create disks as hda instead of xvda so as to avoid breaking qemu-dm
[invirt/packages/invirt-web.git] / code / cache_acls.py
index 75f4720..43af7dd 100755 (executable)
@@ -1,53 +1,13 @@
 #!/usr/bin/python
 from invirt.database import *
 from invirt.config import structs as config
 #!/usr/bin/python
 from invirt.database import *
 from invirt.config import structs as config
-import sys
-import getafsgroups
-import subprocess
-
-def expandLocker(name):
-    try:
-        groups = getafsgroups.getLockerAcl(name)
-    except getafsgroups.AfsProcessError, e:
-        if e.message.startswith("fs: You don't have the required access rights on"):
-            return []
-        elif e.message.endswith("doesn't exist\n"):
-            # presumably deactivated
-            return []
-        else:
-            raise
-    cell = getafsgroups.getCell(name)
-    ans = set()
-    for group in groups:
-        if ':' in group:
-            ans.update(getafsgroups.getAfsGroupMembers(group, cell))
-        else:
-            ans.add(group)
-    return ans
-
-def isUser(name):
-    p = subprocess.Popen(['vos', 'examine', 'user.'+name],
-                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-    if p.wait():
-        return False
-    return True
-    
-
-def expandName(name):
-    if ':' not in name:
-        if isUser(name):
-            return [name]
-        return []
-    try:
-        return getafsgroups.getAfsGroupMembers(name, config.authz.cells[0].cell)
-    except getafsgroups.AfsProcessError:
-        return []
+from invirt import authz
 
 def accessList(m):
     people = set()
 
 def accessList(m):
     people = set()
-    people.update(expandLocker(m.owner))
+    people.update(authz.expandOwner(m.owner))
     if m.administrator is not None:
     if m.administrator is not None:
-        people.update(expandName(m.administrator))
+        people.update(authz.expandAdmin(m.administrator))
     return people
 
 def refreshMachine(m):
     return people
 
 def refreshMachine(m):
@@ -59,26 +19,26 @@ def refreshMachine(m):
     for p in people - old_people:
         ma = MachineAccess(user=p)
         m.acl.append(ma)
     for p in people - old_people:
         ma = MachineAccess(user=p)
         m.acl.append(ma)
-        session.save_or_update(ma)
-    
+        session.add(ma)
+
 def refreshCache():
     session.begin()
 
     try:
 def refreshCache():
     session.begin()
 
     try:
-        machines = Machine.query().all()
+        machines = Machine.query.all()
         for m in machines:
             refreshMachine(m)
         session.flush()
         for m in machines:
             refreshMachine(m)
         session.flush()
-            
+
         # Update the admin ACL as well
         # Update the admin ACL as well
-        admin_acl = set(expandName(config.adminacl))
-        old_admin_acl = set(a.user for a in Admin.query())
+        admin_acl = set(authz.expandAdmin(config.adminacl))
+        old_admin_acl = set(a.user for a in Admin.query)
         for removed in old_admin_acl - admin_acl:
             old = Admin.query.filter_by(user=removed).first()
             session.delete(old)
         for added in admin_acl - old_admin_acl:
             a = Admin(user=added)
         for removed in old_admin_acl - admin_acl:
             old = Admin.query.filter_by(user=removed).first()
             session.delete(old)
         for added in admin_acl - old_admin_acl:
             a = Admin(user=added)
-            session.save_or_update(a)
+            session.add(a)
         session.flush()
     
         # Atomically execute our changes
         session.flush()
     
         # Atomically execute our changes