Adjust to deal with the new Debian supplementaryGid

[dak.git] / dak / acl.py

diff --git a/dak/acl.py b/dak/acl.py
index f38a3a600a3f2ec5cddfb42c0ca91a158d690df2..a6fdddd953c041d13bd74a348bc9aec3fb7d8975 100644 (file)
--- a/dak/acl.py
+++ b/dak/acl.py
@@ -20,12 +20,20 @@ import apt_pkg
 import sys
 
 from daklib.config import Config
-from daklib.dbconn import DBConn, Fingerprint, Uid, ACL
+from daklib.dbconn import DBConn, Fingerprint, Keyring, Uid, ACL
 
 def usage():
-    print """Usage: dak acl set-fingerprints <acl-name>
+    print """Usage:
+  dak acl set-fingerprints <acl-name>
+  dak acl export-per-source <acl-name>
 
-Reads list of fingerprints from stdin and sets the ACL <acl-name> to these.
+  set-fingerprints:
+    Reads list of fingerprints from stdin and sets the ACL <acl-name> to these.
+    Accepted input formats are "uid:<uid>", "name:<name>" and
+    "fpr:<fingerprint>".
+
+  export-per-source:
+    Export per source upload rights for ACL <acl-name>.
 """
 
 def get_fingerprint(entry, session):
@@ -36,6 +44,7 @@ def get_fingerprint(entry, session):
         uid:<uid>
         name:<name>
         fpr:<fingerprint>
+        keyring:<keyring-name>
 
     @type  entry: string
     @param entry: ACL entry
@@ -46,7 +55,7 @@ def get_fingerprint(entry, session):
     @return: fingerprint for the entry
     """
     field, value = entry.split(":", 1)
-    q = session.query(Fingerprint)
+    q = session.query(Fingerprint).join(Fingerprint.keyring).filter(Keyring.active == True)
 
     if field == 'uid':
         q = q.join(Fingerprint.uid).filter(Uid.uid == value)
@@ -54,6 +63,10 @@ def get_fingerprint(entry, session):
         q = q.join(Fingerprint.uid).filter(Uid.name == value)
     elif field == 'fpr':
         q = q.filter(Fingerprint.fingerprint == value)
+    elif field == 'keyring':
+        q = q.filter(Keyring.keyring_name == value)
+    else:
+        raise Exception('Unknown selector "{0}".'.format(field))
 
     return q.all()
 
@@ -64,6 +77,9 @@ def acl_set_fingerprints(acl_name, entries):
     acl.fingerprints.clear()
     for entry in entries:
         entry = entry.strip()
+        if entry.startswith('#') or len(entry) == 0:
+            continue
+
         fps = get_fingerprint(entry, session)
         if len(fps) == 0:
             print "Unknown key for '{0}'".format(entry)
@@ -72,12 +88,50 @@ def acl_set_fingerprints(acl_name, entries):
 
     session.commit()
 
+def acl_export_per_source(acl_name):
+    session = DBConn().session()
+    acl = session.query(ACL).filter_by(name=acl_name).one()
+
+    query = r"""
+      SELECT
+        f.fingerprint,
+        (SELECT COALESCE(u.name, '') || ' <' || u.uid || '>'
+           FROM uid u
+           JOIN fingerprint f2 ON u.id = f2.uid
+          WHERE f2.id = f.id) AS name,
+        STRING_AGG(
+          a.source
+          || COALESCE(' (' || (SELECT fingerprint FROM fingerprint WHERE id = a.created_by_id) || ')', ''),
+          E',\n ' ORDER BY a.source)
+      FROM acl_per_source a
+      JOIN fingerprint f ON a.fingerprint_id = f.id
+      LEFT JOIN uid u ON f.uid = u.id
+      WHERE a.acl_id = :acl_id
+      GROUP BY f.id, f.fingerprint
+      ORDER BY name
+      """
+
+    for row in session.execute(query, {'acl_id': acl.id}):
+        print "Fingerprint:", row[0]
+        print "Uid:", row[1]
+        print "Allow:", row[2]
+        print
+
+    session.rollback()
+    session.close()
+
 def main(argv=None):
     if argv is None:
         argv = sys.argv
 
-    if len(argv) != 3 or argv[1] != 'set-fingerprints':
+    if len(argv) != 3:
         usage()
         sys.exit(1)
 
-    acl_set_fingerprints(argv[2], sys.stdin)
+    if argv[1] == 'set-fingerprints':
+        acl_set_fingerprints(argv[2], sys.stdin)
+    elif argv[1] == 'export-per-source':
+        acl_export_per_source(argv[2])
+    else:
+        usage()
+        sys.exit(1)