X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/a14f1cec3751f18f56c28c7a5ea20b54ab319bc6..d7b8e921bc3e91f5dde078f9a97a2089945ce183:/code/cache_acls.py diff --git a/code/cache_acls.py b/code/cache_acls.py old mode 100644 new mode 100755 index f7575e1..43af7dd --- a/code/cache_acls.py +++ b/code/cache_acls.py @@ -1,42 +1,13 @@ #!/usr/bin/python -from sipb_xen_database import * -import sys -import getafsgroups -import subprocess - -def expandLocker(name): - groups = getafsgroups.getLockerAcl(name) - cell = getafsgroups.getCell(name) - ans = set() - for group in groups: - if ':' in group: - ans.update(getafsgroups.getAfsGroupMembers(group, cell)) - else: - ans.add(group) - return ans - -def isUser(name): - p = subprocess.Popen(['vos', 'examine', 'user.'+name], - stdout=subprocess.PIPE, stderr=subprocess.PIPE) - if p.wait(): - return False - return True - - -def expandName(name): - if ':' not in name: - if isUser(name): - return [name] - name = 'system:'+name - try: - return getafsgroups.getAfsGroupMembers(name, 'athena.mit.edu') - except getafsgroups.AfsProcessError: - return [] +from invirt.database import * +from invirt.config import structs as config +from invirt import authz def accessList(m): people = set() - people.update(expandLocker(m.owner)) - people.update(expandName(m.administrator)) + people.update(authz.expandOwner(m.owner)) + if m.administrator is not None: + people.update(authz.expandAdmin(m.administrator)) return people def refreshMachine(m): @@ -44,27 +15,39 @@ def refreshMachine(m): old_people = set(a.user for a in m.acl) for removed in old_people - people: ma = [x for x in m.acl if x.user == removed][0] - ctx.current.delete(ma) + session.delete(ma) for p in people - old_people: - ma = MachineAccess(machine_id=m.machine_id, user=p) - ctx.current.save(ma) - + ma = MachineAccess(user=p) + m.acl.append(ma) + session.add(ma) + def refreshCache(): - transaction = ctx.current.create_transaction() + session.begin() try: - machines = Machine.select() + machines = Machine.query.all() for m in machines: refreshMachine(m) - ctx.current.flush() - + session.flush() + + # Update the admin ACL as well + admin_acl = set(authz.expandAdmin(config.adminacl)) + old_admin_acl = set(a.user for a in Admin.query) + for removed in old_admin_acl - admin_acl: + old = Admin.query.filter_by(user=removed).first() + session.delete(old) + for added in admin_acl - old_admin_acl: + a = Admin(user=added) + session.add(a) + session.flush() + # Atomically execute our changes - transaction.commit() + session.commit() except: # Failed! Rollback all the changes. - transaction.rollback() + session.rollback() raise if __name__ == '__main__': - connect('postgres://sipb-xen@sipb-xen-dev/sipb_xen') + connect() refreshCache()