CPI
/
elab-users
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

read and write acl defaults are now read from the [cpi:/] section

master
Holger Frey 10 years ago
parent
5987d349aa
commit
18c3f53dfc
2 changed files with 47 additions and 31 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      authz
  2. 73
      manage.py

5
authz
Unescape View File

@ -2,10 +2,10 @@
administrators = OswaldPrucker administrators = OswaldPrucker
restricted = AndreasEver, ArthurMartens, BeniPrasser, JuliaSaar, SimonZunker, SirasaYodmongkol, UrmilShah, YongZhou restricted = AndreasEver, ArthurMartens, BeniPrasser, JuliaSaar, SimonZunker, SirasaYodmongkol, UrmilShah, YongZhou
alumni = AlexeyKopyshev, AndreasBoenisch, AnkeWoerz, AnneLoesche, ArulGeetha, ChristianSchuh, ChristineBunte, CkPandiyarajan, FanWu, GinoRodriguez, GuillermoBenites, HeikeHaller, IrenaEipert, JacobBelardi, JenniferPfau, JoachimLauterwasser, JohannesBaader, KatrinMoosmann, KerstinSchuh, KimberlySimancas, MarcelHoffmann, MarcoArmbruster, MariaVoehringer, MariaVohringer, MartinaAuerswald, MartinVellinger, MatthiasLischka, MessRechner, MichaelaFrase, MiriamScheckenbach, MonicaPerez, MonikaKurowska, NinoLomadze, Nongluck, OliverDornfeld, PeterZahn, PhilippDiefenthaler, PhilippWollermann, RodrigoNavarro, SaraFuchs, SebastianBoehmer, SebastianSebald, SimonBodendorfer, SimonSchuster, ThidaratWangkam, TobiasKoenig, TristanBourrel, UlrikeRiehle, ViVek, WolfgangEhm, YnSekhar, ZouStaarter alumni = AlexeyKopyshev, AndreasBoenisch, AnkeWoerz, AnneLoesche, ArulGeetha, ChristianSchuh, ChristineBunte, CkPandiyarajan, FanWu, GinoRodriguez, GuillermoBenites, HeikeHaller, IrenaEipert, JacobBelardi, JenniferPfau, JoachimLauterwasser, JohannesBaader, KatrinMoosmann, KerstinSchuh, KimberlySimancas, MarcelHoffmann, MarcoArmbruster, MariaVoehringer, MariaVohringer, MartinaAuerswald, MartinVellinger, MatthiasLischka, MessRechner, MichaelaFrase, MiriamScheckenbach, MonicaPerez, MonikaKurowska, NinoLomadze, Nongluck, OliverDornfeld, PeterZahn, PhilippDiefenthaler, PhilippWollermann, RodrigoNavarro, SaraFuchs, SebastianBoehmer, SebastianSebald, SimonBodendorfer, SimonSchuster, ThidaratWangkam, TobiasKoenig, TristanBourrel, UlrikeRiehle, ViVek, WolfgangEhm, YnSekhar, ZouStaarter
users = AlexanderDietz, AliciaMalekLuz, AndreasMader, AnnaSchuler, AnneBuderer, CanerKaganaslan, ChristophScheibelein, DanielaMoessner, DavidBoschert, DavidSchwaerzle, FrankScherag, FranziskaDorner, GerhardBaaken, GregorOsterwinter, HolgerFrey, JanNiklasSchoenberg, JonGreen, KarenLienkamp, KeLi, MalwinaPajestka, MaraFlorea, MarcelRothfelder, MarcZinggeler, MarcelHoffmann, MartinKoerner, MartinRendl, MartinSchoenstein, MatthiasMenzel, MelanieEichhorn, MichaelHenze, MostafaMahmoud, NataliaSchatz, NicoleBirsner, NilsKorf, PetraHettich, PhilipKotrade, RaduCristianMutihac, RebeccaBlell, RomanErath, SamarKazan, SaschaEngel, ShararehSahneh, SureshReddyBanda, ThomasBrandstetter, TianyangZheng, TobiasHeitzler, VinicioCarias, VitaliyKondrashov, WibkeHartleb, XiaoqiangHou users = AlexanderDietz, AliciaMalekLuz, AndreasMader, AnnaSchuler, AnneBuderer, CanerKaganaslan, ChristophScheibelein, DanielaMoessner, DavidBoschert, DavidSchwaerzle, FrankScherag, FranziskaDorner, GerhardBaaken, GregorOsterwinter, HolgerFrey, JanNiklasSchoenberg, JonGreen, KarenLienkamp, KeLi, MalwinaPajestka, MaraFlorea, MarcelRothfelder, MarcZinggeler, MartinKoerner, MartinRendl, MartinSchoenstein, MatthiasMenzel, MelanieEichhorn, MichaelHenze, MostafaMahmoud, NataliaSchatz, NicoleBirsner, NilsKorf, PetraHettich, PhilipKotrade, RaduCristianMutihac, RebeccaBlell, RomanErath, SamarKazan, SaschaEngel, ShararehSahneh, SureshReddyBanda, ThomasBrandstetter, TianyangZheng, TobiasHeitzler, VinicioCarias, VitaliyKondrashov, WibkeHartleb, XiaoqiangHou
[cpi:/] [cpi:/]
@admins = rw @administrators = rw
@users = r @users = r
@restricted = r @restricted = r
@alumni = @alumni =
@ -290,6 +290,7 @@ NilsKorf = rw
[cpi:/OswaldPrucker] [cpi:/OswaldPrucker]
@restricted = @restricted =
@users =
[cpi:/PengZou] [cpi:/PengZou]
@restricted = @restricted =

73
manage.py
Unescape View File

@ -50,24 +50,24 @@ def delete_password(name, length=10):
# so redirect this to /dev/null # so redirect this to /dev/null
with open(os.devnull, 'wb') as devnull: with open(os.devnull, 'wb') as devnull:
subprocess.check_call(["htpasswd", "-D", HTPWD_PATH, name], stderr=devnull) subprocess.check_call(["htpasswd", "-D", HTPWD_PATH, name], stderr=devnull)
# class definitions # class definitions
class User(object): class User(object):
""" Collect the username, group and access control lists """ """ Collect the username, group and access control lists """
def __init__(self, name, group): def __init__(self, name, group):
""" initialization of the class """ """ initialization of the class """
self.name = name self.name = name
self.group = group self.group = group
self.write_acl = [] self.write_acl = []
self.read_acl = [] self.read_acl = []
def __str__(self): def __str__(self):
""" return a string representation """ """ return a string representation """
return self.name return self.name
def __repr__(self): def __repr__(self):
""" return a string representation of the object """ """ return a string representation of the object """
return "<User '%s@%s'>" % (self.name, self.group) return "<User '%s@%s'>" % (self.name, self.group)
@ -79,12 +79,17 @@ class AuthzConfigParser(ConfigParser.ConfigParser, object):
def __init__(self): def __init__(self):
""" initialization of the class """ """ initialization of the class """
self.users = None self.users = None
self._acl_defaults = { WRITE_ACL: [], READ_ACL: [] }
super(AuthzConfigParser, self).__init__() super(AuthzConfigParser, self).__init__()
def optionxform(self, value): def optionxform(self, value):
""" reset the method to use cases ensitive names """ """ reset the method to use cases ensitive names """
return str(value) return str(value)
def read(self, path):
super(AuthzConfigParser, self).read(path)
self._acl_defaults = self.get_folder_info("")
def extract_users(self): def extract_users(self):
""" extract user information from config """ """ extract user information from config """
users = dict() users = dict()
@ -96,7 +101,7 @@ class AuthzConfigParser(ConfigParser.ConfigParser, object):
raise Exception("Found duplicate entry for user " + username) raise Exception("Found duplicate entry for user " + username)
user = User(username, group) user = User(username, group)
users[username] = user users[username] = user
# second we scan each section that is related to an svn folder (it # second we scan each section that is related to an svn folder (it
# starts with the svn base) for read and write access user entries # starts with the svn base) for read and write access user entries
for section in self.sections(): for section in self.sections():
if section.startswith(SVN_BASE): if section.startswith(SVN_BASE):
@ -116,12 +121,16 @@ class AuthzConfigParser(ConfigParser.ConfigParser, object):
name = SVN_BASE + name name = SVN_BASE + name
if not self.has_section(name): if not self.has_section(name):
return None return None
info = { WRITE_ACL: [], READ_ACL: [] } info = self._acl_defaults.copy()
for (option, value) in self.items(name): for (option, value) in self.items(name):
if value in (WRITE_ACL, READ_ACL): if value in (WRITE_ACL, READ_ACL):
info[value].append(option) info[value].append(option)
if not value:
for acltype in (WRITE_ACL, READ_ACL):
if option in info[acltype]:
info[acltype].remove(option)
return info return info
def move_user_to_alumni(self, user): def move_user_to_alumni(self, user):
""" moves a user to the alumni group and removes every access rights """ """ moves a user to the alumni group and removes every access rights """
for access_to in user.write_acl: for access_to in user.write_acl:
@ -134,7 +143,7 @@ class AuthzConfigParser(ConfigParser.ConfigParser, object):
user.read_acl = [] user.read_acl = []
user.group = ALUMNI user.group = ALUMNI
delete_password(user.name) delete_password(user.name)
def update_user_groups(self, users): def update_user_groups(self, users):
""" updates the config settings of the groups section """ """ updates the config settings of the groups section """
groups = group_users(users) groups = group_users(users)
@ -147,7 +156,7 @@ class AuthzConfigParser(ConfigParser.ConfigParser, object):
def write(self, fp): def write(self, fp):
"""Write an .ini-format representation of the configuration state. """Write an .ini-format representation of the configuration state.
this is adapted from the original library file. changes: this is adapted from the original library file. changes:
- no default section - no default section
- group-section at top - group-section at top
@ -165,7 +174,7 @@ class AuthzConfigParser(ConfigParser.ConfigParser, object):
key = " = ".join((key, str(value).replace('\n', '\n\t'))) key = " = ".join((key, str(value).replace('\n', '\n\t')))
fp.write("%s\n" % (key)) fp.write("%s\n" % (key))
fp.write("\n") fp.write("\n")
if __name__ == "__main__": if __name__ == "__main__":
# create configparser instance # create configparser instance
@ -175,30 +184,30 @@ if __name__ == "__main__":
# read config file # read config file
config.read(AUTHZ_PATH) config.read(AUTHZ_PATH)
users = config.extract_users() users = config.extract_users()
# command line interface: # command line interface:
# no option: display info # no option: display info
# -g display users in a group # -g display users in a group
# -a add regular user # -a add regular user
# -r add restricted user # -r add restricted user
# -m move to alumni # -m move to alumni
# -p reset user password # -p reset user password
parser = optparse.OptionParser( parser = optparse.OptionParser(
usage="usage: %prog [option] name", usage="usage: %prog [option] name",
description="shows and manipulates svn access rights", description="shows and manipulates svn access rights",
epilog="to grant a restricted user access to another folder, you have to carefully edit the authz file") epilog="to grant a restricted user access to another folder, you have to carefully edit the authz file")
parser.add_option("-g", "--groupinfo", action="store_const", dest="what", parser.add_option("-g", "--groupinfo", action="store_const", dest="what",
const="g", help="display users in a group") const="g", help="display users in a group")
parser.add_option("-a", "--add", action="store_const", dest="what", parser.add_option("-a", "--add", action="store_const", dest="what",
const="a", help="add a regular user") const="a", help="add a regular user")
parser.add_option("-r", "--restricted", action="store_const", dest="what", parser.add_option("-r", "--restricted", action="store_const", dest="what",
const="r", help="add a restricted user") const="r", help="add a restricted user")
parser.add_option("-m", "--move", action="store_const", dest="what", parser.add_option("-m", "--move", action="store_const", dest="what",
const="m", help="move a user to alumni") const="m", help="move a user to alumni")
parser.add_option("-p", "--password", action="store_const", dest="what", parser.add_option("-p", "--password", action="store_const", dest="what",
const="p", help="reset a user password") const="p", help="reset a user password")
options, args = parser.parse_args() options, args = parser.parse_args()
if len(args)==0: if len(args)==0:
# no arguments? then display all the users! # no arguments? then display all the users!
groups = group_users(users) groups = group_users(users)
@ -207,12 +216,12 @@ if __name__ == "__main__":
for name in sorted(usernames): for name in sorted(usernames):
print " " + name print " " + name
sys.exit() sys.exit()
if len(args)>1: if len(args)>1:
# more than one usename? not here, john boy # more than one usename? not here, john boy
sys.exit("please provide only one name") sys.exit("please provide only one name")
name = args[0] name = args[0]
if options.what == "g": if options.what == "g":
# show group information # show group information
groups = group_users(users) groups = group_users(users)
@ -222,7 +231,7 @@ if __name__ == "__main__":
for usernamename in sorted(groups[name]): for usernamename in sorted(groups[name]):
print " " + usernamename print " " + usernamename
sys.exit() sys.exit()
if options.what in ("a", "r"): if options.what in ("a", "r"):
# add a user, restricted or regular # add a user, restricted or regular
if name in users: if name in users:
@ -244,7 +253,7 @@ if __name__ == "__main__":
if name not in users: if name not in users:
sys.exit("User '%s' not found, use this without a name to get a list of users." % name) sys.exit("User '%s' not found, use this without a name to get a list of users." % name)
user = users[name] user = users[name]
if options.what == "m": if options.what == "m":
# move user to alumni # move user to alumni
groups = group_users(users) groups = group_users(users)
@ -262,7 +271,7 @@ if __name__ == "__main__":
password = set_new_password(name) password = set_new_password(name)
print "New password for user '%s': '%s'" % (name, password) print "New password for user '%s': '%s'" % (name, password)
sys.exit() sys.exit()
# no option, just a name: # no option, just a name:
# print all the infos connected to a name # print all the infos connected to a name
print "User %s is in group '%s':" % (name, user.group) print "User %s is in group '%s':" % (name, user.group)
@ -282,7 +291,13 @@ if __name__ == "__main__":
print " Read access is NOT granted to any folder" print " Read access is NOT granted to any folder"
info = config.get_folder_info(name) info = config.get_folder_info(name)
print "Labjornal %s%s:" % (SVN_BASE, name) print "Labjornal %s%s:" % (SVN_BASE, name)
write_acl = [ "@" + ADMINS ] + info[WRITE_ACL] if info[WRITE_ACL]:
print " Write access granted to " + ", ".join(write_acl) print " Write and read access granted to: " + ", ".join(info[WRITE_ACL])
read_acl = [ "@" + ADMINS, "@" + REGULAR ] + info[READ_ACL] else:
print " Read access granted to: " + ", ".join(read_acl) print " No write access granted to anybody"
if info[READ_ACL]:
print " Read access granted to: " + ", ".join(info[READ_ACL])
else:
print " No read access granted to anybody"

Write Preview
Loading…
Cancel
Save