X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FAddNodeTag.py;h=50801311fc3c3b299ded172ce3aece57d3100c91;hb=366a9cc3c0def815f9d95226c9c6790371ae84d0;hp=81e46c08502b2e69a61a9a64dea32ad35e10efd7;hpb=d25787ab5419aae9b6070b61eaead9f8dd421c40;p=plcapi.git

diff --git a/PLC/Methods/AddNodeTag.py b/PLC/Methods/AddNodeTag.py
index 81e46c0..5080131 100644
--- a/PLC/Methods/AddNodeTag.py
+++ b/PLC/Methods/AddNodeTag.py
@@ -1,10 +1,6 @@
-# $Id$
-# $URL$
 #
 # Thierry Parmentelat - INRIA
 #
-# $Revision: 9423 $
-#
 from PLC.Faults import *
 from PLC.Method import Method
 from PLC.Parameter import Parameter, Mixed
@@ -15,14 +11,17 @@ from PLC.Nodes import Node, Nodes
 from PLC.TagTypes import TagType, TagTypes
 from PLC.NodeTags import NodeTag, NodeTags
 
+# need to import so the core classes get decorated with caller_may_write_tag
+from PLC.AuthorizeHelpers import AuthorizeHelpers
 
 class AddNodeTag(Method):
     """
     Sets the specified tag for the specified node
     to the specified value.
 
-    In general only tech(s), PI(s) and of course admin(s) are allowed to
-    do the change, but this is defined in the node tag type object.
+    Admins have full access.  Non-admins need to 
+    (1) have at least one of the roles attached to the tagtype, 
+    and (2) belong in the same site as the tagged subject.
 
     Returns the new node_tag_id (> 0) if successful, faults
     otherwise.
@@ -42,9 +41,6 @@ class AddNodeTag(Method):
 
     returns = Parameter(int, 'New node_tag_id (> 0) if successful')
 
-    object_type = 'Node'
-
-
     def call(self, auth, node_id, tag_type_id_or_name, value):
         nodes = Nodes(self.api, [node_id])
         if not nodes:
@@ -56,29 +52,17 @@ class AddNodeTag(Method):
             raise PLCInvalidArgument, "No such node tag type %r"%tag_type_id_or_name
         tag_type = tag_types[0]
 
-	# checks for existence - does not allow several different tags
+        # checks for existence - does not allow several different tags
         conflicts = NodeTags(self.api,
                                         {'node_id':node['node_id'],
                                          'tag_type_id':tag_type['tag_type_id']})
 
         if len(conflicts) :
             raise PLCInvalidArgument, "Node %d already has tag %d"%(node['node_id'],
-                                                                               tag_type['tag_type_id'])
-
-	# check permission : it not admin, is the user affiliated with the right site
-	if 'admin' not in self.caller['roles']:
-	    # locate node
-	    node = Nodes (self.api,[node['node_id']])[0]
-	    # locate site
-	    site = Sites (self.api, [node['site_id']])[0]
-	    # check caller is affiliated with this site
-	    if self.caller['person_id'] not in site['person_ids']:
-		raise PLCPermissionDenied, "Not a member of the hosting site %s"%site['abbreviated_site']
-	    
-	    required_min_role = tag_type ['min_role_id']
-	    if required_min_role is not None and \
-		    min(self.caller['role_ids']) > required_min_role:
-		raise PLCPermissionDenied, "Not allowed to modify the specified node tag, requires role %d"%required_min_role
+                                                                    tag_type['tag_type_id'])
+
+        # check authorizations
+        node.caller_may_write_tag(self.api,self.caller,tag_type)
 
         node_tag = NodeTag(self.api)
         node_tag['node_id'] = node['node_id']
@@ -86,6 +70,6 @@ class AddNodeTag(Method):
         node_tag['value'] = value
 
         node_tag.sync()
-	self.object_ids = [node_tag['node_tag_id']]
+        self.object_ids = [node_tag['node_tag_id']]
 
         return node_tag['node_tag_id']