You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
141 lines
5.1 KiB
141 lines
5.1 KiB
3 years ago
|
#!/usr/bin/python
|
||
|
|
|
||
|
|
# imports of modules
|
||
|
|
import optparse
|
||
|
|
import subprocess
|
||
|
|
import sys
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
if __name__ == "__main__":
|
||
|
|
# create configparser instance
|
||
|
|
config = AuthzConfigParser()
|
||
|
|
# read config file
|
||
|
|
config.read(AUTHZ_PATH)
|
||
|
|
|
||
|
|
# command line interface:
|
||
|
|
# no option: display info
|
||
|
|
# -g display users in a group
|
||
|
|
# -a add regular user
|
||
|
|
# -r add restricted user
|
||
|
|
# -m move to alumni
|
||
|
|
# -p reset user password
|
||
|
|
parser = optparse.OptionParser(
|
||
|
|
usage="usage: %prog [option] name",
|
||
|
|
description="shows and manipulates svn access rights",
|
||
|
|
epilog="to grant a restricted user access to another folder, you have to carefully edit the authz file")
|
||
|
|
parser.add_option("-g", "--groupinfo", action="store_const", dest="what",
|
||
|
|
const="g", help="display users in a group")
|
||
|
|
parser.add_option("-a", "--add", action="store_const", dest="what",
|
||
|
|
const="a", help="add a regular user")
|
||
|
|
parser.add_option("-r", "--restricted", action="store_const", dest="what",
|
||
|
|
const="r", help="add a restricted user")
|
||
|
|
parser.add_option("-m", "--move", action="store_const", dest="what",
|
||
|
|
const="m", help="move a user to alumni")
|
||
|
|
parser.add_option("-p", "--password", action="store_const", dest="what",
|
||
|
|
const="p", help="reset a user password")
|
||
|
|
options, args = parser.parse_args()
|
||
|
|
|
||
|
|
if len(args)==0:
|
||
|
|
# no arguments? then display all the users!
|
||
|
|
groups = config.group_users()
|
||
|
|
for name, usernames in groups.items():
|
||
|
|
print "Users in group '%s':" % name
|
||
|
|
for name in sorted(usernames):
|
||
|
|
print " " + name
|
||
|
|
sys.exit()
|
||
|
|
|
||
|
|
if len(args)>1:
|
||
|
|
# more than one usename? not here, john boy
|
||
|
|
sys.exit("please provide only one name")
|
||
|
|
name = args[0]
|
||
|
|
|
||
|
|
if options.what == "g":
|
||
|
|
# show group information
|
||
|
|
groups = config.group_users()
|
||
|
|
if name not in groups:
|
||
|
|
sys.exit("Group not found")
|
||
|
|
print "Users in group '%s':" % name
|
||
|
|
for usernamename in sorted(groups[name]):
|
||
|
|
print " " + usernamename
|
||
|
|
sys.exit()
|
||
|
|
|
||
|
|
if options.what in ("a", "r"):
|
||
|
|
# add a user, restricted or regular
|
||
|
|
if name in config.elab_users:
|
||
|
|
sys.exit("Username '%s' already in use" % name)
|
||
|
|
group = RESTRICTED if options.what == "r" else USERS
|
||
|
|
config.add_journal_acl_for(name, group)
|
||
|
|
create_new_repository(name)
|
||
|
|
#subprocess.check_call(SVN_DIR_CREATOR + " " + name, shell=True)
|
||
|
|
password = set_new_password(name)
|
||
|
|
print "New password for :"
|
||
|
|
print "username: " + name
|
||
|
|
print "password: " + password
|
||
|
|
print "url: https://svn.cpi.imtek.uni-freiburg.de/" + name
|
||
|
|
config.write_to_file()
|
||
|
|
sys.exit()
|
||
|
|
|
||
|
|
# from here downwards we need already existent usernames
|
||
|
|
if name not in config.elab_users:
|
||
|
|
sys.exit("User '%s' not found, use this without a name to get a list of users." % name)
|
||
|
|
|
||
|
|
if options.what == "m":
|
||
|
|
# move user to alumni
|
||
|
|
user = config.elab_users[name]
|
||
|
|
if user.group == ALUMNI:
|
||
|
|
sys.exit("User '%s' is already in group '%s'" % (name, ALUMNI))
|
||
|
|
if user.group == ADMINS:
|
||
|
|
sys.exit("User '%s' is in group '%s', will not moved to '%s'" % (name, ADMINS, ALUMNI))
|
||
|
|
config.move_user_to_alumni(name)
|
||
|
|
config.write_to_file()
|
||
|
|
delete_password(name)
|
||
|
|
sys.exit()
|
||
|
|
|
||
|
|
if options.what == "p":
|
||
|
|
# reset a password
|
||
|
|
password = set_new_password(name)
|
||
|
|
print "New password for :"
|
||
|
|
print "username: " + name
|
||
|
|
print "password: " + password
|
||
|
|
sys.exit()
|
||
|
|
|
||
|
|
# no option, just a name:
|
||
|
|
user = config.elab_users[name]
|
||
|
|
print "User %s is in group '%s':" % (name, user.group)
|
||
|
|
# print the write acls for a user
|
||
|
|
if user.group == ADMINS:
|
||
|
|
print " Write access is granted to all journals."
|
||
|
|
elif user.write_acl:
|
||
|
|
write_acl = [ username + SVN_SUFFIX for username in user.write_acl ]
|
||
|
|
print " Write access is granted to '%s'. " % "', '".join(write_acl)
|
||
|
|
else:
|
||
|
|
print " Write access is NOT granted to any journals"
|
||
|
|
# print the read acls for a user
|
||
|
|
if user.group == ADMINS:
|
||
|
|
print " Read access is granted to all journals."
|
||
|
|
elif user.group == USERS:
|
||
|
|
print " Read access is granted to (nearly) all journals."
|
||
|
|
elif user.read_acl:
|
||
|
|
read_acl = [ username + SVN_SUFFIX for username in user.read_acl ]
|
||
|
|
print " Read access is granted to '%s'. " % "', '".join(read_acl)
|
||
|
|
else:
|
||
|
|
print " Read access is NOT granted to any journals"
|
||
|
|
|
||
|
|
info = config.get_journal_info(name)
|
||
|
|
# print the write acls for a journal
|
||
|
|
print "Labjournal %s%s" % (name, SVN_SUFFIX)
|
||
|
|
if info[WRITE_ACL]:
|
||
|
|
print " Write access granted to: " + ", ".join(info[WRITE_ACL])
|
||
|
|
else:
|
||
|
|
print " No write access granted to anybody"
|
||
|
|
# print the read acls for a journal
|
||
|
|
if info[READ_ACL]:
|
||
|
|
print " Read access granted to: " + ", ".join(info[READ_ACL])
|
||
|
|
else:
|
||
|
|
print " No read access granted to anybody"
|