projects / invirt/packages/invirt-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Re-arrange the authz configuration.
[invirt/packages/invirt-web.git] / code / cache_acls.py
diff --git a/code/cache_acls.py b/code/cache_acls.py
old mode 100644 (file)
new mode 100755 (executable)
index 7634b7e..75f4720
--- a/code/cache_acls.py
+++ b/code/cache_acls.py
@@ -10,8 +10,12 @@ def expandLocker(name):
         groups = getafsgroups.getLockerAcl(name)
     except getafsgroups.AfsProcessError, e:
         if e.message.startswith("fs: You don't have the required access rights on"):
         groups = getafsgroups.getLockerAcl(name)
     except getafsgroups.AfsProcessError, e:
         if e.message.startswith("fs: You don't have the required access rights on"):
-            groups = []
-        raise
+            return []
+        elif e.message.endswith("doesn't exist\n"):
+            # presumably deactivated
+            return []
+        else:
+            raise
     cell = getafsgroups.getCell(name)
     ans = set()
     for group in groups:
     cell = getafsgroups.getCell(name)
     ans = set()
     for group in groups:
@@ -35,7 +39,7 @@ def expandName(name):
             return [name]
         return []
     try:
             return [name]
         return []
     try:
-        return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell)
+        return getafsgroups.getAfsGroupMembers(name, config.authz.cells[0].cell)
     except getafsgroups.AfsProcessError:
         return []
 
     except getafsgroups.AfsProcessError:
         return []
 
@@ -66,6 +70,17 @@ def refreshCache():
             refreshMachine(m)
         session.flush()
             
             refreshMachine(m)
         session.flush()
             
+        # Update the admin ACL as well
+        admin_acl = set(expandName(config.adminacl))
+        old_admin_acl = set(a.user for a in Admin.query())
+        for removed in old_admin_acl - admin_acl:
+            old = Admin.query.filter_by(user=removed).first()
+            session.delete(old)
+        for added in admin_acl - old_admin_acl:
+            a = Admin(user=added)
+            session.save_or_update(a)
+        session.flush()
+    
         # Atomically execute our changes
         session.commit()
     except:
         # Atomically execute our changes
         session.commit()
     except:
Unnamed repository; edit this file 'description' to name the repository.