# $Id$
+# $URL$
from PLC.Faults import *
from PLC.Method import Method
from PLC.Parameter import Parameter, Mixed
from PLC.SliceTags import SliceTag, SliceTags
+from PLC.Nodes import Node
from PLC.Slices import Slice, Slices
from PLC.InitScripts import InitScript, InitScripts
from PLC.Auth import Auth
assert slice_tag['slice_tag_id'] in slice['slice_tag_ids']
- if 'admin' not in self.caller['roles']:
- if self.caller['person_id'] in slice['person_ids']:
- pass
- elif 'pi' not in self.caller['roles']:
- raise PLCPermissionDenied, "Not a member of the specified slice"
- elif slice['site_id'] not in self.caller['site_ids']:
- raise PLCPermissionDenied, "Specified slice not associated with any of your sites"
+ if not isinstance(self.caller, Node):
+ if 'admin' not in self.caller['roles']:
+ if self.caller['person_id'] in slice['person_ids']:
+ pass
+ elif 'pi' not in self.caller['roles']:
+ raise PLCPermissionDenied, "Not a member of the specified slice"
+ elif slice['site_id'] not in self.caller['site_ids']:
+ raise PLCPermissionDenied, "Specified slice not associated with any of your sites"
- if slice_tag['min_role_id'] is not None and \
- min(self.caller['role_ids']) > slice_tag['min_role_id']:
- raise PLCPermissionDenied, "Not allowed to update the specified attribute"
+ if slice_tag['min_role_id'] is not None and \
+ min(self.caller['role_ids']) > slice_tag['min_role_id']:
+ raise PLCPermissionDenied, "Not allowed to update the specified attribute"
+ else:
+ ### make node's min_role_id == PI min_role_id
+ node_role_id = 20
+ if slice_tag['min_role_id'] is not None and node_role_id >= slice_tag['min_role_id']:
+ raise PLCPermissionDenied, "Not allowed to update the specified slice attribute"
if slice_tag['tagname'] in ['initscript']:
initscripts = InitScripts(self.api, {'enabled': True, 'name': value})