def authz(ident, permission=[]):
#NOTE: g._register_silos() IS AN EXPENSIVE OPERATION. LISTING SILOS FROM DATABASE INSTEAD
#g = ag.granary
#g.state.revert()
#g._register_silos()
#granary_list = g.silos
granary_list = list_silos()
if permission and not type(permission).__name__ == 'list':
permission = [permission]
if not permission:
permission = []
silos = []
for i in ident['user'].groups:
if i.silo == '*':
return granary_list
if i.silo in granary_list and not i.silo in silos:
if not permission:
silos.append(i.silo)
else:
for p in i.permissions:
if p.permission_name in permission:
silos.append(i.silo)
"""
user_groups = list_user_groups(ident['repoze.who.userid'])
for g,p in user_groups:
if g == '*':
f = open('/var/log/databank/authz.log', 'a')
f.write('List of all Silos: %s\n'%str(granary_list))
f.write('List of user groups: %s\n'%str(user_groups))
f.write('Permissions to match: %s\n'%str(permission))
f.write('Group is *. Returning all silos\n\n')
f.close()
return granary_list
if g in granary_list and not g in silos:
if not permission:
silos.append(g)
elif p in permission:
silos.append(g)
f = open('/var/log/databank/authz.log', 'a')
f.write('List of all Silos: %s\n'%str(granary_list))
f.write('List of user groups: %s\n'%str(user_groups))
f.write('Permissions to match: %s\n'%str(permission))
f.write('List of auth Silos: %s\n\n'%str(silos))
f.close()
"""
return silos
def sync_members(g):
# NOTE: g._register_silos() IS AN EXPENSIVE OPERATION.
# THIS FUNCTION IS EXPENSIVE AND SHOULD BE CALLED ONLY IF REALLY NECESSARY
#g = ag.granary
g.state.revert()
g._register_silos()
granary_list = g.silos
granary_list_database = list_silos()
usernames = list_usernames()
for silo in granary_list:
if not silo in granary_list_database:
add_silo(silo)
kw = g.describe_silo(silo)
#Get existing owners, admins, managers and submitters from silo metadata
owners = []
admins = []
managers = []
submitters = []
if 'administrators' in kw and kw['administrators']:
admins = [x.strip() for x in kw['administrators'].split(",") if x]
if 'managers' in kw and kw['managers']:
managers = [x.strip() for x in kw['managers'].split(",") if x]
if 'submitters' in kw and kw['submitters']:
submitters = [x.strip() for x in kw['submitters'].split(",") if x]
# Check users in silo metadata are valid users
owners = [x for x in owners if x in usernames]
admins = [x for x in admins if x in usernames]
managers = [x for x in managers if x in usernames]
submitters = [x for x in submitters if x in usernames]
#Synchronize members in silo metadata with users in database
d_admins = []
d_managers = []
d_sunbmitters = []
if silo in granary_list_database:
d_admins, d_managers, d_submitters = list_group_usernames(silo)
admins.extend(d_admins)
managers.extend(d_managers)
submitters.extend(d_submitters)
# Ensure users are listed just once in silo metadata and owner is superset
owners.extend(admins)
owners.extend(managers)
owners.extend(submitters)
admins = list(set(admins))
managers = list(set(managers))
submitters = list(set(submitters))
owners = list(set(owners))
# Add users in silo metadata to the database
new_silo_users = []
for a in admins:
if not a in d_admins:
new_silo_users.append((a, 'administrator'))
for a in managers:
if not a in d_managers:
new_silo_users.append((a, 'manager'))
for a in new_submitters:
if not a in d_submitters:
new_silo_users.append((a, 'submitter'))
if new_silo_users:
add_group_users(silo, new_silo_users)
#Write members into silo
kw['owners'] = ','.join(owners)
kw['administrators'] = ','.join(admins)
kw['managers'] = ','.join(managers)
kw['submitters'] = ','.join(submitters)
g.describe_silo(silo, **kw)
g.sync()
return
