CPI
/
elab-users
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

changes reflecting new elab structure

master
Holger Frey 10 years ago
parent
b59c7e0852
commit
c0b55e09a0
4 changed files with 1252 additions and 327 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 36
      README
  2. 791
      authz
  3. 463
      authz.original
  4. 289
      manage.py

36
README
Unescape View File

@ -4,17 +4,15 @@ SVN USER MANAGEMENT README @@ -4,17 +4,15 @@ SVN USER MANAGEMENT README
First of all, we talk about the following files and folders:
.htpasswd
.svn-dir-creator
README
authz
cpi
elab-users.py
old-scripts-backup
** WARNING: **
In this list, there are two hidden files: `.htpasswd` and
`.svn-dir-creator`. This two are hidden on purpose, so
** don't mess with these files **.
** WARNING: **
In this list, there is one hidden files: `.htpasswd`. This file is hidden on
purpose, so ** don't mess with it **.
quick file overview
@ -22,8 +20,6 @@ quick file overview @@ -22,8 +20,6 @@ quick file overview
`.htpasswd`: stores the passwords for the users (classical apache htpaswd-file)
`.svn-dir-creator`: creates empty svn directories for new users
`README`: this file
`authz`: defines the access controll list, so who has access to what
@ -38,14 +34,16 @@ quick file overview @@ -38,14 +34,16 @@ quick file overview
Usermanagement with `elab-users.py`
-----------------------------------
** HINT: ** To run this scipt first change to the directory with `cd /var/www/svn` and prepend every command with `./` (e.g. `./elab-users.py --help`).
** HINT: ** To run this scipt first change to the directory with
`cd /var/www/svn` and prepend every command with `./`
(e.g. `./elab-users.py --help`).
The script `elab-users.py` provides some options to add and delete users,
show access information from users and their elab journals. If the scprit
The script `elab-users.py` provides some options to add and delete users,
show access information from users and their elab journals. If the scprit
is called with the `--help` option, the folowing help message is displayed:
Usage: elab-users.py [option] name
shows and manipulates svn access rights
Options:
@ -73,21 +71,21 @@ the following combinations are possible: @@ -73,21 +71,21 @@ the following combinations are possible:
Grant read writes to restricted users
-------------------------------------
As noted in the help message of `elab-users.py`, if a restriced user should have
read access to another labjournal, the `authz` file has to be edited manually.
Here are two examples that grant the user 'UrmilShah' read access to
As noted in the help message of `elab-users.py`, if a restriced user should have
read access to another labjournal, the `authz` file has to be edited manually.
Here are two examples that grant the user 'UrmilShah' read access to
two different lab journals:
... snip ...
[cpi:/AndreasEvers]
@restricted =
@restricted =
UrmilShah = r
... snip ...
[cpi:/HolgerFrey]
@restricted =
@restricted =
UrmilShah = r
HolgerFrey = rw
@ -99,6 +97,6 @@ This does not apply to regular users, since these have read access to all folder @@ -99,6 +97,6 @@ This does not apply to regular users, since these have read access to all folder
Hint
----
This readme is written in Markdown.
So if you want a nice printout, use a markdown converter first.
This readme is written in Markdown.
So if you want a nice printout, use a markdown converter first.
Something like <http://www.markdownviewer.com>

791
authz
View File

File diff suppressed because it is too large Load Diff

463
authz.original
Unescape View File

@ -0,0 +1,463 @@ @@ -0,0 +1,463 @@
[groups]
administrators = JuergenRuehe, OswaldPrucker
alumni = AlexeyKopyshev, AndreasBoenisch, AndreasEver, AnkeWoerz, AnneLoesche, ArthurMartens, ArulGeetha, CamillaOestevold, CanerKaganaslan, ChristianSchuh, ChristineBunte, CkPandiyarajan, CleoStannard, FanWu, GerhardBaaken, GinoRodriguez, GuillermoBenites, HeikeHaller, IrenaEipert, JacobBelardi, JenniferPfau, JoachimLauterwasser, JohannesBaader, KatrinMoosmann, KeLi, KerstinSchuh, KimberlySimancas, MarcoArmbruster, MariaVoehringer, MariaVohringer, MartinRendl, MartinVellinger, MartinaAuerswald, MatthiasLischka, MessRechner, MichaelaFrase, MiriamScheckenbach, MonicaPerez, NinoLomadze, Nongluck, OliverDornfeld, PeterZahn, PhilippDiefenthaler, PhilippWollermann, RebeccaBlell, RodrigoNavarro, SaraFuchs, SebastianBoehmer, SebastianSebald, SimonBodendorfer, SimonSchuster, SirasaYodmongkol, ThidaratWangkam, TobiasHeitzler, TobiasKoenig, TristanBourrel, UlrikeRiehle, ViVek, VinicioCarias, WolfgangEhm, YnSekhar, ZouStaarter
users = AlexanderDietz, AliciaMalekLuz, AndreasMader, AnnaSchuler, AnneBuderer, ChristophScheibelein, CrispinAmiriNaini, DanielaMoessner, DavidBoschert, DavidSchwaerzle, EstherRiga, FrankScherag, FranziskaDorner, GregorOsterwinter, HeidiPerez, HolgerFrey, JanNiklasSchoenberg, JonGreen, KarenLienkamp, KatyaSergeeva, LauraHerrera, MalwinaPajestka, MaraFlorea, MarcZinggeler, MarcelHoffmann, MarcelRothfelder, MartinKoerner, MartinSchoenstein, MatthiasMenzel, MelanieEichhorn, MichaelHenze, MonikaKurowska, MostafaMahmoud, NataliaSchatz, NicoleBirsner, NilsKorf, PengZou, PetraHettich, PhilipKotrade, RaduCristianMutihac, RomanErath, SamarKazan, SaschaEngel, SebastianBonaus, ShararehSahneh, SureshReddyBanda, ThananthornKanokwijitsilp, ThomasBrandstetter, TianyangZheng, VanessaWeiss, VitaliyKondrashov, WibkeHartleb, XiaoqiangHou, ZhuolingDeng
restricted = BeniPrasser, JuliaSaar, SimonZunker, UrmilShah, YongZhou
[cpi:/]
@restricted = r
@alumni =
@users = r
@administrators= r
[cpi:/AlexanderDietz]
@restricted =
AlexanderDietz= r
[cpi:/AlexeyKopyshev]
@restricted =
[cpi:/AliciaMalekLuz]
@restricted =
AliciaMalekLuz= r
[cpi:/AndreasBoenisch]
@restricted =
[cpi:/AndreasEver]
@restricted =
[cpi:/AndreasEvers]
@restricted =
UrmilShah = r
[cpi:/AndreasMader]
@restricted =
AndreasMader= r
[cpi:/AnkeWoerz]
@restricted =
[cpi:/AnnaSchuler]
@restricted =
AnnaSchuler= r
[cpi:/AnneBuderer]
@restricted =
AnneBuderer= r
[cpi:/AnneLoesche]
@restricted =
[cpi:/AnselmHoppmann]
@restricted =
[cpi:/ArthurMartens]
@restricted =
[cpi:/ArulGeetha]
@restricted =
[cpi:/BeniPrasser]
@restricted =
BeniPrasser= r
[cpi:/CamillaOestevold]
@restricted =
[cpi:/CanerKaganaslan]
@restricted =
[cpi:/ChristianSchuh]
@restricted =
[cpi:/ChristineBunte]
@restricted =
[cpi:/ChristophScheibelein]
@restricted =
ChristophScheibelein= r
[cpi:/CkPandiyarajan]
@restricted =
[cpi:/CleoStannard]
@restricted =
[cpi:/CrispinAmiriNaini]
@restricted =
@users =
CrispinAmiriNaini= r
[cpi:/DanielaMoessner]
@restricted =
DanielaMoessner= r
[cpi:/DavidBoschert]
@restricted =
DavidBoschert= r
[cpi:/DavidSchwaerzle]
@restricted =
DavidSchwaerzle= r
[cpi:/DennisTrenkle]
@restricted =
[cpi:/DingdingHe]
@restricted =
[cpi:/EstherRiga]
@restricted =
EstherRiga= r
[cpi:/FanWu]
@restricted =
[cpi:/FrankScherag]
@restricted =
FrankScherag= r
[cpi:/FranziskaDorner]
@restricted =
FranziskaDorner= r
[cpi:/GerhardBaaken]
@restricted =
[cpi:/GinoRodriguez]
@restricted =
[cpi:/GregorOsterwinter]
@restricted =
GregorOsterwinter= r
[cpi:/GuillermoBenites]
@restricted =
[cpi:/HeidiPerez]
@restricted =
HeidiPerez= r
[cpi:/HeikeHaller]
@restricted =
[cpi:/HolgerFrey]
@restricted =
UrmilShah = r
HolgerFrey= r
[cpi:/IrenaEipert]
@restricted =
[cpi:/JacobBelardi]
@restricted =
[cpi:/JanNiklasSchoenberg]
@restricted =
JanNiklasSchoenberg= r
[cpi:/JenniferPfau]
@restricted =
[cpi:/JoachimLauterwasser]
@restricted =
[cpi:/JohannesBaader]
@restricted =
[cpi:/JonGreen]
@restricted =
JonGreen= r
[cpi:/JonasGroten]
@restricted =
[cpi:/JuergenRuehe]
@restricted =
@users =
JuergenRuehe= r
[cpi:/JuliaSaar]
@restricted =
JuliaSaar= r
[cpi:/KarenLienkamp]
@restricted =
KarenLienkamp= r
[cpi:/KatrinMoosmann]
@restricted =
[cpi:/KatyaSergeeva]
@restricted =
KatyaSergeeva= r
[cpi:/KeLi]
@restricted =
[cpi:/KerstinSchuh]
@restricted =
[cpi:/KimberlySimancas]
@restricted =
[cpi:/LauraHerrera]
@restricted =
LauraHerrera= r
[cpi:/MalwinaPajestka]
@restricted =
MalwinaPajestka= r
[cpi:/MaraFlorea]
@restricted =
MaraFlorea= r
[cpi:/MarcZinggeler]
@restricted =
MarcZinggeler= r
[cpi:/MarcelHoffmann]
@restricted =
MarcelHoffmann= r
[cpi:/MarcelRothfelder]
@restricted =
MarcelRothfelder= r
[cpi:/MarcoArmbruster]
@restricted =
[cpi:/MariaVoehringer]
@restricted =
[cpi:/MartinKoerner]
@restricted =
MartinKoerner= r
[cpi:/MartinMarazita]
@restricted =
[cpi:/MartinRendl]
@restricted =
[cpi:/MartinSchoenstein]
@restricted =
MartinSchoenstein= r
[cpi:/MartinVellinger]
@restricted =
[cpi:/MartinaAuerswald]
@restricted =
[cpi:/MatthiasLischka]
@restricted =
[cpi:/MatthiasMenzel]
@restricted =
MatthiasMenzel= r
[cpi:/MaxMustermann]
@restricted =
[cpi:/MelanieEichhorn]
@restricted =
MelanieEichhorn= r
[cpi:/MessRechner]
@restricted =
[cpi:/MichaelHenze]
@restricted =
MichaelHenze= r
[cpi:/MichaelaFrase]
@restricted =
[cpi:/MiriamScheckenbach]
@restricted =
[cpi:/MonicaPerez]
@restricted =
[cpi:/MonikaKurowska]
@restricted =
MonikaKurowska= r
[cpi:/MostafaMahmoud]
@restricted =
MostafaMahmoud= r
[cpi:/NataliaSchatz]
@restricted =
NataliaSchatz= r
[cpi:/NicolasSchorr]
@restricted =
[cpi:/NicoleBirsner]
@restricted =
NicoleBirsner= r
[cpi:/NilsKorf]
@restricted =
NilsKorf= r
[cpi:/NinoLomadze]
@restricted =
[cpi:/Nongluck]
@restricted =
[cpi:/OliverDornfeld]
@restricted =
[cpi:/OswaldPrucker]
@restricted =
[cpi:/PengZou]
@restricted =
PengZou= r
[cpi:/PeterZahn]
@restricted =
[cpi:/PetraHettich]
@restricted =
PetraHettich= r
[cpi:/PhilipKotrade]
@restricted =
PhilipKotrade= r
[cpi:/PhilippDiefenthaler]
@restricted =
[cpi:/RaduCristianMutihac]
@restricted =
RaduCristianMutihac= r
[cpi:/RebeccaBlell]
@restricted =
[cpi:/RodrigoNavarro]
@restricted =
[cpi:/RomanErath]
@restricted =
RomanErath= r
[cpi:/SamarKazan]
@restricted =
SamarKazan= r
[cpi:/SaraFuchs]
@restricted =
[cpi:/SaschaEngel]
@restricted =
SaschaEngel= r
[cpi:/SebastianBoehmer]
@restricted =
[cpi:/SebastianBonaus]
@restricted =
SebastianBonaus= r
[cpi:/ShararehSahneh]
@restricted =
ShararehSahneh= r
[cpi:/SimonBodendorfer]
@restricted =
[cpi:/SimonEbner]
@restricted =
[cpi:/SimonSchuster]
@restricted =
[cpi:/SimonZunker]
@restricted =
SimonZunker= r
[cpi:/SirasaYodmongkol]
@restricted =
[cpi:/SureshReddyBanda]
@restricted =
SureshReddyBanda= r
[cpi:/ThananthornKanokwijitsilp]
@restricted =
ThananthornKanokwijitsilp= r
[cpi:/ThidaratWangkam]
@restricted =
[cpi:/ThomasBrandstetter]
@restricted =
ThomasBrandstetter= r
[cpi:/TianyangZheng]
@restricted =
TianyangZheng= r
[cpi:/TobiasHeitzler]
@restricted =
[cpi:/TobiasKoenig]
@restricted =
[cpi:/TristanBourrel]
@restricted =
[cpi:/UlrikeRiehle]
@restricted =
[cpi:/UrmilShah]
@restricted =
UrmilShah= r
[cpi:/VanessaWeiss]
@restricted =
VanessaWeiss= r
[cpi:/ViVek]
@restricted =
[cpi:/VinicioCarias]
@restricted =
[cpi:/VitaliyKondrashov]
@restricted =
VitaliyKondrashov= r
SimonZunker = r
[cpi:/WibkeHartleb]
@restricted =
WibkeHartleb= r
[cpi:/WolfgangEhm]
@restricted =
[cpi:/XiaoqiangHou]
@restricted =
XiaoqiangHou= r
[cpi:/YnSekhar]
@restricted =
[cpi:/YongZhou]
@restricted =
YongZhou= r
[cpi:/ZhuolingDeng]
@restricted =
ZhuolingDeng= r
[cpi:/ZouStaarter]
@restricted =

289
manage.py
Unescape View File

@ -9,32 +9,33 @@ import random @@ -9,32 +9,33 @@ import random
import string
import subprocess
import sys
from datetime import datetime
# defining some constants
AUTHZ_PATH = "authz"
HTPWD_PATH = "htpasswd"
SVN_DIR_CREATOR = "svn-dir-creator"
SVN_BASE = "cpi:/"
MOUNT_PATH = os.path.join("/mnt", "sshfs-for-svn")
REPO_PATH = os.path.join(MOUNT_PATH, "svn-repository")
AUTHZ_PATH = os.path.join(REPO_PATH, "authz")
HTPWD_PATH = os.path.join(REPO_PATH, ".htpasswd")
ADMINS = "administrators"
REGULAR = "users"
USERS = "users"
RESTRICTED = "restricted"
ALUMNI = "alumni"
NO_ACL = ""
READ_ACL = "r"
WRITE_ACL = "rw"
WRITE_ACL = "rw"
GROUP_DEFAULTS = {
ADMINS: WRITE_ACL,
USERS: READ_ACL,
RESTRICTED: NO_ACL,
ALUMNI: NO_ACL }
SVN_SUFFIX = ":/"
re_separators = re.compile("[\t ,;]+")
# helper functions
def group_users(users):
""" uses the list of users to group them by their group name """
groups = dict()
for user in users.values():
if user.group not in groups:
groups[user.group] = []
groups[user.group].append(user.name)
return groups
def set_new_password(name, length=10):
""" sets a new password for a username """
@ -43,7 +44,7 @@ def set_new_password(name, length=10): @@ -43,7 +44,7 @@ def set_new_password(name, length=10):
subprocess.check_call(["htpasswd", "-b", HTPWD_PATH, name, password])
return password
def delete_password(name, length=10):
def delete_password(name):
""" deletes a password for a username """
# if the user was not added to the password db, the removal will show
# an error message that is confusing to the user - at least it confused me
@ -52,10 +53,39 @@ def delete_password(name, length=10): @@ -52,10 +53,39 @@ def delete_password(name, length=10):
subprocess.check_call(["htpasswd", "-D", HTPWD_PATH, name], stderr=devnull)
def create_new_repository(name):
""" creates a repository for a user and checks in some stuff to get started """
# change the working directory to the sshfs mount point
os.chdir(MOUNT_PATH)
# create the new repository
new_repo = os.path.join(REPO_PATH, name)
subprocess.check_call(["svnadmin", "create", new_repo], stderr=subprocess.STDOUT)
# check out a temporary working copy
subprocess.check_call(["svn", "checkout", "file://" + new_repo, name])
# create subfolders
today = datetime.now()
year = "%04d" % today.year
os.mkdir(os.path.join(name, year))
for month in range(today.month, 13):
month_path = os.path.join(name, year, "%02d" % month)
os.mkdir(month_path)
subprocess.check_call(["touch", os.path.join(month_path, ".empty")])
# copy some examples
for temp in ("experiment", "synthesis", "toc"):
filename = "template-%s.doc" % temp
in_file = os.path.join(REPO_PATH, filename)
out_file = os.path.join(name, filename)
subprocess.check_call(["cp", in_file, out_file])
# add and commit the changes
subprocess.check_call("svn add %s/*" % name, shell=True)
subprocess.check_call(["svn", "commit", "-m", "New User: " + name, name])
# remove the temporary working copy
subprocess.check_call(["rm", "-rf", name])
# class definitions
class User(object):
""" Collect the username, group and access control lists """
class ElabUser(object):
""" Collect the username, group and access control lists for a eLab user """
def __init__(self, name, group):
""" initialization of the class """
@ -74,83 +104,25 @@ class User(object): @@ -74,83 +104,25 @@ class User(object):
class AuthzConfigParser(ConfigParser.ConfigParser, object):
""" custom functions for parsing the "authz" file as used at cpi """
""" custom functions for parsing the "authz" file as used at cpi
there is a dict of users defined, the journals themselves can be accessed
via the sections functionality of the ConfigParser base class
"""
def __init__(self):
""" initialization of the class """
self.users = None
self._acl_defaults = { WRITE_ACL: [], READ_ACL: [] }
self.elab_users = {}
super(AuthzConfigParser, self).__init__()
def optionxform(self, value):
""" reset the method to use cases ensitive names """
""" reset the method to use cases sensitive names """
return str(value)
def read(self, path):
""" set up the acl defaults after reading the file """
super(AuthzConfigParser, self).read(path)
self._acl_defaults = self.get_folder_info("")
def extract_users(self):
""" extract user information from config """
users = dict()
# first we go through the groups, as found in the groups section of the
# authz file
for group, userlist in self.items("groups"):
for username in re_separators.split(userlist):
if username in users:
raise Exception("Found duplicate entry for user " + username)
user = User(username, group)
users[username] = user
# second we scan each section that is related to an svn folder (it
# starts with the svn base) for read and write access user entries
for section in self.sections():
if section.startswith(SVN_BASE):
belongs_to = section.lstrip(SVN_BASE)
for (option, value) in self.items(section):
if option in users:
if value.lower() == WRITE_ACL:
users[option].write_acl.append(belongs_to)
elif value.lower() == READ_ACL:
users[option].read_acl.append(belongs_to)
# return the userlist
return users
def get_folder_info(self, name):
""" returns read and write access info of an svn folder """
if not name.startswith(SVN_BASE):
name = SVN_BASE + name
if not self.has_section(name):
return None
info = self._acl_defaults.copy()
for (option, value) in self.items(name):
if value in (WRITE_ACL, READ_ACL):
info[value].append(option)
# remove explicit dismissed acls
if not value:
for acltype in (WRITE_ACL, READ_ACL):
if option in info[acltype]:
info[acltype].remove(option)
return info
def move_user_to_alumni(self, user):
""" moves a user to the alumni group and removes every access rights """
for access_to in user.write_acl:
folder = SVN_BASE + access_to
self.remove_option(folder, user.name)
for access_to in user.read_acl:
folder = SVN_BASE + access_to
self.remove_option(folder, user.name)
user.write_acl = []
user.read_acl = []
user.group = ALUMNI
delete_password(user.name)
def update_user_groups(self, users):
""" updates the config settings of the groups section """
groups = group_users(users)
for group, userlist in groups.items():
self.set("groups", group, ", ".join(sorted(userlist)))
self.extract_user_info_from_config()
def write_to_file(self):
with open(AUTHZ_PATH, "w") as filehandle:
@ -169,23 +141,100 @@ class AuthzConfigParser(ConfigParser.ConfigParser, object): @@ -169,23 +141,100 @@ class AuthzConfigParser(ConfigParser.ConfigParser, object):
sorting.extend([k for k in sorted_keys if k <> "groups"])
for section in sorting:
fp.write("[%s]\n" % section)
for (key, value) in self._sections[section].items():
if key == "__name__":
continue
acls = dict( (k, v) for k, v in self._sections[section].items() if k != "__name__")
if section != "groups":
for group in (ADMINS, USERS, RESTRICTED, ALUMNI):
group_id = "@" + group
acl_value = acls.pop(group_id, GROUP_DEFAULTS[group])
key = " = ".join((group_id, str(acl_value).replace('\n', '\n\t')))
fp.write("%s\n" % (key))
for (key, value) in acls.items():
if (value is not None) or (self._optcre == self.OPTCRE):
key = " = ".join((key, str(value).replace('\n', '\n\t')))
fp.write("%s\n" % (key))
fp.write("\n")
def extract_user_info_from_config(self):
""" extracts the user information from the config file
the information of the journals can be accessed via get_journal_info
"""
# first parse the group definitions
for group, userlist in self.items("groups"):
if group not in GROUP_DEFAULTS:
raise Exception("Undefined group " + group)
for username in re_separators.split(userlist):
if username in self.elab_users:
raise Exception("Found duplicate entry for user " + username)
self.elab_users[username] = ElabUser(username, group)
# walk through the sections to get individual acl information
for section in self.sections():
if not section.endswith(SVN_SUFFIX):
# skip all entries in the config, that are not lab journals
continue
for (option, value) in self.items(section):
if option in self.elab_users:
# a nicer name for the lab journal
belongs_to = section[:-2]
# a acl entry for a user
if value.lower() == WRITE_ACL:
self.elab_users[option].write_acl.append(belongs_to)
elif value.lower() == READ_ACL:
self.elab_users[option].read_acl.append(belongs_to)
def group_users(self):
""" uses the list of users to group them by their group name """
groups = dict()
for user in self.elab_users.values():
if user.group not in groups:
groups[user.group] = []
groups[user.group].append(user.name)
return groups
def add_journal_acl_for(self, username, group):
""" sets the acls for a new user an the corresponding journal """
self.elab_users[username] = ElabUser(username, group)
journal_path = username + SVN_SUFFIX
self.add_section(journal_path)
self.set(journal_path, username, WRITE_ACL)
for group, acl in GROUP_DEFAULTS.items():
self.set(journal_path, "@"+group, acl)
self._update_user_group_config()
def move_user_to_alumni(self, name):
""" moves a user to the alumni group and removes the acl privileges """
user = self.elab_users[name]
user.group = ALUMNI
for access_to in user.write_acl:
self.remove_option(access_to + SVN_SUFFIX, user.name)
for access_to in user.read_acl:
self.remove_option(access_to + SVN_SUFFIX, user.name)
self._update_user_group_config()
def _update_user_group_config(self):
""" updates the config settings of the groups section """
groups = self.group_users()
for group, userlist in groups.items():
self.set("groups", group, ", ".join(sorted(userlist)))
def get_journal_info(self, name):
""" returns read and write access info of an lab journal """
if not name.endswith(SVN_SUFFIX):
name = name + SVN_SUFFIX
if not self.has_section(name):
return None
info = { WRITE_ACL: [], READ_ACL: [] }
for (option, value) in self.items(name):
if value in (WRITE_ACL, READ_ACL):
info[value].append(option)
return info
if __name__ == "__main__":
# create configparser instance
config = AuthzConfigParser()
# change option name transformation to case sensitive
config.optionxform = str
# read config file
config.read(AUTHZ_PATH)
users = config.extract_users()
# command line interface:
# no option: display info
@ -212,7 +261,7 @@ if __name__ == "__main__": @@ -212,7 +261,7 @@ if __name__ == "__main__":
if len(args)==0:
# no arguments? then display all the users!
groups = group_users(users)
groups = config.group_users()
for name, usernames in groups.items():
print "Users in group '%s':" % name
for name in sorted(usernames):
@ -226,7 +275,7 @@ if __name__ == "__main__": @@ -226,7 +275,7 @@ if __name__ == "__main__":
if options.what == "g":
# show group information
groups = group_users(users)
groups = config.group_users()
if name not in groups:
sys.exit("Group not found")
print "Users in group '%s':" % name
@ -236,36 +285,32 @@ if __name__ == "__main__": @@ -236,36 +285,32 @@ if __name__ == "__main__":
if options.what in ("a", "r"):
# add a user, restricted or regular
if name in users:
sys.exit("Username '%s' already in use" % name)
group = RESTRICTED if options.what == "r" else REGULAR
users[name] = User(name, group)
config.update_user_groups(users)
folder = SVN_BASE + name
config.add_section(folder)
config.set(folder, "@"+RESTRICTED, "")
config.set(folder, name, WRITE_ACL)
if name in config.elab_users:
sys.exit("Username '%s' already in use" % username)
group = RESTRICTED if options.what == "r" else USERS
config.add_journal_acl_for(name, group)
create_new_repository(name)
#subprocess.check_call(SVN_DIR_CREATOR + " " + name, shell=True)
password = set_new_password(name)
print "New password for user '%s': '%s'" % (name, password)
print "http://svn.cpi.imtek.uni-freiburg.de/" + name
config.write_to_file()
sys.exit()
# from here downwards we need already existent usernames
if name not in users:
if name not in config.elab_users:
sys.exit("User '%s' not found, use this without a name to get a list of users." % name)
user = users[name]
if options.what == "m":
# move user to alumni
groups = group_users(users)
user = config.elab_users[name]
if user.group == ALUMNI:
sys.exit("User '%s' is already in group '%s'" % (name, ALUMNI))
if user.group == ADMINS:
sys.exit("User '%s' is in group '%s', will not moved to '%s'" % (name, ADMINS, ALUMNI))
config.move_user_to_alumni(user)
config.update_user_groups(users)
config.move_user_to_alumni(name)
config.write_to_file()
delete_password(name)
sys.exit()
if options.what == "p":
@ -275,30 +320,32 @@ if __name__ == "__main__": @@ -275,30 +320,32 @@ if __name__ == "__main__":
sys.exit()
# no option, just a name:
# print the write acls for a user
user = config.elab_users[name]
print "User %s is in group '%s':" % (name, user.group)
# print the write acls for a user
if user.group == ADMINS:
print " Write access is granted to all folders."
print " Write access is granted to all journals."
elif user.write_acl:
write_acl = [ SVN_BASE + username for username in user.write_acl ]
print " Write access is granted to folders '%s'. " % "', '".join(write_acl)
write_acl = [ username + SVN_SUFFIX for username in user.write_acl ]
print " Write access is granted to '%s'. " % "', '".join(write_acl)
else:
print " Write access is NOT granted to any folder"
print " Write access is NOT granted to any journals"
# print the read acls for a user
if user.group == ADMINS:
print " Read access is granted to all folders."
elif user.group == REGULAR:
print " Read access is granted to (nearly) all folders."
print " Read access is granted to all journals."
elif user.group == USERS:
print " Read access is granted to (nearly) all journals."
elif user.read_acl:
read_acl = [ SVN_BASE + username for username in user.read_acl ]
print " Read access is granted to folders '%s'. " % "', '".join(read_acl)
read_acl = [ username + SVN_SUFFIX for username in user.read_acl ]
print " Read access is granted to '%s'. " % "', '".join(read_acl)
else:
print " Read access is NOT granted to any folder"
print " Read access is NOT granted to any journals"
info = config.get_journal_info(name)
# print the write acls for a journal
info = config.get_folder_info(name)
print "Labjornal %s%s:" % (SVN_BASE, name)
print "Labjournal %s%s" % (name, SVN_SUFFIX)
if info[WRITE_ACL]:
print " Write and read access granted to: " + ", ".join(info[WRITE_ACL])
print " Write access granted to: " + ", ".join(info[WRITE_ACL])
else:
print " No write access granted to anybody"
# print the read acls for a journal
@ -306,5 +353,3 @@ if __name__ == "__main__": @@ -306,5 +353,3 @@ if __name__ == "__main__":
print " Read access granted to: " + ", ".join(info[READ_ACL])
else:
print " No read access granted to anybody"

Write Preview
Loading…
Cancel
Save