X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/94b47c9d6a68a77ac7e5da91562261bebed0c053..4016733ded1999911d7e5f4df21ec66624d39c5c:/code/cache_acls.py diff --git a/code/cache_acls.py b/code/cache_acls.py index 81827b0..7634b7e 100644 --- a/code/cache_acls.py +++ b/code/cache_acls.py @@ -1,11 +1,17 @@ #!/usr/bin/python -from sipb_xen_database import * +from invirt.database import * +from invirt.config import structs as config import sys import getafsgroups import subprocess def expandLocker(name): - groups = getafsgroups.getLockerAcl(name) + try: + groups = getafsgroups.getLockerAcl(name) + except getafsgroups.AfsProcessError, e: + if e.message.startswith("fs: You don't have the required access rights on"): + groups = [] + raise cell = getafsgroups.getCell(name) ans = set() for group in groups: @@ -27,13 +33,17 @@ def expandName(name): if ':' not in name: if isUser(name): return [name] - name = 'system:'+name - return getafsgroups.getAfsGroupMembers(name, 'athena.mit.edu') + return [] + try: + return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell) + except getafsgroups.AfsProcessError: + return [] def accessList(m): people = set() people.update(expandLocker(m.owner)) - people.update(expandName(m.administrator)) + if m.administrator is not None: + people.update(expandName(m.administrator)) return people def refreshMachine(m): @@ -41,27 +51,28 @@ def refreshMachine(m): old_people = set(a.user for a in m.acl) for removed in old_people - people: ma = [x for x in m.acl if x.user == removed][0] - ctx.current.delete(ma) + session.delete(ma) for p in people - old_people: - ma = MachineAccess(machine_id=m.machine_id, user=p) - ctx.current.save(ma) + ma = MachineAccess(user=p) + m.acl.append(ma) + session.save_or_update(ma) def refreshCache(): - transaction = ctx.current.create_transaction() + session.begin() try: - machines = Machine.select() + machines = Machine.query().all() for m in machines: refreshMachine(m) - ctx.current.flush() + session.flush() # Atomically execute our changes - transaction.commit() + session.commit() except: # Failed! Rollback all the changes. - transaction.rollback() + session.rollback() raise if __name__ == '__main__': - connect('postgres://sipb-xen@sipb-xen-dev/sipb_xen') + connect() refreshCache()