From 29f67d04bb0fb6773eb1b2458d0f262d63302bd1 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@sevenseas.org>
Date: Fri, 28 Aug 2015 20:06:40 +0200
Subject: [PATCH] library/roles/dnet_user_services_perms: Manage the case of
 existing files inside the directories where we set ACLs.

---
 dnet_user_services_perms/defaults/main.yml         |  5 +++--
 .../tasks/dnet-users-data-dirs.yml                 | 14 +++++++++++---
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/dnet_user_services_perms/defaults/main.yml b/dnet_user_services_perms/defaults/main.yml
index 86970e34..48288740 100644
--- a/dnet_user_services_perms/defaults/main.yml
+++ b/dnet_user_services_perms/defaults/main.yml
@@ -13,8 +13,9 @@ dnet_log_directories:
 
 # Define the following if you want some directories readable and writable by the dnet group but outside the dnet app data dirs
 #dnet_users_data_directories:
-#  - { name: '/data/1', create: 'True' }
-#  - { name: '/data/2', create: 'False' }
+#  - { name: '/data/1', create: True }
+#  - { name: '/data/2', create: False, file: False }
+#  - { name: '/data/bah', create: False, file: True }
 
 # Define the following array when you want to add commands to the sudoers file
 #dnet_sudo_commands:
diff --git a/dnet_user_services_perms/tasks/dnet-users-data-dirs.yml b/dnet_user_services_perms/tasks/dnet-users-data-dirs.yml
index 90f03a27..ea97b2e8 100644
--- a/dnet_user_services_perms/tasks/dnet-users-data-dirs.yml
+++ b/dnet_user_services_perms/tasks/dnet-users-data-dirs.yml
@@ -2,16 +2,24 @@
 - name: Create the users dnet data dirs
   file: name={{ item.name }} state=directory owner=root group={{ dnet_group }} mode=0750
   with_items: dnet_users_data_directories
-  when: item.create
+  when: item.create and not item.file
   tags: [ 'dnet', 'users' ]
 
-- name: Set the read/write permissions on the users dnet data dirs
+- name: Set the read/write/access permissions on the users dnet data dirs
   acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions=rwx state=present
   with_items: dnet_users_data_directories
+  when: not item.file
   tags: [ 'dnet', 'users' ]
 
-- name: Set the default read/write permissions on the users dnet data dirs
+- name: Set the default read/write/access permissions on the users dnet data dirs
   acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
   with_items: dnet_users_data_directories
+  when: not item.file
+  tags: [ 'dnet', 'users' ]
+
+- name: Set the read/write permissions on pre-existing files inside the users dnet data dirs
+  acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions=rw state=present
+  with_items: dnet_users_data_directories
+  when: item.file
   tags: [ 'dnet', 'users' ]