vorhabenACL: Check ACL on root folder too

ba09775e · Daniele Nicolodi · 15bc0b1d · ba09775e
Commit ba09775e authored 1 year ago by Daniele Nicolodi
--- a/vorhabenACL.py
+++ b/vorhabenACL.py
@@ -13,6 +13,7 @@ import openpyxl
 PATH = r'o:\4-3\4-3-Vorhaben'
 DATA = r'o:\4-3\4-3-Vorhaben\Zugriffsliste.xlsx'
+SUPERUSERS = {'benkle01', 'doersc01', 'kronja01', 'legero01', 'lisdat01', 'nicolo01', 'sterr01'}
 IDS = {
    'luecke': 2,
    'klose': 5,
@@ -212,6 +213,24 @@ def main():
 def verify(verbose):
    """Verify ACL on folders."""
    errors = 0
+    acl = get_acl(PATH)
+    for user, permissions in acl.items():
+        inherited, permissions = parse_permissions(permissions)
+        if inherited:
+            continue
+        if permissions == ('RX',):
+            continue
+        assert permissions == ('RX', 'W', 'DC'), permissions
+        domain, name = user.split('\\')
+        users = collect_users(name)
+        not_authorized = users - SUPERUSERS
+        if not_authorized:
+            print(f'. {PATH}')
+            s = ', '.join(f'{style.red}{name}{style.reset}' for name in sorted(not_authorized))
+            print(f'  {s}')
+            errors += 1
    master = parse_excel_sheet()
    for entry in sorted(os.listdir(PATH)):
        if entry.startswith('.'):
@@ -247,7 +266,7 @@ def verify(verbose):
                print(f'. {style.reset}')
                s = ', '.join(f'{style.red}{name}{style.reset}' for name in sorted(not_authorized))
                print(f'  {s}')
-                errors = 1
+                errors += 1
    sys.exit(errors)