Browse Source

changes reflecting new elab structure

master
Holger Frey 10 years ago
parent
commit
c0b55e09a0
  1. 12
      README
  2. 789
      authz
  3. 463
      authz.original
  4. 287
      manage.py

12
README

@ -4,7 +4,6 @@ SVN USER MANAGEMENT README
First of all, we talk about the following files and folders: First of all, we talk about the following files and folders:
.htpasswd .htpasswd
.svn-dir-creator
README README
authz authz
cpi cpi
@ -12,9 +11,8 @@ First of all, we talk about the following files and folders:
old-scripts-backup old-scripts-backup
** WARNING: ** ** WARNING: **
In this list, there are two hidden files: `.htpasswd` and In this list, there is one hidden files: `.htpasswd`. This file is hidden on
`.svn-dir-creator`. This two are hidden on purpose, so purpose, so ** don't mess with it **.
** don't mess with these files **.
quick file overview quick file overview
@ -22,8 +20,6 @@ quick file overview
`.htpasswd`: stores the passwords for the users (classical apache htpaswd-file) `.htpasswd`: stores the passwords for the users (classical apache htpaswd-file)
`.svn-dir-creator`: creates empty svn directories for new users
`README`: this file `README`: this file
`authz`: defines the access controll list, so who has access to what `authz`: defines the access controll list, so who has access to what
@ -38,7 +34,9 @@ quick file overview
Usermanagement with `elab-users.py` Usermanagement with `elab-users.py`
----------------------------------- -----------------------------------
** HINT: ** To run this scipt first change to the directory with `cd /var/www/svn` and prepend every command with `./` (e.g. `./elab-users.py --help`). ** HINT: ** To run this scipt first change to the directory with
`cd /var/www/svn` and prepend every command with `./`
(e.g. `./elab-users.py --help`).
The script `elab-users.py` provides some options to add and delete users, The script `elab-users.py` provides some options to add and delete users,
show access information from users and their elab journals. If the scprit show access information from users and their elab journals. If the scprit

789
authz

File diff suppressed because it is too large Load Diff

463
authz.original

@ -0,0 +1,463 @@
[groups]
administrators = JuergenRuehe, OswaldPrucker
alumni = AlexeyKopyshev, AndreasBoenisch, AndreasEver, AnkeWoerz, AnneLoesche, ArthurMartens, ArulGeetha, CamillaOestevold, CanerKaganaslan, ChristianSchuh, ChristineBunte, CkPandiyarajan, CleoStannard, FanWu, GerhardBaaken, GinoRodriguez, GuillermoBenites, HeikeHaller, IrenaEipert, JacobBelardi, JenniferPfau, JoachimLauterwasser, JohannesBaader, KatrinMoosmann, KeLi, KerstinSchuh, KimberlySimancas, MarcoArmbruster, MariaVoehringer, MariaVohringer, MartinRendl, MartinVellinger, MartinaAuerswald, MatthiasLischka, MessRechner, MichaelaFrase, MiriamScheckenbach, MonicaPerez, NinoLomadze, Nongluck, OliverDornfeld, PeterZahn, PhilippDiefenthaler, PhilippWollermann, RebeccaBlell, RodrigoNavarro, SaraFuchs, SebastianBoehmer, SebastianSebald, SimonBodendorfer, SimonSchuster, SirasaYodmongkol, ThidaratWangkam, TobiasHeitzler, TobiasKoenig, TristanBourrel, UlrikeRiehle, ViVek, VinicioCarias, WolfgangEhm, YnSekhar, ZouStaarter
users = AlexanderDietz, AliciaMalekLuz, AndreasMader, AnnaSchuler, AnneBuderer, ChristophScheibelein, CrispinAmiriNaini, DanielaMoessner, DavidBoschert, DavidSchwaerzle, EstherRiga, FrankScherag, FranziskaDorner, GregorOsterwinter, HeidiPerez, HolgerFrey, JanNiklasSchoenberg, JonGreen, KarenLienkamp, KatyaSergeeva, LauraHerrera, MalwinaPajestka, MaraFlorea, MarcZinggeler, MarcelHoffmann, MarcelRothfelder, MartinKoerner, MartinSchoenstein, MatthiasMenzel, MelanieEichhorn, MichaelHenze, MonikaKurowska, MostafaMahmoud, NataliaSchatz, NicoleBirsner, NilsKorf, PengZou, PetraHettich, PhilipKotrade, RaduCristianMutihac, RomanErath, SamarKazan, SaschaEngel, SebastianBonaus, ShararehSahneh, SureshReddyBanda, ThananthornKanokwijitsilp, ThomasBrandstetter, TianyangZheng, VanessaWeiss, VitaliyKondrashov, WibkeHartleb, XiaoqiangHou, ZhuolingDeng
restricted = BeniPrasser, JuliaSaar, SimonZunker, UrmilShah, YongZhou
[cpi:/]
@restricted = r
@alumni =
@users = r
@administrators= r
[cpi:/AlexanderDietz]
@restricted =
AlexanderDietz= r
[cpi:/AlexeyKopyshev]
@restricted =
[cpi:/AliciaMalekLuz]
@restricted =
AliciaMalekLuz= r
[cpi:/AndreasBoenisch]
@restricted =
[cpi:/AndreasEver]
@restricted =
[cpi:/AndreasEvers]
@restricted =
UrmilShah = r
[cpi:/AndreasMader]
@restricted =
AndreasMader= r
[cpi:/AnkeWoerz]
@restricted =
[cpi:/AnnaSchuler]
@restricted =
AnnaSchuler= r
[cpi:/AnneBuderer]
@restricted =
AnneBuderer= r
[cpi:/AnneLoesche]
@restricted =
[cpi:/AnselmHoppmann]
@restricted =
[cpi:/ArthurMartens]
@restricted =
[cpi:/ArulGeetha]
@restricted =
[cpi:/BeniPrasser]
@restricted =
BeniPrasser= r
[cpi:/CamillaOestevold]
@restricted =
[cpi:/CanerKaganaslan]
@restricted =
[cpi:/ChristianSchuh]
@restricted =
[cpi:/ChristineBunte]
@restricted =
[cpi:/ChristophScheibelein]
@restricted =
ChristophScheibelein= r
[cpi:/CkPandiyarajan]
@restricted =
[cpi:/CleoStannard]
@restricted =
[cpi:/CrispinAmiriNaini]
@restricted =
@users =
CrispinAmiriNaini= r
[cpi:/DanielaMoessner]
@restricted =
DanielaMoessner= r
[cpi:/DavidBoschert]
@restricted =
DavidBoschert= r
[cpi:/DavidSchwaerzle]
@restricted =
DavidSchwaerzle= r
[cpi:/DennisTrenkle]
@restricted =
[cpi:/DingdingHe]
@restricted =
[cpi:/EstherRiga]
@restricted =
EstherRiga= r
[cpi:/FanWu]
@restricted =
[cpi:/FrankScherag]
@restricted =
FrankScherag= r
[cpi:/FranziskaDorner]
@restricted =
FranziskaDorner= r
[cpi:/GerhardBaaken]
@restricted =
[cpi:/GinoRodriguez]
@restricted =
[cpi:/GregorOsterwinter]
@restricted =
GregorOsterwinter= r
[cpi:/GuillermoBenites]
@restricted =
[cpi:/HeidiPerez]
@restricted =
HeidiPerez= r
[cpi:/HeikeHaller]
@restricted =
[cpi:/HolgerFrey]
@restricted =
UrmilShah = r
HolgerFrey= r
[cpi:/IrenaEipert]
@restricted =
[cpi:/JacobBelardi]
@restricted =
[cpi:/JanNiklasSchoenberg]
@restricted =
JanNiklasSchoenberg= r
[cpi:/JenniferPfau]
@restricted =
[cpi:/JoachimLauterwasser]
@restricted =
[cpi:/JohannesBaader]
@restricted =
[cpi:/JonGreen]
@restricted =
JonGreen= r
[cpi:/JonasGroten]
@restricted =
[cpi:/JuergenRuehe]
@restricted =
@users =
JuergenRuehe= r
[cpi:/JuliaSaar]
@restricted =
JuliaSaar= r
[cpi:/KarenLienkamp]
@restricted =
KarenLienkamp= r
[cpi:/KatrinMoosmann]
@restricted =
[cpi:/KatyaSergeeva]
@restricted =
KatyaSergeeva= r
[cpi:/KeLi]
@restricted =
[cpi:/KerstinSchuh]
@restricted =
[cpi:/KimberlySimancas]
@restricted =
[cpi:/LauraHerrera]
@restricted =
LauraHerrera= r
[cpi:/MalwinaPajestka]
@restricted =
MalwinaPajestka= r
[cpi:/MaraFlorea]
@restricted =
MaraFlorea= r
[cpi:/MarcZinggeler]
@restricted =
MarcZinggeler= r
[cpi:/MarcelHoffmann]
@restricted =
MarcelHoffmann= r
[cpi:/MarcelRothfelder]
@restricted =
MarcelRothfelder= r
[cpi:/MarcoArmbruster]
@restricted =
[cpi:/MariaVoehringer]
@restricted =
[cpi:/MartinKoerner]
@restricted =
MartinKoerner= r
[cpi:/MartinMarazita]
@restricted =
[cpi:/MartinRendl]
@restricted =
[cpi:/MartinSchoenstein]
@restricted =
MartinSchoenstein= r
[cpi:/MartinVellinger]
@restricted =
[cpi:/MartinaAuerswald]
@restricted =
[cpi:/MatthiasLischka]
@restricted =
[cpi:/MatthiasMenzel]
@restricted =
MatthiasMenzel= r
[cpi:/MaxMustermann]
@restricted =
[cpi:/MelanieEichhorn]
@restricted =
MelanieEichhorn= r
[cpi:/MessRechner]
@restricted =
[cpi:/MichaelHenze]
@restricted =
MichaelHenze= r
[cpi:/MichaelaFrase]
@restricted =
[cpi:/MiriamScheckenbach]
@restricted =
[cpi:/MonicaPerez]
@restricted =
[cpi:/MonikaKurowska]
@restricted =
MonikaKurowska= r
[cpi:/MostafaMahmoud]
@restricted =
MostafaMahmoud= r
[cpi:/NataliaSchatz]
@restricted =
NataliaSchatz= r
[cpi:/NicolasSchorr]
@restricted =
[cpi:/NicoleBirsner]
@restricted =
NicoleBirsner= r
[cpi:/NilsKorf]
@restricted =
NilsKorf= r
[cpi:/NinoLomadze]
@restricted =
[cpi:/Nongluck]
@restricted =
[cpi:/OliverDornfeld]
@restricted =
[cpi:/OswaldPrucker]
@restricted =
[cpi:/PengZou]
@restricted =
PengZou= r
[cpi:/PeterZahn]
@restricted =
[cpi:/PetraHettich]
@restricted =
PetraHettich= r
[cpi:/PhilipKotrade]
@restricted =
PhilipKotrade= r
[cpi:/PhilippDiefenthaler]
@restricted =
[cpi:/RaduCristianMutihac]
@restricted =
RaduCristianMutihac= r
[cpi:/RebeccaBlell]
@restricted =
[cpi:/RodrigoNavarro]
@restricted =
[cpi:/RomanErath]
@restricted =
RomanErath= r
[cpi:/SamarKazan]
@restricted =
SamarKazan= r
[cpi:/SaraFuchs]
@restricted =
[cpi:/SaschaEngel]
@restricted =
SaschaEngel= r
[cpi:/SebastianBoehmer]
@restricted =
[cpi:/SebastianBonaus]
@restricted =
SebastianBonaus= r
[cpi:/ShararehSahneh]
@restricted =
ShararehSahneh= r
[cpi:/SimonBodendorfer]
@restricted =
[cpi:/SimonEbner]
@restricted =
[cpi:/SimonSchuster]
@restricted =
[cpi:/SimonZunker]
@restricted =
SimonZunker= r
[cpi:/SirasaYodmongkol]
@restricted =
[cpi:/SureshReddyBanda]
@restricted =
SureshReddyBanda= r
[cpi:/ThananthornKanokwijitsilp]
@restricted =
ThananthornKanokwijitsilp= r
[cpi:/ThidaratWangkam]
@restricted =
[cpi:/ThomasBrandstetter]
@restricted =
ThomasBrandstetter= r
[cpi:/TianyangZheng]
@restricted =
TianyangZheng= r
[cpi:/TobiasHeitzler]
@restricted =
[cpi:/TobiasKoenig]
@restricted =
[cpi:/TristanBourrel]
@restricted =
[cpi:/UlrikeRiehle]
@restricted =
[cpi:/UrmilShah]
@restricted =
UrmilShah= r
[cpi:/VanessaWeiss]
@restricted =
VanessaWeiss= r
[cpi:/ViVek]
@restricted =
[cpi:/VinicioCarias]
@restricted =
[cpi:/VitaliyKondrashov]
@restricted =
VitaliyKondrashov= r
SimonZunker = r
[cpi:/WibkeHartleb]
@restricted =
WibkeHartleb= r
[cpi:/WolfgangEhm]
@restricted =
[cpi:/XiaoqiangHou]
@restricted =
XiaoqiangHou= r
[cpi:/YnSekhar]
@restricted =
[cpi:/YongZhou]
@restricted =
YongZhou= r
[cpi:/ZhuolingDeng]
@restricted =
ZhuolingDeng= r
[cpi:/ZouStaarter]
@restricted =

287
manage.py

@ -9,32 +9,33 @@ import random
import string import string
import subprocess import subprocess
import sys import sys
from datetime import datetime
# defining some constants # defining some constants
AUTHZ_PATH = "authz" MOUNT_PATH = os.path.join("/mnt", "sshfs-for-svn")
HTPWD_PATH = "htpasswd" REPO_PATH = os.path.join(MOUNT_PATH, "svn-repository")
SVN_DIR_CREATOR = "svn-dir-creator" AUTHZ_PATH = os.path.join(REPO_PATH, "authz")
SVN_BASE = "cpi:/" HTPWD_PATH = os.path.join(REPO_PATH, ".htpasswd")
ADMINS = "administrators" ADMINS = "administrators"
REGULAR = "users" USERS = "users"
RESTRICTED = "restricted" RESTRICTED = "restricted"
ALUMNI = "alumni" ALUMNI = "alumni"
NO_ACL = ""
READ_ACL = "r" READ_ACL = "r"
WRITE_ACL = "rw" WRITE_ACL = "rw"
GROUP_DEFAULTS = {
ADMINS: WRITE_ACL,
USERS: READ_ACL,
RESTRICTED: NO_ACL,
ALUMNI: NO_ACL }
SVN_SUFFIX = ":/"
re_separators = re.compile("[\t ,;]+") re_separators = re.compile("[\t ,;]+")
# helper functions
def group_users(users):
""" uses the list of users to group them by their group name """
groups = dict()
for user in users.values():
if user.group not in groups:
groups[user.group] = []
groups[user.group].append(user.name)
return groups
def set_new_password(name, length=10): def set_new_password(name, length=10):
""" sets a new password for a username """ """ sets a new password for a username """
@ -43,7 +44,7 @@ def set_new_password(name, length=10):
subprocess.check_call(["htpasswd", "-b", HTPWD_PATH, name, password]) subprocess.check_call(["htpasswd", "-b", HTPWD_PATH, name, password])
return password return password
def delete_password(name, length=10): def delete_password(name):
""" deletes a password for a username """ """ deletes a password for a username """
# if the user was not added to the password db, the removal will show # if the user was not added to the password db, the removal will show
# an error message that is confusing to the user - at least it confused me # an error message that is confusing to the user - at least it confused me
@ -52,10 +53,39 @@ def delete_password(name, length=10):
subprocess.check_call(["htpasswd", "-D", HTPWD_PATH, name], stderr=devnull) subprocess.check_call(["htpasswd", "-D", HTPWD_PATH, name], stderr=devnull)
def create_new_repository(name):
""" creates a repository for a user and checks in some stuff to get started """
# change the working directory to the sshfs mount point
os.chdir(MOUNT_PATH)
# create the new repository
new_repo = os.path.join(REPO_PATH, name)
subprocess.check_call(["svnadmin", "create", new_repo], stderr=subprocess.STDOUT)
# check out a temporary working copy
subprocess.check_call(["svn", "checkout", "file://" + new_repo, name])
# create subfolders
today = datetime.now()
year = "%04d" % today.year
os.mkdir(os.path.join(name, year))
for month in range(today.month, 13):
month_path = os.path.join(name, year, "%02d" % month)
os.mkdir(month_path)
subprocess.check_call(["touch", os.path.join(month_path, ".empty")])
# copy some examples
for temp in ("experiment", "synthesis", "toc"):
filename = "template-%s.doc" % temp
in_file = os.path.join(REPO_PATH, filename)
out_file = os.path.join(name, filename)
subprocess.check_call(["cp", in_file, out_file])
# add and commit the changes
subprocess.check_call("svn add %s/*" % name, shell=True)
subprocess.check_call(["svn", "commit", "-m", "New User: " + name, name])
# remove the temporary working copy
subprocess.check_call(["rm", "-rf", name])
# class definitions # class definitions
class User(object): class ElabUser(object):
""" Collect the username, group and access control lists """ """ Collect the username, group and access control lists for a eLab user """
def __init__(self, name, group): def __init__(self, name, group):
""" initialization of the class """ """ initialization of the class """
@ -74,83 +104,25 @@ class User(object):
class AuthzConfigParser(ConfigParser.ConfigParser, object): class AuthzConfigParser(ConfigParser.ConfigParser, object):
""" custom functions for parsing the "authz" file as used at cpi """ """ custom functions for parsing the "authz" file as used at cpi
there is a dict of users defined, the journals themselves can be accessed
via the sections functionality of the ConfigParser base class
"""
def __init__(self): def __init__(self):
""" initialization of the class """ """ initialization of the class """
self.users = None self.elab_users = {}
self._acl_defaults = { WRITE_ACL: [], READ_ACL: [] }
super(AuthzConfigParser, self).__init__() super(AuthzConfigParser, self).__init__()
def optionxform(self, value): def optionxform(self, value):
""" reset the method to use cases ensitive names """ """ reset the method to use cases sensitive names """
return str(value) return str(value)
def read(self, path): def read(self, path):
""" set up the acl defaults after reading the file """ """ set up the acl defaults after reading the file """
super(AuthzConfigParser, self).read(path) super(AuthzConfigParser, self).read(path)
self._acl_defaults = self.get_folder_info("") self.extract_user_info_from_config()
def extract_users(self):
""" extract user information from config """
users = dict()
# first we go through the groups, as found in the groups section of the
# authz file
for group, userlist in self.items("groups"):
for username in re_separators.split(userlist):
if username in users:
raise Exception("Found duplicate entry for user " + username)
user = User(username, group)
users[username] = user
# second we scan each section that is related to an svn folder (it
# starts with the svn base) for read and write access user entries
for section in self.sections():
if section.startswith(SVN_BASE):
belongs_to = section.lstrip(SVN_BASE)
for (option, value) in self.items(section):
if option in users:
if value.lower() == WRITE_ACL:
users[option].write_acl.append(belongs_to)
elif value.lower() == READ_ACL:
users[option].read_acl.append(belongs_to)
# return the userlist
return users
def get_folder_info(self, name):
""" returns read and write access info of an svn folder """
if not name.startswith(SVN_BASE):
name = SVN_BASE + name
if not self.has_section(name):
return None
info = self._acl_defaults.copy()
for (option, value) in self.items(name):
if value in (WRITE_ACL, READ_ACL):
info[value].append(option)
# remove explicit dismissed acls
if not value:
for acltype in (WRITE_ACL, READ_ACL):
if option in info[acltype]:
info[acltype].remove(option)
return info
def move_user_to_alumni(self, user):
""" moves a user to the alumni group and removes every access rights """
for access_to in user.write_acl:
folder = SVN_BASE + access_to
self.remove_option(folder, user.name)
for access_to in user.read_acl:
folder = SVN_BASE + access_to
self.remove_option(folder, user.name)
user.write_acl = []
user.read_acl = []
user.group = ALUMNI
delete_password(user.name)
def update_user_groups(self, users):
""" updates the config settings of the groups section """
groups = group_users(users)
for group, userlist in groups.items():
self.set("groups", group, ", ".join(sorted(userlist)))
def write_to_file(self): def write_to_file(self):
with open(AUTHZ_PATH, "w") as filehandle: with open(AUTHZ_PATH, "w") as filehandle:
@ -169,23 +141,100 @@ class AuthzConfigParser(ConfigParser.ConfigParser, object):
sorting.extend([k for k in sorted_keys if k <> "groups"]) sorting.extend([k for k in sorted_keys if k <> "groups"])
for section in sorting: for section in sorting:
fp.write("[%s]\n" % section) fp.write("[%s]\n" % section)
for (key, value) in self._sections[section].items(): acls = dict( (k, v) for k, v in self._sections[section].items() if k != "__name__")
if key == "__name__": if section != "groups":
continue for group in (ADMINS, USERS, RESTRICTED, ALUMNI):
group_id = "@" + group
acl_value = acls.pop(group_id, GROUP_DEFAULTS[group])
key = " = ".join((group_id, str(acl_value).replace('\n', '\n\t')))
fp.write("%s\n" % (key))
for (key, value) in acls.items():
if (value is not None) or (self._optcre == self.OPTCRE): if (value is not None) or (self._optcre == self.OPTCRE):
key = " = ".join((key, str(value).replace('\n', '\n\t'))) key = " = ".join((key, str(value).replace('\n', '\n\t')))
fp.write("%s\n" % (key)) fp.write("%s\n" % (key))
fp.write("\n") fp.write("\n")
def extract_user_info_from_config(self):
""" extracts the user information from the config file
the information of the journals can be accessed via get_journal_info
"""
# first parse the group definitions
for group, userlist in self.items("groups"):
if group not in GROUP_DEFAULTS:
raise Exception("Undefined group " + group)
for username in re_separators.split(userlist):
if username in self.elab_users:
raise Exception("Found duplicate entry for user " + username)
self.elab_users[username] = ElabUser(username, group)
# walk through the sections to get individual acl information
for section in self.sections():
if not section.endswith(SVN_SUFFIX):
# skip all entries in the config, that are not lab journals
continue
for (option, value) in self.items(section):
if option in self.elab_users:
# a nicer name for the lab journal
belongs_to = section[:-2]
# a acl entry for a user
if value.lower() == WRITE_ACL:
self.elab_users[option].write_acl.append(belongs_to)
elif value.lower() == READ_ACL:
self.elab_users[option].read_acl.append(belongs_to)
def group_users(self):
""" uses the list of users to group them by their group name """
groups = dict()
for user in self.elab_users.values():
if user.group not in groups:
groups[user.group] = []
groups[user.group].append(user.name)
return groups
def add_journal_acl_for(self, username, group):
""" sets the acls for a new user an the corresponding journal """
self.elab_users[username] = ElabUser(username, group)
journal_path = username + SVN_SUFFIX
self.add_section(journal_path)
self.set(journal_path, username, WRITE_ACL)
for group, acl in GROUP_DEFAULTS.items():
self.set(journal_path, "@"+group, acl)
self._update_user_group_config()
def move_user_to_alumni(self, name):
""" moves a user to the alumni group and removes the acl privileges """
user = self.elab_users[name]
user.group = ALUMNI
for access_to in user.write_acl:
self.remove_option(access_to + SVN_SUFFIX, user.name)
for access_to in user.read_acl:
self.remove_option(access_to + SVN_SUFFIX, user.name)
self._update_user_group_config()
def _update_user_group_config(self):
""" updates the config settings of the groups section """
groups = self.group_users()
for group, userlist in groups.items():
self.set("groups", group, ", ".join(sorted(userlist)))
def get_journal_info(self, name):
""" returns read and write access info of an lab journal """
if not name.endswith(SVN_SUFFIX):
name = name + SVN_SUFFIX
if not self.has_section(name):
return None
info = { WRITE_ACL: [], READ_ACL: [] }
for (option, value) in self.items(name):
if value in (WRITE_ACL, READ_ACL):
info[value].append(option)
return info
if __name__ == "__main__": if __name__ == "__main__":
# create configparser instance # create configparser instance
config = AuthzConfigParser() config = AuthzConfigParser()
# change option name transformation to case sensitive
config.optionxform = str
# read config file # read config file
config.read(AUTHZ_PATH) config.read(AUTHZ_PATH)
users = config.extract_users()
# command line interface: # command line interface:
# no option: display info # no option: display info
@ -212,7 +261,7 @@ if __name__ == "__main__":
if len(args)==0: if len(args)==0:
# no arguments? then display all the users! # no arguments? then display all the users!
groups = group_users(users) groups = config.group_users()
for name, usernames in groups.items(): for name, usernames in groups.items():
print "Users in group '%s':" % name print "Users in group '%s':" % name
for name in sorted(usernames): for name in sorted(usernames):
@ -226,7 +275,7 @@ if __name__ == "__main__":
if options.what == "g": if options.what == "g":
# show group information # show group information
groups = group_users(users) groups = config.group_users()
if name not in groups: if name not in groups:
sys.exit("Group not found") sys.exit("Group not found")
print "Users in group '%s':" % name print "Users in group '%s':" % name
@ -236,36 +285,32 @@ if __name__ == "__main__":
if options.what in ("a", "r"): if options.what in ("a", "r"):
# add a user, restricted or regular # add a user, restricted or regular
if name in users: if name in config.elab_users:
sys.exit("Username '%s' already in use" % name) sys.exit("Username '%s' already in use" % username)
group = RESTRICTED if options.what == "r" else REGULAR group = RESTRICTED if options.what == "r" else USERS
users[name] = User(name, group) config.add_journal_acl_for(name, group)
config.update_user_groups(users) create_new_repository(name)
folder = SVN_BASE + name
config.add_section(folder)
config.set(folder, "@"+RESTRICTED, "")
config.set(folder, name, WRITE_ACL)
#subprocess.check_call(SVN_DIR_CREATOR + " " + name, shell=True) #subprocess.check_call(SVN_DIR_CREATOR + " " + name, shell=True)
password = set_new_password(name) password = set_new_password(name)
print "New password for user '%s': '%s'" % (name, password) print "New password for user '%s': '%s'" % (name, password)
print "http://svn.cpi.imtek.uni-freiburg.de/" + name
config.write_to_file() config.write_to_file()
sys.exit() sys.exit()
# from here downwards we need already existent usernames # from here downwards we need already existent usernames
if name not in users: if name not in config.elab_users:
sys.exit("User '%s' not found, use this without a name to get a list of users." % name) sys.exit("User '%s' not found, use this without a name to get a list of users." % name)
user = users[name]
if options.what == "m": if options.what == "m":
# move user to alumni # move user to alumni
groups = group_users(users) user = config.elab_users[name]
if user.group == ALUMNI: if user.group == ALUMNI:
sys.exit("User '%s' is already in group '%s'" % (name, ALUMNI)) sys.exit("User '%s' is already in group '%s'" % (name, ALUMNI))
if user.group == ADMINS: if user.group == ADMINS:
sys.exit("User '%s' is in group '%s', will not moved to '%s'" % (name, ADMINS, ALUMNI)) sys.exit("User '%s' is in group '%s', will not moved to '%s'" % (name, ADMINS, ALUMNI))
config.move_user_to_alumni(user) config.move_user_to_alumni(name)
config.update_user_groups(users)
config.write_to_file() config.write_to_file()
delete_password(name)
sys.exit() sys.exit()
if options.what == "p": if options.what == "p":
@ -275,30 +320,32 @@ if __name__ == "__main__":
sys.exit() sys.exit()
# no option, just a name: # no option, just a name:
# print the write acls for a user user = config.elab_users[name]
print "User %s is in group '%s':" % (name, user.group) print "User %s is in group '%s':" % (name, user.group)
# print the write acls for a user
if user.group == ADMINS: if user.group == ADMINS:
print " Write access is granted to all folders." print " Write access is granted to all journals."
elif user.write_acl: elif user.write_acl:
write_acl = [ SVN_BASE + username for username in user.write_acl ] write_acl = [ username + SVN_SUFFIX for username in user.write_acl ]
print " Write access is granted to folders '%s'. " % "', '".join(write_acl) print " Write access is granted to '%s'. " % "', '".join(write_acl)
else: else:
print " Write access is NOT granted to any folder" print " Write access is NOT granted to any journals"
# print the read acls for a user # print the read acls for a user
if user.group == ADMINS: if user.group == ADMINS:
print " Read access is granted to all folders." print " Read access is granted to all journals."
elif user.group == REGULAR: elif user.group == USERS:
print " Read access is granted to (nearly) all folders." print " Read access is granted to (nearly) all journals."
elif user.read_acl: elif user.read_acl:
read_acl = [ SVN_BASE + username for username in user.read_acl ] read_acl = [ username + SVN_SUFFIX for username in user.read_acl ]
print " Read access is granted to folders '%s'. " % "', '".join(read_acl) print " Read access is granted to '%s'. " % "', '".join(read_acl)
else: else:
print " Read access is NOT granted to any folder" print " Read access is NOT granted to any journals"
info = config.get_journal_info(name)
# print the write acls for a journal # print the write acls for a journal
info = config.get_folder_info(name) print "Labjournal %s%s" % (name, SVN_SUFFIX)
print "Labjornal %s%s:" % (SVN_BASE, name)
if info[WRITE_ACL]: if info[WRITE_ACL]:
print " Write and read access granted to: " + ", ".join(info[WRITE_ACL]) print " Write access granted to: " + ", ".join(info[WRITE_ACL])
else: else:
print " No write access granted to anybody" print " No write access granted to anybody"
# print the read acls for a journal # print the read acls for a journal
@ -306,5 +353,3 @@ if __name__ == "__main__":
print " Read access granted to: " + ", ".join(info[READ_ACL]) print " Read access granted to: " + ", ".join(info[READ_ACL])
else: else:
print " No read access granted to anybody" print " No read access granted to anybody"

Loading…
Cancel
Save