@@ -43,17 +43,17 @@ def reconcile_access(commit_changes=False):
4343 netid = strip_domain (row [0 ])
4444 accessee = get_accessee_model (netid )
4545
46- for delegate , rights in get_delegations (row [1 ]). items ( ):
46+ for delegate , right in mailbox_delegations (row [1 ]):
4747 try :
48- record = reconcile_delegation (accessee , delegate , rights )
48+ record = reconcile_delegation (accessee , delegate , right )
4949 clear_record_id (record_ids , record .id )
5050 except NullDelegateException :
5151 logger .info (
5252 f"NULL DELEGATE: mailbox { netid }
53- f"with rights : { rights } )
53+ f"with right : { right } )
5454 except NoAccessRecordException :
5555 logger .info (f"NO ACCESS RECORD FOR: mailbox { netid }
56- f"delegate { delegate } rights : { rights } )
56+ f"delegate { delegate } right : { right } )
5757 if commit_changes :
5858 new_access_record (accessee , delegate , right_record )
5959 except DeletedAccessRecordException as ex :
@@ -71,9 +71,23 @@ def reconcile_access(commit_changes=False):
7171 f"{ record .datetime_expired } )
7272
7373 if commit_changes :
74- right = next (iter (rights ))
75- right_record = get_access_right (right )
76- assign_access_right (record , right_record )
74+ # right still match? update
75+ if record .access_right .name != right :
76+ logger .info (
77+ "UPDATE DELETED ACCESS RECORD: "
78+ f"mailbox { netid }
79+ f"delegate { delegate }
80+ f"({ record .access_right .name } { right } )
81+ right_record = get_access_right (right )
82+ assign_access_right (record , right_record )
83+
84+ logger .info (
85+ f"UNDELETED ACCESS RECORD: mailbox { netid }
86+ f"delegate { delegate }
87+ f"({ record .access_right .name } )
88+ undelete_access_record (record )
89+
90+ clear_record_id (record_ids , record .id )
7791 except EmptyDelegateRightsException as ex :
7892 record = ex .record
7993 logger .info (f"NO RIGHTS FOR DELEGATION: "
@@ -83,17 +97,15 @@ def reconcile_access(commit_changes=False):
8397 except TooManyRightsException as ex :
8498 logger .info (
8599 f"CONFLICT: mailbox { netid } { delegate }
86- f"rights : { rights } )
100+ f"right : { right } )
87101 record = ex .record
88102 if commit_changes :
89103 revoke_record (record )
90- save_conflict_record (accessee , record , delegate , rights )
104+ save_conflict_record (accessee , record , delegate , right )
91105
92106 clear_record_id (record_ids , record .id )
93107 except DelegateRightMismatchException as ex :
94108 record = ex .record
95- right = next (iter (rights ))
96-
97109 logger .info (
98110 f"DELEGATION CHANGE: mailbox { netid } { delegate }
99111 f" ({ record .access_right .name } { right } )
@@ -103,10 +115,6 @@ def reconcile_access(commit_changes=False):
103115 assign_access_right (record , right_record )
104116
105117 clear_record_id (record_ids , record .id )
106- except Exception as ex :
107- logger .error (
108- f"UNEXPECTED ERROR: mailbox { netid } { delegate }
109- f"rights: { rights } { ex } )
110118
111119 # access records for which no delegation was reported
112120 for record in AccessRecord .objects .filter (id__in = record_ids ):
@@ -127,7 +135,7 @@ def clear_record_id(record_ids, record_id):
127135 pass
128136
129137
130- def reconcile_delegation (accessee , delegate , rights ):
138+ def reconcile_delegation (accessee , delegate , right ):
131139 if not delegate or delegate .lower () == 'null' :
132140 raise NullDelegateException ()
133141
@@ -137,16 +145,20 @@ def reconcile_delegation(accessee, delegate, rights):
137145 except AccessRecord .DoesNotExist :
138146 raise NoAccessRecordException ()
139147
140- if len (rights ) > 1 :
141- raise TooManyRightsException (record = record )
142-
143148 if record .is_deleted :
144149 raise DeletedAccessRecordException (record = record )
145150
146- if len (rights ) < 1 :
147- raise EmptyDelegateRightsException (record = record )
151+ if isinstance (right , str ):
152+ if not right :
153+ raise EmptyDelegateRightsException (record = record )
154+ elif isinstance (right , list ):
155+ if len (right ) == 0 :
156+ raise EmptyDelegateRightsException (record = record )
157+ elif len (rights ) > 1 :
158+ raise TooManyRightsException (record = record )
159+
160+ right = right [0 ]
148161
149- right = next (iter (rights ))
150162 if record .access_right .name != right :
151163 raise DelegateRightMismatchException (record = record )
152164
@@ -206,6 +218,14 @@ def revoke_record(record):
206218 record .revoke ()
207219
208220
221+ def undelete_access_record (record ):
222+ logger .info ("FAILSAFE HIT" )
223+ return
224+
225+ record .is_deleted = False
226+ record .save ()
227+
228+
209229def assign_access_right (record , right ):
210230 logger .info (f"UPDATE CHANGE: mailbox { record .accessee .netid }
211231 f"delegate { record .accessor .name }
@@ -236,18 +256,16 @@ def save_conflict_record(accessee, record, delegate, rights):
236256 conflict .save ()
237257
238258
239- def get_delegations (raw ):
240- delegates = {}
241- cooked = json .loads (raw )
242- for right in [cooked ] if isinstance (cooked , dict ) else cooked :
259+ def mailbox_delegations (column ):
260+ rights = json .loads (column )
261+ for right in [rights ] if isinstance (rights , dict ) else rights :
243262 user = right ["User" ]
244263 if user and user .lower () != 'null' :
245- try :
246- delegates [user ].append (right ['AccessRights' ])
247- except KeyError :
248- delegates [user ] = [right ['AccessRights' ]]
249-
250- return delegates
264+ yield user , right ['AccessRights' ]
265+ else :
266+ logger .debug (
267+ f"NULL RIGHT: mailbox { netid } { delegate }
268+ f" right: { right } )
251269
252270
253271def access_user (a ):
0 commit comments