← Back to branch summary

~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/makeuser.py

  • Committer: William Grant
  • Date: 2012-06-28 01:52:02 UTC
  • Revision ID: me@williamgrant.id.au-20120628015202-f6ru7o367gt6nvgz
Hah

Show diffs side-by-side

added added

removed removed

Lines of Context:
ivle/makeuser.py
72
72
        f.write("""
73
73
[%(login)s:/]
74
74
%(login)s = rw
75
 
""" % {'login': u.login})
 
75
""" % {'login': u.login.encode('utf-8')})
76
76
 
77
77
    # Now we need to grant offering tutors and lecturers access to the latest
78
78
    # submissions in their offerings. There are much prettier ways to do this,
87
87
            User.id == Assessed.user_id,
88
88
            Project.id == Assessed.project_id,
89
89
            ProjectSet.id == Project.project_set_id,
90
 
            Offering.id == ProjectSet.id,
 
90
            Offering.id == ProjectSet.offering_id,
91
91
            ProjectSubmission.date_submitted == Select(
92
92
                    Max(ProjectSubmission.date_submitted),
93
93
                    ProjectSubmission.assessed_id == Assessed.id,
102
102
                    User.login,
103
103
                    User.id == Enrolment.user_id,
104
104
                    Enrolment.offering_id == offeringid,
105
 
                    Enrolment.role.is_in((u'tutor', u'lecturer'))
 
105
                    Enrolment.role.is_in((u'tutor', u'lecturer')),
 
106
                    Enrolment.active == True,
106
107
                )
107
108
            )
108
109
 
109
110
        f.write("""
110
111
# Submission %(id)d
111
112
[%(login)s:%(path)s]
112
 
""" % {'login': login, 'id': psid, 'path': pspath})
 
113
""" % {'login': login.encode('utf-8'), 'id': psid,
 
114
       'path': pspath.encode('utf-8')})
113
115
 
114
116
        for viewer_login in offering_viewers_cache[offeringid]:
115
117
            # We don't want to override the owner's write privilege,
116
118
            # so we don't add them to the read-only ACL.
117
119
            if login != viewer_login:
118
 
                f.write("%s = r\n" % viewer_login)
 
120
                f.write("%s = r\n" % viewer_login.encode('utf-8'))
119
121
 
120
122
    f.close()
121
123
    os.rename(temp_name, conf_name)
141
143
        offering = group.project_set.offering
142
144
        reponame = "_".join([offering.subject.short_name,
143
145
                             offering.semester.year,
144
 
                             offering.semester.semester,
 
146
                             offering.semester.url_name,
145
147
                             group.name])
146
148
 
147
 
        f.write("[%s:/]\n" % reponame)
 
149
        f.write("[%s:/]\n" % reponame.encode('utf-8'))
148
150
        if group.id not in group_members_cache:
149
151
            group_members_cache[group.id] = set()
150
152
        for user in group.members:
151
153
            group_members_cache[group.id].add(user.login)
152
 
            f.write("%s = rw\n" % user.login)
 
154
            f.write("%s = rw\n" % user.login.encode('utf-8'))
153
155
        f.write("\n")
154
156
 
155
157
    # Now we need to grant offering tutors and lecturers access to the latest
159
161
    # a single query, and we cache the list of viewers for each offering.
160
162
    offering_viewers_cache = {}
161
163
    for (ssn, year, sem, name, psid, pspath, gid, offeringid) in store.find(
162
 
        (Subject.short_name, Semester.year, Semester.semester,
 
164
        (Subject.short_name, Semester.year, Semester.url_name,
163
165
         ProjectGroup.name, ProjectSubmission.id, ProjectSubmission.path,
164
166
         ProjectGroup.id, Offering.id),
165
167
            Assessed.id == ProjectSubmission.assessed_id,
185
187
                    User.login,
186
188
                    User.id == Enrolment.user_id,
187
189
                    Enrolment.offering_id == offeringid,
188
 
                    Enrolment.role.is_in((u'tutor', u'lecturer'))
 
190
                    Enrolment.role.is_in((u'tutor', u'lecturer')),
 
191
                    Enrolment.active == True,
189
192
                )
190
193
            )
191
194
 
192
195
        f.write("""
193
196
# Submission %(id)d
194
197
[%(repo)s:%(path)s]
195
 
""" % {'repo': reponame, 'id': psid, 'path': pspath})
 
198
""" % {'repo': reponame.encode('utf-8'), 'id': psid,
 
199
       'path': pspath.encode('utf-8')})
196
200
 
197
201
        for viewer_login in offering_viewers_cache[offeringid]:
198
202
            # Skip existing group members, or they can't write to it any more.
211
215
    """
212
216
    # filename is, eg, /var/lib/ivle/svn/ivle.auth
213
217
    filename = config['paths']['svn']['auth_ivle']
214
 
    passwd = hashlib.md5(uuid.uuid4().bytes).hexdigest()
215
218
    if os.path.exists(filename):
216
219
        create = ""
217
220
    else:
218
221
        create = "c"
219
222
 
220
223
    user = User.get_by_login(store, login)
221
 
    user.svn_pass = unicode(passwd)
 
224
 
 
225
    if user.svn_pass is None:
 
226
        passwd = hashlib.md5(uuid.uuid4().bytes).hexdigest()
 
227
        user.svn_pass = unicode(passwd)
222
228
 
223
229
    res = subprocess.call(['htpasswd', '-%smb' % create,
224
 
                           filename, login, passwd])
 
230
                           filename, login, user.svn_pass])
225
231
    if res != 0 and throw_on_error:
226
232
        raise Exception("Unable to create ivle-auth for %s" % login)
227
233
 
229
235
    if create == "c":
230
236
        chown_to_webserver(filename)
231
237
 
232
 
    return passwd
 
238
    return user.svn_pass
233
239
 
234
240
def make_jail(user, config, force=True):
235
241
    """Create or update a user's jail.
258
264
        os.mkdir(tempdir)
259
265
    userdir = os.path.join(jail_src_base, user.login)
260
266
    homedir = os.path.join(userdir, 'home')
 
267
    tmpdir = os.path.join(userdir, 'tmp')
261
268
    userhomedir = os.path.join(homedir, user.login)   # Return value
262
269
 
263
270
    if os.path.exists(userdir):
266
273
        # User jail already exists. Blow it away but preserve their home
267
274
        # directory. It should be all that is there anyway, but you never
268
275
        # know!
269
 
        # Ignore warnings about the use of tmpnam
 
276
        # Ignore warnings about the use of tempnam
270
277
        warnings.simplefilter('ignore')
271
278
        homebackup = os.tempnam(tempdir)
272
279
        warnings.resetwarnings()
275
282
        # NOTE that shutil.move changed in Python 2.6, it now moves a
276
283
        # directory INTO the target (like `mv`), which it didn't use to do.
277
284
        # This code works regardless.
278
 
        shutil.move(homedir, homebackup)
 
285
        shutil.move(userhomedir, homebackup)
279
286
        shutil.rmtree(userdir)
280
 
        os.makedirs(userdir)
281
 
        shutil.move(homebackup, homedir)
 
287
        os.makedirs(homedir)
 
288
        shutil.move(homebackup, userhomedir)
282
289
        # Change the ownership of all the files to the right unixid
283
290
        logging.debug("chown %s's home directory files to uid %d"
284
291
            %(user.login, user.unixid))
296
303
    make_ivle_conf(user.login, userdir, user.svn_pass, config)
297
304
    make_etc_passwd(user.login, userdir, config['paths']['jails']['template'],
298
305
                    user.unixid)
 
306
    os.makedirs(tmpdir)
 
307
    os.chmod(tmpdir, 01777)
299
308
 
300
309
    return userhomedir
301
310
 
310
319
    @param svn_pass: User's SVN password.
311
320
    @param sys_config: An ivle.config.Config object (the system-wide config).
312
321
    """
313
 
    conf_path = os.path.join(user_jail_dir, "etc/ivle/ivle.conf")
314
 
    os.makedirs(os.path.dirname(conf_path))
 
322
    conf_path = os.path.join(user_jail_dir, "home/.ivle.conf")
 
323
    if not os.path.exists(os.path.dirname(conf_path)):
 
324
        os.makedirs(os.path.dirname(conf_path))
315
325
 
316
326
    # In the "in-jail" version of conf, we don't need MOST of the details
317
327
    # (it would be a security risk to have them here).
318
328
    # So we just write root_dir.
319
329
    conf_obj = ivle.config.Config(blank=True)
320
330
    conf_obj.filename = conf_path
 
331
    conf_obj['urls'] = {}
321
332
    conf_obj['urls']['root'] = sys_config['urls']['root']
322
333
    conf_obj['urls']['public_host'] = sys_config['urls']['public_host']
323
334
    conf_obj['urls']['svn_addr'] = sys_config['urls']['svn_addr']
 
335
    conf_obj['user_info'] = {}
324
336
    conf_obj['user_info']['login'] = username
325
337
    conf_obj['user_info']['svn_pass'] = svn_pass
326
338
    conf_obj.write()
336
348
    Creates /etc/passwd in the given user's jail. This will be identical to
337
349
    that in the template jail, except for the added entry for this user.
338
350
    """
339
 
    template_passwd_path = os.path.join(template_dir, "etc/passwd")
340
 
    passwd_path = os.path.join(user_jail_dir, "etc/passwd")
 
351
    template_passwd_path = os.path.join(template_dir, "home/.passwd")
 
352
    passwd_path = os.path.join(user_jail_dir, "home/.passwd")
341
353
    passwd_dir = os.path.dirname(passwd_path)
342
354
    if not os.path.exists(passwd_dir):
343
355
        os.makedirs(passwd_dir)