- if not isinstance(self.caller, Node):
- if 'admin' not in self.caller['roles']:
- if self.caller['person_id'] in slice['person_ids']:
- pass
- elif 'pi' not in self.caller['roles']:
- raise PLCPermissionDenied, "Not a member of the specified slice"
- elif slice['site_id'] not in self.caller['site_ids']:
- raise PLCPermissionDenied, "Specified slice not associated with any of your sites"
-
- if slice_tag['min_role_id'] is not None and \
- min(self.caller['role_ids']) > slice_tag['min_role_id']:
- raise PLCPermissionDenied, "Not allowed to update the specified attribute"
- else:
- ### make node's min_role_id == PI min_role_id
- node_role_id = 20
- if tag_type['min_role_id'] is not None and node_role_id > tag_type['min_role_id']:
- raise PLCPermissionDenied, "Not allowed to update the specified slice attribute"
-
- if slice_tag['tagname'] in ['initscript']:
+ # check authorizations
+ node_id_or_hostname=slice_tag['node_id']
+ nodegroup_id_or_name=slice_tag['nodegroup_id']
+ slice.caller_may_write_tag(self.api,self.caller,tag_type,node_id_or_hostname,nodegroup_id_or_name)
+
+ if slice_tag['tagname'] in ['initscript']: