X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/d7764c68cddf71645439f295c31532e528231051..b7f6fe4999dff15a49995f70bdafc95949c15116:/code/cache_acls.py?ds=inline diff --git a/code/cache_acls.py b/code/cache_acls.py old mode 100644 new mode 100755 index 1a23587..7ae4ac8 --- a/code/cache_acls.py +++ b/code/cache_acls.py @@ -10,8 +10,12 @@ def expandLocker(name): groups = getafsgroups.getLockerAcl(name) except getafsgroups.AfsProcessError, e: if e.message.startswith("fs: You don't have the required access rights on"): - groups = [] - raise + return [] + elif e.message.endswith("doesn't exist\n"): + # presumably deactivated + return [] + else: + raise cell = getafsgroups.getCell(name) ans = set() for group in groups: @@ -35,14 +39,15 @@ def expandName(name): return [name] return [] try: - return getafsgroups.getAfsGroupMembers(name, config.authz[0].cell) + return getafsgroups.getAfsGroupMembers(name, config.authz.afs.cells[0].cell) except getafsgroups.AfsProcessError: return [] def accessList(m): people = set() people.update(expandLocker(m.owner)) - people.update(expandName(m.administrator)) + if m.administrator is not None: + people.update(expandName(m.administrator)) return people def refreshMachine(m): @@ -65,6 +70,17 @@ def refreshCache(): refreshMachine(m) session.flush() + # Update the admin ACL as well + admin_acl = set(expandName(config.adminacl)) + old_admin_acl = set(a.user for a in Admin.query()) + for removed in old_admin_acl - admin_acl: + old = Admin.query.filter_by(user=removed).first() + session.delete(old) + for added in admin_acl - old_admin_acl: + a = Admin(user=added) + session.save_or_update(a) + session.flush() + # Atomically execute our changes session.commit() except: