sqlalchemy fixes to get web to display

[invirt/packages/invirt-web.git] / code / cache_acls.py
diff --git a/code/cache_acls.py b/code/cache_acls.py

old mode 100644 (file)

new mode 100755 (executable)

index 34d5e1e..43af7dd
--- a/code/cache_acls.py
+++ b/code/cache_acls.py
@@ -1,63 +1,53 @@
  #!/usr/bin/python
  #!/usr/bin/python
-from sipb_xen_database import *
-import sys
-import getafsgroups
-import subprocess
+from invirt.database import *
+from invirt.config import structs as config
+from invirt import authz
  
  
-def expandLocker(name):
-    groups = getafsgroups.getLockerAcl(name)
-    cell = getafsgroups.getCell(name)
-    ans = set()
-    for group in groups:
-        if ':' in group:
-            ans.update(getafsgroups.getAfsGroupMembers(group, cell))
-        else:
-            ans.add(group)
-    return ans
-
-def isUser(name):
-    p = subprocess.Popen(['vos', 'examine', 'user.'+name],
-                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-    if p.wait():
-        return False
-    return True
-    
-
-def expandName(name):
-    if ':' not in name:
-        if isUser(name):
-            return [name]
-        name = 'system:'+name
-    return getafsgroups.getAfsGroupMembers(name, 'athena.mit.edu')
+def accessList(m):
+    people = set()
+    people.update(authz.expandOwner(m.owner))
+    if m.administrator is not None:
+        people.update(authz.expandAdmin(m.administrator))
+    return people
  
  def refreshMachine(m):
  
  def refreshMachine(m):
-    people = set()
-    people.update(expandLocker(m.owner))
-    people.update(expandName(m.administrator))
+    people = accessList(m)
      old_people = set(a.user for a in m.acl)
      for removed in old_people - people:
          ma = [x for x in m.acl if x.user == removed][0]
      old_people = set(a.user for a in m.acl)
      for removed in old_people - people:
          ma = [x for x in m.acl if x.user == removed][0]
-        ctx.current.delete(ma)
+        session.delete(ma)
      for p in people - old_people:
      for p in people - old_people:
-        ma = MachineAccess(machine_id=m.machine_id, user=p)
-        ctx.current.save(ma)
-    
+        ma = MachineAccess(user=p)
+        m.acl.append(ma)
+        session.add(ma)
+
  def refreshCache():
  def refreshCache():
-    transaction = ctx.current.create_transaction()
+    session.begin()
  
      try:
  
      try:
-        machines = Machine.select()
+        machines = Machine.query.all()
          for m in machines:
              refreshMachine(m)
          for m in machines:
              refreshMachine(m)
-        ctx.current.flush()
-            
+        session.flush()
+
+        # Update the admin ACL as well
+        admin_acl = set(authz.expandAdmin(config.adminacl))
+        old_admin_acl = set(a.user for a in Admin.query)
+        for removed in old_admin_acl - admin_acl:
+            old = Admin.query.filter_by(user=removed).first()
+            session.delete(old)
+        for added in admin_acl - old_admin_acl:
+            a = Admin(user=added)
+            session.add(a)
+        session.flush()
+    
          # Atomically execute our changes
          # Atomically execute our changes
-        transaction.commit()
+        session.commit()
      except:
          # Failed! Rollback all the changes.
      except:
          # Failed! Rollback all the changes.
-        transaction.rollback()
+        session.rollback()
          raise
  
  if __name__ == '__main__':
          raise
  
  if __name__ == '__main__':
-    connect('postgres://sipb-xen@sipb-xen-dev/sipb_xen')
+    connect()
      refreshCache()
      refreshCache()