X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;ds=sidebyside;f=PLC%2FAuth.py;fp=PLC%2FAuth.py;h=7d9be9776d0b1b82a86038e3c2a2f88056a4bafb;hb=7d2b14323454c3dba9c907d75a7988ad5a0ac8dc;hp=25938c6d3ab9d59d52ae5fd7711d4761792fd9c7;hpb=e2386d7ab54feb80871179dc21e927ff0b422d20;p=plcapi.git

diff --git a/PLC/Auth.py b/PLC/Auth.py
index 25938c6..7d9be97 100644
--- a/PLC/Auth.py
+++ b/PLC/Auth.py
@@ -4,7 +4,7 @@
 # Mark Huang <mlhuang@cs.princeton.edu>
 # Copyright (C) 2006 The Trustees of Princeton University
 #
-# $Id: Auth.py,v 1.1 2006/09/06 15:36:06 mlhuang Exp $
+# $Id: Auth.py,v 1.2 2006/09/08 19:44:12 mlhuang Exp $
 #
 
 import crypt
@@ -65,7 +65,6 @@ class PasswordAuth(Auth):
             'AuthMethod': Parameter(str, "Authentication method to use, typically 'password'", False),
             'Username': Parameter(str, "PlanetLab username, typically an e-mail address", False),
             'AuthString': Parameter(str, "Authentication string, typically a password", False),
-            'Role': Parameter(str, "Role to use for this call", False)
             })
 
     def check(self, method, auth, *args):
@@ -104,10 +103,7 @@ class PasswordAuth(Auth):
                crypt.crypt(plaintext, password[:12]) != password:
                 raise PLCAuthenticationFailure, "Password verification failed"
 
-        if auth['Role'] not in person['roles']:
-            raise PLCAuthenticationFailure, "Account does not have " + auth['Role'] + " role"
-
-        if method.roles and auth['Role'] not in method.roles:
-            raise PLCAuthenticationFailure, "Cannot call with " + auth['Role'] + "role"
+        if not set(person['roles']).intersection(method.roles):
+            raise PLCAuthenticationFailure, "Not allowed to call method"
 
         method.caller = person