and only if user administers locker
+    checkLockerOwner(user, locker) returns True if and only if user administers locker.
+
+    If verbose is true, instead return the reason for failure, or None
+    if there is no failure.
     """
-    p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-    if (p.wait()):
+    p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker], 
+                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    if p.wait():
+        if verbose:
+            return p.stderr.read()
         return False
     cell = p.stdout.read().split()[-1][1:-1]
-    p = subprocess.Popen(["fs", "listacl", "/mit/" + locker], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-    p2 = subprocess.Popen(["grep", "^  .* rlidwka$"], stdin=p.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-    if (p2.wait()):
+    p = subprocess.Popen(["fs", "listacl", "/mit/" + locker], 
+                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    if p.wait():
+        if verbose:
+            return p.stderr.read()
         return False
-    for line in p2.stdout.read().split('\n'):
+    for line in p.stdout.readlines()[1:]:
         entry = line.split()
-        if entry == [] or entry[0] == "Negative":
+        if not entry or entry[0] == "Negative":
             break
         if entry[1] == "rlidwka":
-            if entry[0] == user or (entry[0][0:6] == "system" and checkAfsGroup(user, entry[0], cell)):
+            if entry[0] == user or (entry[0][0:6] == "system" and 
+                                    checkAfsGroup(user, entry[0], cell)):
+                if verbose:
+                    return None
                 return True
+    if verbose:
+        return "You don't have admin bits on /mit/" + locker
     return False
 
 
Unnamed repository; edit this file 'description' to name the repository.