groups in the athena cell.
svn path=/trunk/packages/sipb-xen-www/; revision=413
if isUser(name):
return [name]
name = 'system:'+name
if isUser(name):
return [name]
name = 'system:'+name
- return getafsgroups.getAfsGroupMembers(name, 'athena.mit.edu')
+ try:
+ return getafsgroups.getAfsGroupMembers(name, 'athena.mit.edu')
+ except getafsgroups.AfsProcessError:
+ return []
def accessList(m):
people = set()
def accessList(m):
people = set()
pass
def getAfsGroupMembers(group, cell):
pass
def getAfsGroupMembers(group, cell):
- p = subprocess.Popen(["pts", "membership", group, '-c', cell],
+ p = subprocess.Popen(["pts", "membership", "-noauth", group, '-c', cell],
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
- if p.wait():
- return []
+ err = p.stderr.read()
+ if err: #Error code doesn't reveal missing groups, but stderr does
+ raise AfsProcessError(err)
return [line.strip() for line in p.stdout.readlines()[1:]]
def getLockerPath(locker):
return [line.strip() for line in p.stdout.readlines()[1:]]
def getLockerPath(locker):
raise AfsProcessError("Locker '%s' is invalid." % locker)
return '/mit/' + locker
raise AfsProcessError("Locker '%s' is invalid." % locker)
return '/mit/' + locker
-def checkAfsGroup(user, group, cell):
- """
- checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
- """
- return user in getAfsGroupMembers(group, cell)
-
def getCell(locker):
p = subprocess.Popen(["fs", "whichcell", getLockerPath(locker)],
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
def getCell(locker):
p = subprocess.Popen(["fs", "whichcell", getLockerPath(locker)],
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
return str(e)
for entry in values:
return str(e)
for entry in values:
- if entry == user or (entry[0:6] == "system" and
- checkAfsGroup(user, entry, cell)):
+ if entry == user or (entry[0:6] == "system" and
+ user in getAfsGroupMembers(entry, cell)):
return False
return "You don't have admin bits on " + getLockerPath(locker)
if __name__ == "__main__":
# print list(getldapgroups("tabbott"))
return False
return "You don't have admin bits on " + getLockerPath(locker)
if __name__ == "__main__":
# print list(getldapgroups("tabbott"))
- print checkAfsGroup("tabbott", "system:debathena", 'athena.mit.edu')
- print checkAfsGroup("tabbott", "system:debathena", 'sipb.mit.edu')
- print checkAfsGroup("tabbott", "system:debathena-root", 'athena.mit.edu')
- print checkAfsGroup("tabbott", "system:hmmt-request", 'athena.mit.edu')
+ print "tabbott" in getAfsGroupMembers("system:debathena", 'athena.mit.edu')
+ print "tabbott" in getAfsGroupMembers("system:debathena", 'sipb.mit.edu')
+ print "tabbott" in getAfsGroupMembers("system:debathena-root", 'athena.mit.edu')
+ print "tabbott" in getAfsGroupMembers("system:hmmt-request", 'athena.mit.edu')
print notLockerOwner("tabbott", "tabbott")
print notLockerOwner("tabbott", "debathena")
print notLockerOwner("tabbott", "sipb")
print notLockerOwner("tabbott", "tabbott")
print notLockerOwner("tabbott", "debathena")
print notLockerOwner("tabbott", "sipb")
if cache_acls.isUser(admin):
return admin
admin = 'system:' + admin
if cache_acls.isUser(admin):
return admin
admin = 'system:' + admin
- if getafsgroups.checkAfsGroup(user, admin, 'athena.mit.edu'):
- return admin
- #XXX Should we require that user is in cache_acls.expandName(admin)?
+ try:
+ if user in getafsgroups.getAfsGroupMembers(admin, 'athena.mit.edu'):
+ return admin
+ except getafsgroups.AfsProcessError, e:
+ raise InvalidInput('administrator', admin, str(e))
+ #XXX Should we require that user is in the admin group?
return admin
def testOwner(user, owner, machine=None):
return admin
def testOwner(user, owner, machine=None):
projects / invirt/packages/invirt-web.git / commitdiff
