Default to a NULL administrator, instead of the same as the owner

[invirt/packages/invirt-web.git] / code / cache_acls.py

diff --git a/code/cache_acls.py b/code/cache_acls.py
index 2b3fd6c..7634b7e 100644 (file)
--- a/code/cache_acls.py
+++ b/code/cache_acls.py
@@ -6,7 +6,12 @@ import getafsgroups
 import subprocess
 
 def expandLocker(name):
-    groups = getafsgroups.getLockerAcl(name)
+    try:
+        groups = getafsgroups.getLockerAcl(name)
+    except getafsgroups.AfsProcessError, e:
+        if e.message.startswith("fs: You don't have the required access rights on"):
+            groups = []
+        raise
     cell = getafsgroups.getCell(name)
     ans = set()
     for group in groups:
@@ -37,7 +42,8 @@ def expandName(name):
 def accessList(m):
     people = set()
     people.update(expandLocker(m.owner))
-    people.update(expandName(m.administrator))
+    if m.administrator is not None:
+        people.update(expandName(m.administrator))
     return people
 
 def refreshMachine(m):
@@ -45,26 +51,26 @@ def refreshMachine(m):
     old_people = set(a.user for a in m.acl)
     for removed in old_people - people:
         ma = [x for x in m.acl if x.user == removed][0]
-        ctx.current.delete(ma)
+        session.delete(ma)
     for p in people - old_people:
         ma = MachineAccess(user=p)
         m.acl.append(ma)
-        ctx.current.save(ma)
+        session.save_or_update(ma)
     
 def refreshCache():
-    transaction = ctx.current.create_transaction()
+    session.begin()
 
     try:
-        machines = Machine.select()
+        machines = Machine.query().all()
         for m in machines:
             refreshMachine(m)
-        ctx.current.flush()
+        session.flush()
             
         # Atomically execute our changes
-        transaction.commit()
+        session.commit()
     except:
         # Failed! Rollback all the changes.
-        transaction.rollback()
+        session.rollback()
         raise
 
 if __name__ == '__main__':