← Back to branch summary

~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/makeuser.py

Merge from object-publishing.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ivle/makeuser.py
72
72
        f.write("""
73
73
[%(login)s:/]
74
74
%(login)s = rw
75
 
""" % {'login': u.login.encode('utf-8')})
 
75
""" % {'login': u.login})
76
76
 
77
77
    # Now we need to grant offering tutors and lecturers access to the latest
78
78
    # submissions in their offerings. There are much prettier ways to do this,
87
87
            User.id == Assessed.user_id,
88
88
            Project.id == Assessed.project_id,
89
89
            ProjectSet.id == Project.project_set_id,
90
 
            Offering.id == ProjectSet.offering_id,
 
90
            Offering.id == ProjectSet.id,
91
91
            ProjectSubmission.date_submitted == Select(
92
92
                    Max(ProjectSubmission.date_submitted),
93
93
                    ProjectSubmission.assessed_id == Assessed.id,
102
102
                    User.login,
103
103
                    User.id == Enrolment.user_id,
104
104
                    Enrolment.offering_id == offeringid,
105
 
                    Enrolment.role.is_in((u'tutor', u'lecturer')),
106
 
                    Enrolment.active == True,
 
105
                    Enrolment.role.is_in((u'tutor', u'lecturer'))
107
106
                )
108
107
            )
109
108
 
110
109
        f.write("""
111
110
# Submission %(id)d
112
111
[%(login)s:%(path)s]
113
 
""" % {'login': login.encode('utf-8'), 'id': psid,
114
 
       'path': pspath.encode('utf-8')})
 
112
""" % {'login': login, 'id': psid, 'path': pspath})
115
113
 
116
114
        for viewer_login in offering_viewers_cache[offeringid]:
117
115
            # We don't want to override the owner's write privilege,
118
116
            # so we don't add them to the read-only ACL.
119
117
            if login != viewer_login:
120
 
                f.write("%s = r\n" % viewer_login.encode('utf-8'))
 
118
                f.write("%s = r\n" % viewer_login)
121
119
 
122
120
    f.close()
123
121
    os.rename(temp_name, conf_name)
143
141
        offering = group.project_set.offering
144
142
        reponame = "_".join([offering.subject.short_name,
145
143
                             offering.semester.year,
146
 
                             offering.semester.url_name,
 
144
                             offering.semester.semester,
147
145
                             group.name])
148
146
 
149
 
        f.write("[%s:/]\n" % reponame.encode('utf-8'))
 
147
        f.write("[%s:/]\n" % reponame)
150
148
        if group.id not in group_members_cache:
151
149
            group_members_cache[group.id] = set()
152
150
        for user in group.members:
153
151
            group_members_cache[group.id].add(user.login)
154
 
            f.write("%s = rw\n" % user.login.encode('utf-8'))
 
152
            f.write("%s = rw\n" % user.login)
155
153
        f.write("\n")
156
154
 
157
155
    # Now we need to grant offering tutors and lecturers access to the latest
161
159
    # a single query, and we cache the list of viewers for each offering.
162
160
    offering_viewers_cache = {}
163
161
    for (ssn, year, sem, name, psid, pspath, gid, offeringid) in store.find(
164
 
        (Subject.short_name, Semester.year, Semester.url_name,
 
162
        (Subject.short_name, Semester.year, Semester.semester,
165
163
         ProjectGroup.name, ProjectSubmission.id, ProjectSubmission.path,
166
164
         ProjectGroup.id, Offering.id),
167
165
            Assessed.id == ProjectSubmission.assessed_id,
187
185
                    User.login,
188
186
                    User.id == Enrolment.user_id,
189
187
                    Enrolment.offering_id == offeringid,
190
 
                    Enrolment.role.is_in((u'tutor', u'lecturer')),
191
 
                    Enrolment.active == True,
 
188
                    Enrolment.role.is_in((u'tutor', u'lecturer'))
192
189
                )
193
190
            )
194
191
 
195
192
        f.write("""
196
193
# Submission %(id)d
197
194
[%(repo)s:%(path)s]
198
 
""" % {'repo': reponame.encode('utf-8'), 'id': psid,
199
 
       'path': pspath.encode('utf-8')})
 
195
""" % {'repo': reponame, 'id': psid, 'path': pspath})
200
196
 
201
197
        for viewer_login in offering_viewers_cache[offeringid]:
202
198
            # Skip existing group members, or they can't write to it any more.
215
211
    """
216
212
    # filename is, eg, /var/lib/ivle/svn/ivle.auth
217
213
    filename = config['paths']['svn']['auth_ivle']
 
214
    passwd = hashlib.md5(uuid.uuid4().bytes).hexdigest()
218
215
    if os.path.exists(filename):
219
216
        create = ""
220
217
    else:
221
218
        create = "c"
222
219
 
223
220
    user = User.get_by_login(store, login)
224
 
 
225
 
    if user.svn_pass is None:
226
 
        passwd = hashlib.md5(uuid.uuid4().bytes).hexdigest()
227
 
        user.svn_pass = unicode(passwd)
 
221
    user.svn_pass = unicode(passwd)
228
222
 
229
223
    res = subprocess.call(['htpasswd', '-%smb' % create,
230
 
                           filename, login, user.svn_pass])
 
224
                           filename, login, passwd])
231
225
    if res != 0 and throw_on_error:
232
226
        raise Exception("Unable to create ivle-auth for %s" % login)
233
227
 
235
229
    if create == "c":
236
230
        chown_to_webserver(filename)
237
231
 
238
 
    return user.svn_pass
 
232
    return passwd
239
233
 
240
234
def make_jail(user, config, force=True):
241
235
    """Create or update a user's jail.
264
258
        os.mkdir(tempdir)
265
259
    userdir = os.path.join(jail_src_base, user.login)
266
260
    homedir = os.path.join(userdir, 'home')
267
 
    tmpdir = os.path.join(userdir, 'tmp')
268
261
    userhomedir = os.path.join(homedir, user.login)   # Return value
269
262
 
270
263
    if os.path.exists(userdir):
273
266
        # User jail already exists. Blow it away but preserve their home
274
267
        # directory. It should be all that is there anyway, but you never
275
268
        # know!
276
 
        # Ignore warnings about the use of tempnam
 
269
        # Ignore warnings about the use of tmpnam
277
270
        warnings.simplefilter('ignore')
278
271
        homebackup = os.tempnam(tempdir)
279
272
        warnings.resetwarnings()
282
275
        # NOTE that shutil.move changed in Python 2.6, it now moves a
283
276
        # directory INTO the target (like `mv`), which it didn't use to do.
284
277
        # This code works regardless.
285
 
        shutil.move(userhomedir, homebackup)
 
278
        shutil.move(homedir, homebackup)
286
279
        shutil.rmtree(userdir)
287
 
        os.makedirs(homedir)
288
 
        shutil.move(homebackup, userhomedir)
 
280
        os.makedirs(userdir)
 
281
        shutil.move(homebackup, homedir)
289
282
        # Change the ownership of all the files to the right unixid
290
283
        logging.debug("chown %s's home directory files to uid %d"
291
284
            %(user.login, user.unixid))
303
296
    make_ivle_conf(user.login, userdir, user.svn_pass, config)
304
297
    make_etc_passwd(user.login, userdir, config['paths']['jails']['template'],
305
298
                    user.unixid)
306
 
    os.makedirs(tmpdir)
307
 
    os.chmod(tmpdir, 01777)
308
299
 
309
300
    return userhomedir
310
301
 
319
310
    @param svn_pass: User's SVN password.
320
311
    @param sys_config: An ivle.config.Config object (the system-wide config).
321
312
    """
322
 
    conf_path = os.path.join(user_jail_dir, "home/.ivle.conf")
323
 
    if not os.path.exists(os.path.dirname(conf_path)):
324
 
        os.makedirs(os.path.dirname(conf_path))
 
313
    conf_path = os.path.join(user_jail_dir, "etc/ivle/ivle.conf")
 
314
    os.makedirs(os.path.dirname(conf_path))
325
315
 
326
316
    # In the "in-jail" version of conf, we don't need MOST of the details
327
317
    # (it would be a security risk to have them here).
328
318
    # So we just write root_dir.
329
319
    conf_obj = ivle.config.Config(blank=True)
330
320
    conf_obj.filename = conf_path
331
 
    conf_obj['urls'] = {}
332
321
    conf_obj['urls']['root'] = sys_config['urls']['root']
333
322
    conf_obj['urls']['public_host'] = sys_config['urls']['public_host']
334
323
    conf_obj['urls']['svn_addr'] = sys_config['urls']['svn_addr']
335
 
    conf_obj['user_info'] = {}
336
324
    conf_obj['user_info']['login'] = username
337
325
    conf_obj['user_info']['svn_pass'] = svn_pass
338
326
    conf_obj.write()
348
336
    Creates /etc/passwd in the given user's jail. This will be identical to
349
337
    that in the template jail, except for the added entry for this user.
350
338
    """
351
 
    template_passwd_path = os.path.join(template_dir, "home/.passwd")
352
 
    passwd_path = os.path.join(user_jail_dir, "home/.passwd")
 
339
    template_passwd_path = os.path.join(template_dir, "etc/passwd")
 
340
    passwd_path = os.path.join(user_jail_dir, "etc/passwd")
353
341
    passwd_dir = os.path.dirname(passwd_path)
354
342
    if not os.path.exists(passwd_dir):
355
343
        os.makedirs(passwd_dir)