Ignore errors from an AFS group not being listable.

[invirt/packages/invirt-web.git] / code / getafsgroups.py

diff --git a/code/getafsgroups.py b/code/getafsgroups.py
index e71ede4..4e4b383 100644 (file)
--- a/code/getafsgroups.py
+++ b/code/getafsgroups.py
@@ -1,7 +1,6 @@
 #!/usr/bin/python
 import pprint
 import subprocess
 #!/usr/bin/python
 import pprint
 import subprocess

-from webcommon import InvalidInput

 
 # import ldap
 # l = ldap.open("W92-130-LDAP-2.mit.edu")
 
 # import ldap
 # l = ldap.open("W92-130-LDAP-2.mit.edu")

@@ -29,23 +28,20 @@ class AfsProcessError(Exception):
     pass
 
 def getAfsGroupMembers(group, cell):
     pass
 
 def getAfsGroupMembers(group, cell):

-    p = subprocess.Popen(["pts", "membership", group, '-c', cell], 
+    p = subprocess.Popen(["pts", "membership", "-encrypt", group, '-c', cell],

                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)

-    if p.wait():
-        return []
+    err = p.stderr.read()
+    if err: #Error code doesn't reveal missing groups, but stderr does
+        if err.startswith('pts: Permission denied ; unable to get membership of '):
+            return []
+        raise AfsProcessError(err)

     return [line.strip() for line in p.stdout.readlines()[1:]]
 
 def getLockerPath(locker):
     if '/' in locker or locker in ['.', '..']:
     return [line.strip() for line in p.stdout.readlines()[1:]]
 
 def getLockerPath(locker):
     if '/' in locker or locker in ['.', '..']:

-        raise InvalidInput('owner', locker, 'Locker name is invalid.')
+        raise AfsProcessError("Locker '%s' is invalid." % locker)

     return '/mit/' + locker
 
     return '/mit/' + locker
 

-def checkAfsGroup(user, group, cell):
-    """
-    checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
-    """
-    return user in getAfsGroupMembers(group, cell)
-

 def getCell(locker):
     p = subprocess.Popen(["fs", "whichcell", getLockerPath(locker)], 
                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
 def getCell(locker):
     p = subprocess.Popen(["fs", "whichcell", getLockerPath(locker)], 
                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)

@@ -82,18 +78,18 @@ def notLockerOwner(user, locker):
         return str(e)
 
     for entry in values:
         return str(e)
 
     for entry in values:

-        if entry == user or (entry[0:6] == "system" and 
-                                checkAfsGroup(user, entry, cell)):
+        if entry == user or (entry[0:6] == "system" and
+                                user in getAfsGroupMembers(entry, cell)):

             return False
     return "You don't have admin bits on " + getLockerPath(locker)
 
 
 if __name__ == "__main__":
 #    print list(getldapgroups("tabbott"))
             return False
     return "You don't have admin bits on " + getLockerPath(locker)
 
 
 if __name__ == "__main__":
 #    print list(getldapgroups("tabbott"))

-    print checkAfsGroup("tabbott", "system:debathena", 'athena.mit.edu')
-    print checkAfsGroup("tabbott", "system:debathena", 'sipb.mit.edu')
-    print checkAfsGroup("tabbott", "system:debathena-root", 'athena.mit.edu')
-    print checkAfsGroup("tabbott", "system:hmmt-request", 'athena.mit.edu')
+    print "tabbott" in getAfsGroupMembers("system:debathena", 'athena.mit.edu')
+    print "tabbott" in getAfsGroupMembers("system:debathena", 'sipb.mit.edu')
+    print "tabbott" in getAfsGroupMembers("system:debathena-root", 'athena.mit.edu')
+    print "tabbott" in getAfsGroupMembers("system:hmmt-request", 'athena.mit.edu')

     print notLockerOwner("tabbott", "tabbott")
     print notLockerOwner("tabbott", "debathena")
     print notLockerOwner("tabbott", "sipb")
     print notLockerOwner("tabbott", "tabbott")
     print notLockerOwner("tabbott", "debathena")
     print notLockerOwner("tabbott", "sipb")