Modularize cache_acls.py more

[invirt/packages/invirt-web.git] / cache_acls.py

diff --git a/cache_acls.py b/cache_acls.py
index 3b68129..c7484d0 100644 (file)
--- a/cache_acls.py
+++ b/cache_acls.py
@@ -30,20 +30,32 @@ def expandName(name):
         name = 'system:'+name
     return getafsgroups.getAfsGroupMembers(name, 'athena.mit.edu')
 
+def refreshCache():
+    transaction = ctx.current.create_transaction()
+
+    try:
+        machines = Machine.select()
+        for m in machines:
+            people = set()
+            people.update(expandLocker(m.owner))
+            people.update(expandName(m.administrator))
+            print '%s: %s' % (m.name, ' '.join(people))
+            old_people = set(a.user for a in m.acl)
+            for removed in old_people - people:
+                ma = [x for x in m.acl if x.user == removed][0]
+                ctx.current.delete(ma)
+            for p in people - old_people:
+                ma = MachineAccess(machine_id=m.machine_id, user=p)
+                ctx.current.save(ma)
+            ctx.current.flush()
+            
+        # Atomically execute our changes
+        transaction.commit()
+    except:
+        # Failed! Rollback all the changes.
+        transaction.rollback()
+        raise
+
 if __name__ == '__main__':
     connect('postgres://sipb-xen@sipb-xen-dev/sipb_xen')
-    
-    machines = Machine.select()
-    for m in machines:
-        people = set()
-        people.update(expandLocker(m.owner))
-        people.update(expandName(m.administrator))
-        print '%s: %s' % (m.name, ' '.join(people))
-        transaction = ctx.current.create_transaction()
-        for u in m.users:
-            ctx.current.delete(u)
-        for p in people:
-            ma = MachineAccess(machine_id=m.machine_id, user=p)
-            ctx.current.save(ma)
-        ctx.current.flush()
-        transaction.commit()
+    refreshCache()