Commit 01cb437a authored by Leigh Stoller's avatar Leigh Stoller

A change for Dave that we discussed a couple of months back and

yesterday Dave said he needs it now.

Currently the accounts that are returned to ron nodes are determined
by looking for the node type in the pcremote_ok slot of the projects
table. There is no per-user subgroup setting; everyone gets the group
of their project.

Dave needs to be able to assign remote users to specific subgroups
within a variety of projects, and I did not want to hack up the
pcremote_ok mechanism any further. So, new way to do this, that might
replace pcremote_ok at some point, but for now will just override it.

I am using the node_attributes table to drive what groups get
installed, and thus what users get accounts and a grouplist.

	inset into node_attributes values
	           ('ronXXX', "dp_projects", "10000,10001,...");

where the group list is specified as a list of gid_idx's. This works
out very nicely cause I can use a subquery and FIND_IN_SET clause, and
so the changes to tmcd where actually pretty easy.
parent f0f2c186
......@@ -1722,19 +1722,34 @@ COMMAND_PROTOTYPE(doaccounts)
/*
* XXX - Old style node, not doing jails.
*
* Temporary hack until we figure out the right model for
* remote nodes. For now, we use the pcremote-ok slot in
* in the project table to determine what remote nodes are
* okay'ed for the project. If connecting node type is in
* that list, then return all of the project groups, for
* each project that is allowed to get accounts on the type.
* Added this for Dave. I love subqueries!
*/
res = mydb_query("select g.unix_name,g.unix_gid "
" from projects as p "
" from projects as p "
"left join groups as g on p.pid=g.pid "
"where p.approved!=0 and "
" FIND_IN_SET('%s',pcremote_ok)>0",
2, reqp->type);
" FIND_IN_SET(g.gid_idx, "
" (select attrvalue from node_attributes "
" where node_id='%s' and "
" attrkey='dp_projects')) > 0",
2, reqp->pnodeid);
if (!res || (int)mysql_num_rows(res) == 0) {
/*
* Temporary hack until we figure out the right model for
* remote nodes. For now, we use the pcremote-ok slot in
* in the project table to determine what remote nodes are
* okay'ed for the project. If connecting node type is in
* that list, then return all of the project groups, for
* each project that is allowed to get accounts on the type.
*/
res = mydb_query("select g.unix_name,g.unix_gid "
" from projects as p "
"left join groups as g on p.pid=g.pid "
"where p.approved!=0 and "
" FIND_IN_SET('%s',pcremote_ok)>0",
2, reqp->type);
}
}
if (!res) {
error("ACCOUNTS: %s: DB Error getting gids!\n", reqp->pid);
......@@ -1864,6 +1879,38 @@ COMMAND_PROTOTYPE(doaccounts)
* that list, then return user info for all of the users
* in those projects (crossed with group in the project).
*/
char subclause[MYBUFSIZE];
int count = 0;
res = mydb_query("select attrvalue from node_attributes "
" where node_id='%s' and "
" attrkey='dp_projects'",
1, reqp->pnodeid);
if (res) {
if ((int)mysql_num_rows(res) > 0) {
row = mysql_fetch_row(res);
count = snprintf(subclause,
sizeof(subclause) - 1,
"FIND_IN_SET(g.gid_idx,'%s')>0",
row[0]);
}
else {
count = snprintf(subclause,
sizeof(subclause) - 1,
"FIND_IN_SET('%s',pcremote_ok)>0",
reqp->type);
}
mysql_free_result(res);
if (count >= sizeof(subclause)) {
error("ACCOUNTS: %s: Subclause too long!\n",
reqp->nodeid);
return 1;
}
}
res = mydb_query("select distinct "
"u.uid,'*',u.unix_uid,u.usr_name, "
"m.trust,g.pid,g.gid,g.unix_gid,u.admin, "
......@@ -1879,12 +1926,12 @@ COMMAND_PROTOTYPE(doaccounts)
" g.pid=m.pid and g.gid=m.gid "
"left join users as u on u.uid_idx=m.uid_idx "
"where p.approved!=0 "
" and FIND_IN_SET('%s',pcremote_ok)>0 "
" and %s "
" and m.trust!='none' "
" and u.webonly=0 "
" and u.status='active' "
"order by u.uid",
17, reqp->type);
17, subclause);
}
if (!res) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment