From 07450ca5ddc63ac540fe288183e0a31ce200be43 Mon Sep 17 00:00:00 2001
From: Andrew Williams <andy@tensixtyone.com>
Date: Wed, 24 Mar 2010 14:52:08 +0000
Subject: [PATCH] Moved service enable/disable functions to the update_access()
 function on the user profile

This will remove the need for the cronjob, but not totally, best still to run the cronjob to catch situations where the permission changes can be missed.
---
 cronjobs.txt  |  4 ++--
 run-cron.py   | 13 +++++++------
 sso/cron.py   | 26 --------------------------
 sso/models.py | 33 ++++++++++++++++++++++++++++++++-
 4 files changed, 41 insertions(+), 35 deletions(-)

diff --git a/cronjobs.txt b/cronjobs.txt
index f7fad56..4bec567 100644
--- a/cronjobs.txt
+++ b/cronjobs.txt
@@ -1,5 +1,5 @@
 ROOT=$HOME/auth/auth/
 
-*/5	*	*	*	*	$ROOT/run-cron.py reddit.cron UpdateAPIs
+@daily					$ROOT/run-cron.py reddit.cron UpdateAPIs
 @daily 					$ROOT/run-cron.py eve_api.cron UpdateAPIs
-@hourly 				$ROOT/run-cron.py sso.cron RemoveInvalidUsers
+*/10	*	*	*	*	$ROOT/run-cron.py sso.cron RemoveInvalidUsers
diff --git a/run-cron.py b/run-cron.py
index 4adf13f..e5830ed 100755
--- a/run-cron.py
+++ b/run-cron.py
@@ -2,12 +2,13 @@
 """Executes a Django cronjob"""
 
 import sys
+import logging
 from django.core.management import setup_environ
 import settings
 
 setup_environ(settings)
 
-logging.basicConfig(level=logging.INFO)
+logging.basicConfig(level=logging.DEBUG)
 log = logging.getLogger('runcron')
 
 try:
@@ -19,11 +20,11 @@ for i in sys.argv[1].split(".")[1:]:
     mod = getattr(mod, i)
 cron_class = getattr(mod, sys.argv[2])()
 
-log.info("Starting Job %s in %s" % (sys.argv[2], sys.argv[1])
+log.info("Starting Job %s in %s" % (sys.argv[2], sys.argv[1]))
 
-try:
-    cron_class.job()
-except:
-    log.error("Error executing job, aborting.")
+#try:
+cron_class.job()
+#except:
+#    log.error("Error executing job, aborting.")
 
 log.info("Job complete")
diff --git a/sso/cron.py b/sso/cron.py
index cb2396e..72a7e8e 100644
--- a/sso/cron.py
+++ b/sso/cron.py
@@ -23,30 +23,4 @@ class RemoveInvalidUsers():
                 # For each user, update access list based on Corp details
                 user.get_profile().update_access()
 
-                # Check each service account and disable access if they're not allowed
-                for servacc in ServiceAccount.objects.filter(user=user):
-                    if not (set(user.groups.all()) & set(servacc.service.groups.all())):
-                        if servacc.active:
-                            self._logger.info("User %s is not in allowed group for %s, deleting account" % (user.username, servacc.service))
-                            servacc.active = 0
-                            servacc.save()
-                            servacc.user.message_set.create(message="Your %s account has been disabled due to lack of permissions. If this is incorrect, check your API keys." % (servacc.service))
-                        pass
-                    else:
-                        if not servacc.active:
-                            self._logger.info("User %s is now in a allowed group for %s, enabling account" % (user.username, servacc.service))
-                            servacc.active = 1
-                            servacc.save()
-                            servacc.user.message_set.create(message="Your %s account has been re-enabled, you may need to reset your password to access this service again." % (servacc.service))
-                            pass
-
-                # For users set to not active, delete all accounts
-                if not user.is_active:
-                    print "User %s is inactive, disabling related service accounts" % user.username
-                    for servacc in ServiceAccount.objects.filter(user=user):
-                        servacc.active = 0
-                        servacc.save()
-                        pass
-
-
 
diff --git a/sso/models.py b/sso/models.py
index 55c079a..78afc1f 100644
--- a/sso/models.py
+++ b/sso/models.py
@@ -1,5 +1,6 @@
 import re
 import unicodedata
+import logging
 
 from django.db import models
 from django.db.models import signals
@@ -36,10 +37,17 @@ class SSOUser(models.Model):
     icq = models.CharField("ICQ", max_length=15, blank=True)
     xmpp = models.CharField("XMPP", max_length=200, blank=True)
 
+    @property
+    def _log(self):
+        if not hasattr(self, '__log'):
+            self.__log = logging.getLogger(self.__class__.__name__)
+        return self.__log
+
     def update_access(self):
         """ Steps through each Eve API registered to the user and updates their group 
             access accordingly """
 
+        self._log.debug("Update - User %s" % self.user)
         # Create a list of all Corp groups
         corpgroups = []
         for corp in EVEPlayerCorporation.objects.all():
@@ -64,7 +72,30 @@ class SSOUser(models.Model):
         for g in addgroups:
             self.user.groups.add(g)
 
-        print "%s, Add: %s, Del: %s, Current: %s" % (self.user, addgroups, delgroups, self.user.groups.all())
+        # For users set to not active, delete all accounts
+        if not self.user.is_active:
+            self._log.debug("Inactive - User %s" % (self.user))
+            for servacc in ServiceAccount.objects.filter(user=self.user):
+                servacc.active = 0
+                servacc.save()
+                pass
+
+        # For each of the user's services, check they're in a valid group for it and enable/disable as needed.
+        for servacc in ServiceAccount.objects.filter(user=self.user):
+            if not (set(self.user.groups.all()) & set(servacc.service.groups.all())):
+                if servacc.active:
+                    servacc.active = 0
+                    servacc.save()
+                    self._log.debug("Disabled - User %s, Acc %s" % (self.user, servacc.service))
+                    servacc.user.message_set.create(message="Your %s account has been disabled due to lack of permissions. If this is incorrect, check your API keys to see if they are valid" % (servacc.service))
+                    pass
+            else:
+                if not servacc.active:
+                    servacc.active = 1
+                    servacc.save()
+                    self._log.debug("Enabled - User %s, Acc %s" % (self.user, servacc.service))
+                    servacc.user.message_set.create(message="Your %s account has been re-enabled, you may need to reset your password to access this service again" % (servacc.service))
+                    pass
 
     def __str__(self):
         return self.user.__str__()