X-Git-Url: https://git.decadent.org.uk/gitweb/?p=dak.git;a=blobdiff_plain;f=dak%2Facl.py;h=a6fdddd953c041d13bd74a348bc9aec3fb7d8975;hp=f38a3a600a3f2ec5cddfb42c0ca91a158d690df2;hb=519c1dbf89c13557afc15a429164616ac563d379;hpb=df6e3e5f79788962ecb9f2d283ef640c6fef0301 diff --git a/dak/acl.py b/dak/acl.py index f38a3a60..a6fdddd9 100644 --- a/dak/acl.py +++ b/dak/acl.py @@ -20,12 +20,20 @@ import apt_pkg import sys from daklib.config import Config -from daklib.dbconn import DBConn, Fingerprint, Uid, ACL +from daklib.dbconn import DBConn, Fingerprint, Keyring, Uid, ACL def usage(): - print """Usage: dak acl set-fingerprints + print """Usage: + dak acl set-fingerprints + dak acl export-per-source -Reads list of fingerprints from stdin and sets the ACL to these. + set-fingerprints: + Reads list of fingerprints from stdin and sets the ACL to these. + Accepted input formats are "uid:", "name:" and + "fpr:". + + export-per-source: + Export per source upload rights for ACL . """ def get_fingerprint(entry, session): @@ -36,6 +44,7 @@ def get_fingerprint(entry, session): uid: name: fpr: + keyring: @type entry: string @param entry: ACL entry @@ -46,7 +55,7 @@ def get_fingerprint(entry, session): @return: fingerprint for the entry """ field, value = entry.split(":", 1) - q = session.query(Fingerprint) + q = session.query(Fingerprint).join(Fingerprint.keyring).filter(Keyring.active == True) if field == 'uid': q = q.join(Fingerprint.uid).filter(Uid.uid == value) @@ -54,6 +63,10 @@ def get_fingerprint(entry, session): q = q.join(Fingerprint.uid).filter(Uid.name == value) elif field == 'fpr': q = q.filter(Fingerprint.fingerprint == value) + elif field == 'keyring': + q = q.filter(Keyring.keyring_name == value) + else: + raise Exception('Unknown selector "{0}".'.format(field)) return q.all() @@ -64,6 +77,9 @@ def acl_set_fingerprints(acl_name, entries): acl.fingerprints.clear() for entry in entries: entry = entry.strip() + if entry.startswith('#') or len(entry) == 0: + continue + fps = get_fingerprint(entry, session) if len(fps) == 0: print "Unknown key for '{0}'".format(entry) @@ -72,12 +88,50 @@ def acl_set_fingerprints(acl_name, entries): session.commit() +def acl_export_per_source(acl_name): + session = DBConn().session() + acl = session.query(ACL).filter_by(name=acl_name).one() + + query = r""" + SELECT + f.fingerprint, + (SELECT COALESCE(u.name, '') || ' <' || u.uid || '>' + FROM uid u + JOIN fingerprint f2 ON u.id = f2.uid + WHERE f2.id = f.id) AS name, + STRING_AGG( + a.source + || COALESCE(' (' || (SELECT fingerprint FROM fingerprint WHERE id = a.created_by_id) || ')', ''), + E',\n ' ORDER BY a.source) + FROM acl_per_source a + JOIN fingerprint f ON a.fingerprint_id = f.id + LEFT JOIN uid u ON f.uid = u.id + WHERE a.acl_id = :acl_id + GROUP BY f.id, f.fingerprint + ORDER BY name + """ + + for row in session.execute(query, {'acl_id': acl.id}): + print "Fingerprint:", row[0] + print "Uid:", row[1] + print "Allow:", row[2] + print + + session.rollback() + session.close() + def main(argv=None): if argv is None: argv = sys.argv - if len(argv) != 3 or argv[1] != 'set-fingerprints': + if len(argv) != 3: usage() sys.exit(1) - acl_set_fingerprints(argv[2], sys.stdin) + if argv[1] == 'set-fingerprints': + acl_set_fingerprints(argv[2], sys.stdin) + elif argv[1] == 'export-per-source': + acl_export_per_source(argv[2]) + else: + usage() + sys.exit(1)