library/roles/dnet_user_services_perms: Manage the case of existing files inside the directories where we set ACLs.

dnet_user_services_perms/defaults/main.yml

@@ -13,8 +13,9 @@ dnet_log_directories:
 
 # Define the following if you want some directories readable and writable by the dnet group but outside the dnet app data dirs
 #dnet_users_data_directories:
-#  - { name: '/data/1', create: 'True' }
+#  - { name: '/data/1', create: True }
-#  - { name: '/data/2', create: 'False' }
+#  - { name: '/data/2', create: False, file: False }
+#  - { name: '/data/bah', create: False, file: True }
 
 # Define the following array when you want to add commands to the sudoers file
 #dnet_sudo_commands:

dnet_user_services_perms/tasks/dnet-users-data-dirs.yml

@@ -2,16 +2,24 @@
 - name: Create the users dnet data dirs
   file: name={{ item.name }} state=directory owner=root group={{ dnet_group }} mode=0750
   with_items: dnet_users_data_directories
-  when: item.create
+  when: item.create and not item.file
   tags: [ 'dnet', 'users' ]
 
-- name: Set the read/write permissions on the users dnet data dirs
+- name: Set the read/write/access permissions on the users dnet data dirs
   acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions=rwx state=present
   with_items: dnet_users_data_directories
+  when: not item.file
   tags: [ 'dnet', 'users' ]
 
-- name: Set the default read/write permissions on the users dnet data dirs
+- name: Set the default read/write/access permissions on the users dnet data dirs
   acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
   with_items: dnet_users_data_directories
+  when: not item.file
+  tags: [ 'dnet', 'users' ]
+
+- name: Set the read/write permissions on pre-existing files inside the users dnet data dirs
+  acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions=rw state=present
+  with_items: dnet_users_data_directories
+  when: item.file
   tags: [ 'dnet', 'users' ]