X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/846195518ab335ada11115dfee10d0de5219cddc..47b9cb0d87524e6598da025f3c49cd013f00606b:/code/cache_acls.py?ds=inline diff --git a/code/cache_acls.py b/code/cache_acls.py index 75f4720..43af7dd 100755 --- a/code/cache_acls.py +++ b/code/cache_acls.py @@ -1,53 +1,13 @@ #!/usr/bin/python from invirt.database import * from invirt.config import structs as config -import sys -import getafsgroups -import subprocess - -def expandLocker(name): - try: - groups = getafsgroups.getLockerAcl(name) - except getafsgroups.AfsProcessError, e: - if e.message.startswith("fs: You don't have the required access rights on"): - return [] - elif e.message.endswith("doesn't exist\n"): - # presumably deactivated - return [] - else: - raise - cell = getafsgroups.getCell(name) - ans = set() - for group in groups: - if ':' in group: - ans.update(getafsgroups.getAfsGroupMembers(group, cell)) - else: - ans.add(group) - return ans - -def isUser(name): - p = subprocess.Popen(['vos', 'examine', 'user.'+name], - stdout=subprocess.PIPE, stderr=subprocess.PIPE) - if p.wait(): - return False - return True - - -def expandName(name): - if ':' not in name: - if isUser(name): - return [name] - return [] - try: - return getafsgroups.getAfsGroupMembers(name, config.authz.cells[0].cell) - except getafsgroups.AfsProcessError: - return [] +from invirt import authz def accessList(m): people = set() - people.update(expandLocker(m.owner)) + people.update(authz.expandOwner(m.owner)) if m.administrator is not None: - people.update(expandName(m.administrator)) + people.update(authz.expandAdmin(m.administrator)) return people def refreshMachine(m): @@ -59,26 +19,26 @@ def refreshMachine(m): for p in people - old_people: ma = MachineAccess(user=p) m.acl.append(ma) - session.save_or_update(ma) - + session.add(ma) + def refreshCache(): session.begin() try: - machines = Machine.query().all() + machines = Machine.query.all() for m in machines: refreshMachine(m) session.flush() - + # Update the admin ACL as well - admin_acl = set(expandName(config.adminacl)) - old_admin_acl = set(a.user for a in Admin.query()) + admin_acl = set(authz.expandAdmin(config.adminacl)) + old_admin_acl = set(a.user for a in Admin.query) for removed in old_admin_acl - admin_acl: old = Admin.query.filter_by(user=removed).first() session.delete(old) for added in admin_acl - old_admin_acl: a = Admin(user=added) - session.save_or_update(a) + session.add(a) session.flush() # Atomically execute our changes