def fix_opset(db, name, contents): """ Update a single opset. Creates the opset name if it doesn't exist, and then syncs the operations/permissions in `contents` to the Cerebrum database. """ logger.debug('Checking opset %s' % name) co = Factory.get('Constants')(db) baos = BofhdAuthOpSet(db) baos.clear() try: baos.find_by_name(name) except Errors.NotFoundError: baos.populate(name) baos.write_db() logger.info('OpSet %s unknown, created it', name) current_operations = dict([(int(row['op_code']), int(row['op_id'])) for row in baos.list_operations()]) for k in contents.keys(): op_code = co.AuthRoleOp(k) try: int(op_code) except Errors.NotFoundError: logger.error("Operation %s not defined" % k) continue current_op_id = current_operations.get(int(op_code), None) if current_op_id is None: current_op_id = baos.add_operation(op_code) logger.info('OpSet %s got new operation %s', name, k) else: # already there del current_operations[int(op_code)] current_attrs = [ row['attr'] for row in baos.list_operation_attrs(current_op_id) ] for a in contents[k].get('attrs', []): if a not in current_attrs: baos.add_op_attrs(current_op_id, a) logger.info("Add attr for %s:%s: %s", name, k, a) else: current_attrs.remove(a) for a in current_attrs: baos.del_op_attrs(current_op_id, a) logger.info("Remove attr for %s:%s: %s", name, k, a) for op in current_operations: # TBD: In theory this should be op_id, should # the DB have a unique constraint? baos.del_operation(op, current_operations[op]) logger.info('OpSet %s had unwanted operation %s, removed it', name, co.AuthRoleOp(op)) baos.write_db()
def fix_opset(db, name, contents): """ Update a single opset. Creates the opset name if it doesn't exist, and then syncs the operations/permissions in `contents` to the Cerebrum database. """ logger.debug('Checking opset %s' % name) co = Factory.get('Constants')(db) baos = BofhdAuthOpSet(db) baos.clear() try: baos.find_by_name(name) except Errors.NotFoundError: baos.populate(name) baos.write_db() logger.info('OpSet %s unknown, created it', name) current_operations = dict([(int(row['op_code']), int(row['op_id'])) for row in baos.list_operations()]) for k in contents.keys(): op_code = co.AuthRoleOp(k) try: int(op_code) except Errors.NotFoundError: logger.error("Operation %s not defined" % k) continue current_op_id = current_operations.get(int(op_code), None) if current_op_id is None: current_op_id = baos.add_operation(op_code) logger.info('OpSet %s got new operation %s', name, k) else: # already there del current_operations[int(op_code)] current_attrs = [row['attr'] for row in baos.list_operation_attrs(current_op_id)] for a in contents[k].get('attrs', []): if a not in current_attrs: baos.add_op_attrs(current_op_id, a) logger.info("Add attr for %s:%s: %s", name, k, a) else: current_attrs.remove(a) for a in current_attrs: baos.del_op_attrs(current_op_id, a) logger.info("Remove attr for %s:%s: %s", name, k, a) for op in current_operations: # TBD: In theory this should be op_id, should # the DB have a unique constraint? baos.del_operation(op, current_operations[op]) logger.info('OpSet %s had unwanted operation %s, removed it', name, co.AuthRoleOp(op)) baos.write_db()
def fix_opset(name, contents): """Fix an operation set by giving it the operations defined in operation_sets, and removing other operations that shouldn't be there. If the opset doesn't exist, it is first created.""" logger.debug('Checking opset %s' % name) baos = BofhdAuthOpSet(db) baos.clear() try: baos.find_by_name(name) except Errors.NotFoundError: baos.populate(name) baos.write_db() logger.info('OpSet %s unknown, created it', name) current_operations = dict([(int(row['op_code']), int(row['op_id'])) for row in baos.list_operations()]) for k in contents.keys(): op_code = co.AuthRoleOp(k) try: int(op_code) except Errors.NotFoundError: logger.error("Operation %s not defined" % k) continue current_op_id = current_operations.get(int(op_code), None) if current_op_id is None: current_op_id = baos.add_operation(op_code) logger.info('OpSet %s got new operation %s', name, k) else: # already there del current_operations[int(op_code)] current_attrs = [row['attr'] for row in baos.list_operation_attrs(current_op_id)] for a in contents[k].get('attrs', []): if a not in current_attrs: baos.add_op_attrs(current_op_id, a) logger.info("Add attr for %s:%s: %s", name, k, a) else: current_attrs.remove(a) for a in current_attrs: baos.del_op_attrs(current_op_id, a) logger.info("Remove attr for %s:%s: %s", name, k, a) for op in current_operations: #TBD: In theory this should be op_id, should # the DB have a unique constraint? baos.del_operation(op, current_operations[op]) logger.info('OpSet %s had unwanted operation %s, removed it', name, co.AuthRoleOp(op)) baos.write_db()