X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FAddPersonToSlice.py;h=943393b9c70220ad708ea17cec8be61001ac6297;hb=12d17e7f285289f67146404be7bfe8862daf731c;hp=2e9cb60fcd9d3b7ddc3b57b02485055831f58f04;hpb=3f3ba2ea5d0a6364f24d0f654554f83dbf643325;p=plcapi.git

diff --git a/PLC/Methods/AddPersonToSlice.py b/PLC/Methods/AddPersonToSlice.py
index 2e9cb60..943393b 100644
--- a/PLC/Methods/AddPersonToSlice.py
+++ b/PLC/Methods/AddPersonToSlice.py
@@ -3,7 +3,7 @@ from PLC.Method import Method
 from PLC.Parameter import Parameter, Mixed
 from PLC.Persons import Person, Persons
 from PLC.Slices import Slice, Slices
-from PLC.Auth import PasswordAuth
+from PLC.Auth import Auth
 
 class AddPersonToSlice(Method):
     """
@@ -13,10 +13,10 @@ class AddPersonToSlice(Method):
     Returns 1 if successful, faults otherwise.
     """
 
-    roles = ['admin']
+    roles = ['admin', 'pi']
 
     accepts = [
-        PasswordAuth(),
+        Auth(),
         Mixed(Person.fields['person_id'],
               Person.fields['email']),
         Mixed(Slice.fields['slice_id'],
@@ -30,17 +30,30 @@ class AddPersonToSlice(Method):
         persons = Persons(self.api, [person_id_or_email])
         if not persons:
             raise PLCInvalidArgument, "No such account"
-
-        person = persons.values()[0]
+        person = persons[0]
 
         # Get slice information
         slices = Slices(self.api, [slice_id_or_name])
         if not slices:
             raise PLCInvalidArgument, "No such slice"
+        slice = slices[0]
+
+        # N.B. Allow foreign users to be added to local slices and
+        # local users to be added to foreign slices (and, of course,
+        # local users to be added to local slices).
+        if person['peer_id'] is not None and slice['peer_id'] is not None:
+            raise PLCInvalidArgument, "Cannot add foreign users to foreign slices"
 
-        slice = slices.values()[0]
+        # If we are not admin, make sure the caller is a PI
+        # of the site associated with the slice
+	if 'admin' not in self.caller['roles']:
+            if slice['site_id'] not in self.caller['site_ids']:
+                raise PLCPermissionDenied, "Not allowed to add users to this slice"
 
-        if slice['slice_id'] not in person['slice_ids']:
+	if slice['slice_id'] not in person['slice_ids']:
             slice.add_person(person)
 
+        # Logging variables
+	self.object_ids = [slice['slice_id']]
+
         return 1