permission checking on node tags factorized in Node.caller_may_write_tag

[plcapi.git] / PLC / Methods / UpdateNodeTag.py

diff --git a/PLC/Methods/UpdateNodeTag.py b/PLC/Methods/UpdateNodeTag.py
index d8b8af7..8fd0c88 100644 (file)
--- a/PLC/Methods/UpdateNodeTag.py
+++ b/PLC/Methods/UpdateNodeTag.py
@@ -12,8 +12,6 @@ from PLC.Nodes import Node, Nodes
 from PLC.TagTypes import TagType, TagTypes
 from PLC.NodeTags import NodeTag, NodeTags
 
-from PLC.AuthorizeHelpers import AuthorizeHelpers
-
 class UpdateNodeTag(Method):
     """
     Updates the value of an existing node tag
@@ -43,18 +41,14 @@ class UpdateNodeTag(Method):
 
         tag_type_id = node_tag['tag_type_id']
         tag_type = TagTypes (self.api,[tag_type_id])[0]
-        node = Nodes (self.api, node_tag['node_id'])
 
-        # check authorizations
-        if 'admin' in self.caller['roles']:
-            pass
-        elif not AuthorizeHelpers.caller_may_access_tag_type (self.api, self.caller, tag_type):
-            raise PLCPermissionDenied, "%s, forbidden tag %s"%(self.name,tag_type['tagname'])
-        elif AuthorizeHelpers.node_belongs_to_person (self.api, node, self.caller):
-            pass
-        else:
-            raise PLCPermissionDenied, "%s: you must belong in the same site as subject node"%self.name
+        nodes = Nodes (self.api, node_tag['node_id'])
+        if not nodes:
+            raise PLCInvalidArgument, "No such node %d"%node_tag['node_id']
+        node=nodes[0]
 
+        # check authorizations
+        node.caller_may_write_tag(self.api,self.caller,tag_type)
 
         node_tag['value'] = value
         node_tag.sync()