add role at all of user's currnet sites if site is not specified

[plcapi.git] / PLC / Persons.py

diff --git a/PLC/Persons.py b/PLC/Persons.py
index f6d4407..8170a71 100644 (file)
--- a/PLC/Persons.py
+++ b/PLC/Persons.py
@@ -15,10 +15,9 @@ import crypt
 from PLC.Faults import *
 from PLC.Debug import log
 from PLC.Parameter import Parameter, Mixed
-from PLC.Table import Row, Table
+from PLC.Messages import Message, Messages
 from PLC.Roles import Role, Roles
 from PLC.Keys import Key, Keys
-from PLC.Messages import Message, Messages
 from PLC.Storage.AlchemyObject import AlchemyObj
 
 class Person(AlchemyObj):
@@ -120,8 +119,50 @@ class Person(AlchemyObj):
 
         return False
 
-    #add_role = Row.add_object(Role, 'person_role')
-    #remove_role = Row.remove_object(Role, 'person_role')
+    def add_role(self, role_name, login_base=None):
+        user = self.api.client_shell.keystone.users.find(id=self['keystone_id'])
+        roles = Roles(self.api, {'name': role_name})
+        if not roles:
+            raise PLCInvalidArgument, "Role %s not found" % role_name 
+        role = roles[0]
+      
+        if login_base:
+            # add role at the requested site
+            tenant = self.api.client_shell.keystone.tenants.find(name=login_base) 
+            self.api.client_shell.keystone.roles.add_user_role(user, role, tenant)
+        else:
+            from PLC.Sites import Sites
+            # add role to at all of users sites
+            if not self['site_ids']:
+                raise PLCInvalidArgument, "Cannot add role unless user already belongs to a site or a valid site is specified"
+            for site_id in self['site_ids']:
+                sites = Sites(self.api, {'site_id': site_id})
+                site = sites[0]
+                tenant = self.api.client_shell.keystone.tenants.find(id=site['tenant_id'])
+                self.api.client_shell.keystone.roles.add_user_role(user, role, tenant)
+    
+    def remove_role(self, role_name, login_base=None):
+        user = self.api.client_shell.keystone.users.find(id=self['keystone_id'])
+        roles = Roles(self.api, {'name': role_name})
+        if not roles:
+            raise PLCInvalidArgument, "Role %s not found" % role_name
+        role = roles[0]
+
+        if login_base:
+            # add role at the requested site
+            tenant = self.api.client_shell.keystone.tenants.find(name=login_base)
+            self.api.client_shell.keystone.roles.add_user_role(user, role, tenant)
+        else:
+            from PLC.Sites import Sites
+            # add role to at all of users sites
+            if not self['site_ids']:
+                raise PLCInvalidArgument, "Cannot add role unless user already belongs to a site or a valid site
+ is specified"
+            for site_id in self['site_ids']:
+                sites = Sites(self.api, {'site_id': site_id})
+                site = sites[0]
+                tenant = self.api.client_shell.keystone.tenants.find(id=site['tenant_id'])
+                self.api.client_shell.keystone.roles.remove_user_role(user, role, tenant)
 
     #add_key = Row.add_object(Key, 'person_key')
     #remove_key = Row.remove_object(Key, 'person_key')
@@ -156,12 +197,6 @@ class Person(AlchemyObj):
         AlchemyObj.delete(self, dict(self))
 
  
-    def get_roles(self):
-        roles = []
-        if self.tenant:
-            roles = self.api.client_shell.keystone.roles.roles_for_user(self.object, self.tenant)
-        return [role.name for role in roles] 
-
     def get_tenants_ids(self):
         tenants = []
         if self.tenantId:
@@ -183,8 +218,6 @@ class Persons(list):
             #persons = self.api.client_shell.keystone.users.findall()
             persons = Person().select()
         elif isinstance(person_filter, (list, tuple, set)):
-            #persons = self.api.client_shell.keystone.users.findall()
-            #persons = [person for person in persons if person.id in person_filter]
             ints = filter(lambda x: isinstance(x, (int, long)), person_filter)
             strs = filter(lambda x: isinstance(x, StringTypes), person_filter)
             person_filter = {'person_id': ints, 'email': strs}