1 from PLC.Faults import *
2 from PLC.Method import Method
3 from PLC.Parameter import Parameter, Mixed
4 from PLC.Persons import Person, Persons
5 from PLC.Auth import Auth
6 from PLC.Roles import Role, Roles
8 class AddRoleToPerson(Method):
10 Grants the specified role to the person.
12 PIs can only grant the tech and user roles to users and techs at
13 their sites. Admins can grant any role to any user.
15 Returns 1 if successful, faults otherwise.
18 roles = ['admin', 'pi']
22 Mixed(Role.fields['id'],
24 Mixed(Person.fields['person_id'],
25 Person.fields['email']),
28 returns = Parameter(int, '1 if successful')
30 def call(self, auth, role_id_or_name, person_id_or_email):
32 roles = Roles(self.api, [role_id_or_name])
34 raise PLCInvalidArgument, "Invalid role '%s'" % unicode(role_id_or_name)
37 # Get account information
38 persons = Persons(self.api, [person_id_or_email])
40 raise PLCInvalidArgument, "No such account"
43 # Authenticated function
44 assert self.caller is not None
46 # Check if we can update this account
47 if not self.caller.can_update(person):
48 raise PLCPermissionDenied, "Not allowed to update specified account"
50 # Can only grant lesser (higher) roles to others
51 if 'admin' not in self.caller['roles'] and \
52 role['role_id'] <= min(self.caller['role_ids']):
53 raise PLCInvalidArgument, "Not allowed to grant that role"
55 if role['role_id'] not in person['role_ids']: