git://git.onelab.eu
/
plcapi.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
- send account registration e-mails from the website
[plcapi.git]
/
PLC
/
Methods
/
AddRoleToPerson.py
diff --git
a/PLC/Methods/AddRoleToPerson.py
b/PLC/Methods/AddRoleToPerson.py
index
25b54e2
..
3b583f7
100644
(file)
--- a/
PLC/Methods/AddRoleToPerson.py
+++ b/
PLC/Methods/AddRoleToPerson.py
@@
-2,15
+2,15
@@
from PLC.Faults import *
from PLC.Method import Method
from PLC.Parameter import Parameter, Mixed
from PLC.Persons import Person, Persons
from PLC.Method import Method
from PLC.Parameter import Parameter, Mixed
from PLC.Persons import Person, Persons
-from PLC.Auth import
Password
Auth
-from PLC.Roles import Roles
+from PLC.Auth import Auth
+from PLC.Roles import Role
, Role
s
class AddRoleToPerson(Method):
"""
Grants the specified role to the person.
PIs can only grant the tech and user roles to users and techs at
class AddRoleToPerson(Method):
"""
Grants the specified role to the person.
PIs can only grant the tech and user roles to users and techs at
- their sites. ins can grant any role to any user.
+ their sites.
Adm
ins can grant any role to any user.
Returns 1 if successful, faults otherwise.
"""
Returns 1 if successful, faults otherwise.
"""
@@
-18,32
+18,31
@@
class AddRoleToPerson(Method):
roles = ['admin', 'pi']
accepts = [
roles = ['admin', 'pi']
accepts = [
- PasswordAuth(),
+ Auth(),
+ Mixed(Role.fields['role_id'],
+ Role.fields['name']),
Mixed(Person.fields['person_id'],
Person.fields['email']),
Mixed(Person.fields['person_id'],
Person.fields['email']),
- Mixed(Parameter(int, "Role identifier"),
- Parameter(str, "Role name"))
]
returns = Parameter(int, '1 if successful')
]
returns = Parameter(int, '1 if successful')
- def call(self, auth, person_id_or_email, role_id_or_name):
- # Get all roles
- roles = Roles(self.api)
- if role_id_or_name not in roles:
- raise PLCInvalidArgument, "Invalid role identifier or name"
- if isinstance(role_id_or_name, int):
- role_id = role_id_or_name
- else:
- role_id = roles[role_id_or_name]
+ def call(self, auth, role_id_or_name, person_id_or_email):
+ # Get role
+ roles = Roles(self.api, [role_id_or_name])
+ if not roles:
+ raise PLCInvalidArgument, "Invalid role '%s'" % unicode(role_id_or_name)
+ role = roles[0]
# Get account information
persons = Persons(self.api, [person_id_or_email])
if not persons:
raise PLCInvalidArgument, "No such account"
# Get account information
persons = Persons(self.api, [person_id_or_email])
if not persons:
raise PLCInvalidArgument, "No such account"
+ person = persons[0]
- person = persons.values()[0]
+ if person['peer_id'] is not None:
+ raise PLCInvalidArgument, "Not a local account"
# Authenticated function
assert self.caller is not None
# Authenticated function
assert self.caller is not None
@@
-54,10
+53,14
@@
class AddRoleToPerson(Method):
# Can only grant lesser (higher) roles to others
if 'admin' not in self.caller['roles'] and \
# Can only grant lesser (higher) roles to others
if 'admin' not in self.caller['roles'] and \
- role
_id
<= min(self.caller['role_ids']):
+ role
['role_id']
<= min(self.caller['role_ids']):
raise PLCInvalidArgument, "Not allowed to grant that role"
raise PLCInvalidArgument, "Not allowed to grant that role"
- if role_id not in person['role_ids']:
- person.add_role(role_id)
+ if role['role_id'] not in person['role_ids']:
+ person.add_role(role)
+
+ self.object_ids = [person['person_id']]
+ self.message = "Role %d granted to person %d" % \
+ (role['role_id'], person['person_id'])
return 1
return 1