class AddRoleToPerson(Method):
"""
Grants the specified role to the person.
-
+
PIs can only grant the tech and user roles to users and techs at
their sites. Admins can grant any role to any user.
returns = Parameter(int, '1 if successful')
- event_type = 'AddTo'
- object_type = 'Person'
-
def call(self, auth, role_id_or_name, person_id_or_email):
- # Get all roles
- roles = {}
- for role in Roles(self.api):
- roles[role['role_id']] = role['name']
- roles[role['name']] = role['role_id']
-
- if role_id_or_name not in roles:
- raise PLCInvalidArgument, "Invalid role identifier or name"
-
- if isinstance(role_id_or_name, int):
- role_id = role_id_or_name
- else:
- role_id = roles[role_id_or_name]
+ # Get role
+ roles = Roles(self.api, [role_id_or_name])
+ if not roles:
+ raise PLCInvalidArgument, "Invalid role '%s'" % unicode(role_id_or_name)
+ role = roles[0]
# Get account information
persons = Persons(self.api, [person_id_or_email])
if not persons:
raise PLCInvalidArgument, "No such account"
-
person = persons[0]
+ if person['peer_id'] is not None:
+ raise PLCInvalidArgument, "Not a local account"
+
# Authenticated function
assert self.caller is not None
# Can only grant lesser (higher) roles to others
if 'admin' not in self.caller['roles'] and \
- role_id <= min(self.caller['role_ids']):
+ role['role_id'] <= min(self.caller['role_ids']):
raise PLCInvalidArgument, "Not allowed to grant that role"
- if role_id not in person['role_ids']:
- person.add_role(role_id)
+ if role['role_id'] not in person['role_ids']:
+ person.add_role(role)
- self.object_ids = [person['person_id']]
+ self.event_objects = {'Person': [person['person_id']],
+ 'Role': [role['role_id']]}
+ self.message = "Role %d granted to person %d" % \
+ (role['role_id'], person['person_id'])
return 1
git://git.onelab.eu / plcapi.git / blobdiff