diff --git a/.env.example b/.env.example index 7c680ef6..d378efd7 100644 --- a/.env.example +++ b/.env.example @@ -24,6 +24,13 @@ EDU_SHARING_BASE_URL="http://localhost:8080/edu-sharing/" EDU_SHARING_USERNAME="admin" EDU_SHARING_PASSWORD="admin" +# Edu-Sharing instance that the permission script uses (different users needed due to different file locations in Edu-Sharing) +EDU_SHARING_BASE_URL="http://localhost:8080/edu-sharing/" +EDU_SHARING_USERNAME_ADMIN="admin" +EDU_SHARING_PASSWORD_ADMIN="admin" +EDU_SHARING_USERNAME_CRAWLER="admin" +EDU_SHARING_PASSWORD_CRAWLER="admin" + # If set to true, don't upload to (above mentioned) Edu-Sharing instance DRY_RUN=True diff --git a/schulcloud/permission_updater.py b/schulcloud/permission_updater.py index 5cf4bbf0..f0a46978 100644 --- a/schulcloud/permission_updater.py +++ b/schulcloud/permission_updater.py @@ -7,20 +7,26 @@ from schulcloud.util import Environment -ENV_VARS = ['EDU_SHARING_BASE_URL', 'EDU_SHARING_USERNAME', 'EDU_SHARING_PASSWORD'] +ENV_VARS = ['EDU_SHARING_BASE_URL', 'EDU_SHARING_USERNAME_CRAWLER', 'EDU_SHARING_PASSWORD_CRAWLER', + 'EDU_SHARING_USERNAME_ADMIN', 'EDU_SHARING_PASSWORD_ADMIN'] class PermissionUpdater: def __init__(self): self.env = Environment(env_vars=ENV_VARS) - self.api = EdusharingAPI( + self.api_admin = EdusharingAPI( self.env['EDU_SHARING_BASE_URL'], - self.env['EDU_SHARING_USERNAME'], - self.env['EDU_SHARING_PASSWORD'] + self.env['EDU_SHARING_USERNAME_ADMIN'], + self.env['EDU_SHARING_PASSWORD_ADMIN'], + ) + self.api_crawler = EdusharingAPI( + self.env['EDU_SHARING_BASE_URL'], + self.env['EDU_SHARING_USERNAME_CRAWLER'], + self.env['EDU_SHARING_PASSWORD_CRAWLER'], ) self.node_cache: dict[str, Node] = {} - def get_node_by_path(self, path: str) -> Node: + def get_node_by_path(self, path: str, api: EdusharingAPI) -> Node: """ Get the node of Edu-Sharing by path. @param path: Path to node @@ -32,15 +38,16 @@ def get_node_by_path(self, path: str) -> Node: pass parent_path = os.path.dirname(path) if parent_path: - parent_id = self.get_node_by_path(parent_path).id + parent_id = self.get_node_by_path(parent_path, api).id else: parent_id = '-userhome-' node_name = os.path.basename(path) node = None - for child in self.api.get_children(parent_id, type='folders'): + for child in api.get_children(parent_id, type='folders'): self.node_cache[os.path.join(parent_path, child.name)] = child if child.name == node_name: node = child + self.node_cache = {} if node is None: raise PathNotFoundException(path) else: @@ -54,16 +61,21 @@ def run(self): permissions = json.load(file)['permissions'] file.close() for permission in permissions: - print('Check', permission['path']) + if permission['path'] == "SYNC_OBJ/FWU" or permission['path'] == "SYNC_OBJ/H5P": + api = self.api_crawler + else: + api = self.api_admin try: - node = self.get_node_by_path(permission['path']) - current_groups, inherited = self.api.get_permissions_groups(node.id) + node = self.get_node_by_path(permission['path'], api) + current_groups, inherited = api.get_permissions_groups(node.id) current_groups.sort() new_groups: list[str] = permission['permitted_groups'] new_groups.sort() if not (current_groups == new_groups and inherited == permission['inherit']): - print(f'Change {current_groups} -> {new_groups}') - self.api.set_permissions(node.id, permission['permitted_groups'], permission['inherit']) + print(f'{permission["path"]} change {current_groups} -> {new_groups}') + api.set_permissions(node.id, permission['permitted_groups'], permission['inherit']) + else: + print(f'Permissions already correct: {permission["path"]}') except PathNotFoundException: print(f'Warning: Could not find {permission["path"]}', file=sys.stderr) except KeyboardInterrupt: