def authz(ident, permission=[]): #NOTE: g._register_silos() IS AN EXPENSIVE OPERATION. LISTING SILOS FROM DATABASE INSTEAD #g = ag.granary #g.state.revert() #g._register_silos() #granary_list = g.silos granary_list = list_silos() if permission and not type(permission).__name__ == 'list': permission = [permission] if not permission: permission = [] silos = [] for i in ident['user'].groups: if i.silo == '*': return granary_list if i.silo in granary_list and not i.silo in silos: if not permission: silos.append(i.silo) else: for p in i.permissions: if p.permission_name in permission: silos.append(i.silo) """ user_groups = list_user_groups(ident['repoze.who.userid']) for g,p in user_groups: if g == '*': f = open('/var/log/databank/authz.log', 'a') f.write('List of all Silos: %s\n'%str(granary_list)) f.write('List of user groups: %s\n'%str(user_groups)) f.write('Permissions to match: %s\n'%str(permission)) f.write('Group is *. Returning all silos\n\n') f.close() return granary_list if g in granary_list and not g in silos: if not permission: silos.append(g) elif p in permission: silos.append(g) f = open('/var/log/databank/authz.log', 'a') f.write('List of all Silos: %s\n'%str(granary_list)) f.write('List of user groups: %s\n'%str(user_groups)) f.write('Permissions to match: %s\n'%str(permission)) f.write('List of auth Silos: %s\n\n'%str(silos)) f.close() """ return silos
def sync_members(g): # NOTE: g._register_silos() IS AN EXPENSIVE OPERATION. # THIS FUNCTION IS EXPENSIVE AND SHOULD BE CALLED ONLY IF REALLY NECESSARY #g = ag.granary g.state.revert() g._register_silos() granary_list = g.silos granary_list_database = list_silos() usernames = list_usernames() for silo in granary_list: if not silo in granary_list_database: add_silo(silo) kw = g.describe_silo(silo) #Get existing owners, admins, managers and submitters from silo metadata owners = [] admins = [] managers = [] submitters = [] if 'administrators' in kw and kw['administrators']: admins = [x.strip() for x in kw['administrators'].split(",") if x] if 'managers' in kw and kw['managers']: managers = [x.strip() for x in kw['managers'].split(",") if x] if 'submitters' in kw and kw['submitters']: submitters = [x.strip() for x in kw['submitters'].split(",") if x] # Check users in silo metadata are valid users owners = [x for x in owners if x in usernames] admins = [x for x in admins if x in usernames] managers = [x for x in managers if x in usernames] submitters = [x for x in submitters if x in usernames] #Synchronize members in silo metadata with users in database d_admins = [] d_managers = [] d_sunbmitters = [] if silo in granary_list_database: d_admins, d_managers, d_submitters = list_group_usernames(silo) admins.extend(d_admins) managers.extend(d_managers) submitters.extend(d_submitters) # Ensure users are listed just once in silo metadata and owner is superset owners.extend(admins) owners.extend(managers) owners.extend(submitters) admins = list(set(admins)) managers = list(set(managers)) submitters = list(set(submitters)) owners = list(set(owners)) # Add users in silo metadata to the database new_silo_users = [] for a in admins: if not a in d_admins: new_silo_users.append((a, 'administrator')) for a in managers: if not a in d_managers: new_silo_users.append((a, 'manager')) for a in new_submitters: if not a in d_submitters: new_silo_users.append((a, 'submitter')) if new_silo_users: add_group_users(silo, new_silo_users) #Write members into silo kw['owners'] = ','.join(owners) kw['administrators'] = ','.join(admins) kw['managers'] = ','.join(managers) kw['submitters'] = ','.join(submitters) g.describe_silo(silo, **kw) g.sync() return