import subprocess
def expandLocker(name):
- groups = getafsgroups.getLockerAcl(name)
+ try:
+ groups = getafsgroups.getLockerAcl(name)
+ except getafsgroups.AfsProcessError, e:
+ if e.message.startswith("fs: You don't have the required access rights on"):
+ return []
+ elif e.message.endswith("doesn't exist\n"):
+ # presumably deactivated
+ return []
+ else:
+ raise
cell = getafsgroups.getCell(name)
ans = set()
for group in groups:
return [name]
return []
try:
- return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell)
+ return getafsgroups.getAfsGroupMembers(name, config.authz.afs.cells[0].cell)
except getafsgroups.AfsProcessError:
return []
def accessList(m):
people = set()
people.update(expandLocker(m.owner))
- people.update(expandName(m.administrator))
+ if m.administrator is not None:
+ people.update(expandName(m.administrator))
return people
def refreshMachine(m):
session.begin()
try:
- machines = Machine.select()
+ machines = Machine.query().all()
for m in machines:
refreshMachine(m)
session.flush()
+ # Update the admin ACL as well
+ admin_acl = set(expandName(config.adminacl))
+ old_admin_acl = set(a.user for a in Admin.query())
+ for removed in old_admin_acl - admin_acl:
+ old = Admin.query.filter_by(user=removed).first()
+ session.delete(old)
+ for added in admin_acl - old_admin_acl:
+ a = Admin(user=added)
+ session.save_or_update(a)
+ session.flush()
+
# Atomically execute our changes
session.commit()
except: