X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FAddRoleToPerson.py;h=b90f1f987b90df87dbace9902899d97673ca18d1;hb=238d5594712b9d918636501e754a8f5816313e25;hp=2c63d5eca79ad4fefe368a5df439a03a09bcdb2a;hpb=a8e81964a7b22a0584667a0449604cccc895955a;p=plcapi.git

diff --git a/PLC/Methods/AddRoleToPerson.py b/PLC/Methods/AddRoleToPerson.py
index 2c63d5e..b90f1f9 100644
--- a/PLC/Methods/AddRoleToPerson.py
+++ b/PLC/Methods/AddRoleToPerson.py
@@ -2,15 +2,15 @@ from PLC.Faults import *
 from PLC.Method import Method
 from PLC.Parameter import Parameter, Mixed
 from PLC.Persons import Person, Persons
-from PLC.Auth import PasswordAuth
-from PLC.Roles import Roles
+from PLC.Auth import Auth
+from PLC.Roles import Role, Roles
 
 class AddRoleToPerson(Method):
     """
     Grants the specified role to the person.
     
     PIs can only grant the tech and user roles to users and techs at
-    their sites. ins can grant any role to any user.
+    their sites. Admins can grant any role to any user.
 
     Returns 1 if successful, faults otherwise.
     """
@@ -18,36 +18,33 @@ class AddRoleToPerson(Method):
     roles = ['admin', 'pi']
 
     accepts = [
-        PasswordAuth(),
+        Auth(),
+        Mixed(Role.fields['role_id'],
+              Role.fields['name']),
         Mixed(Person.fields['person_id'],
               Person.fields['email']),
-        Mixed(Parameter(int, "Role identifier"),
-              Parameter(str, "Role name"))
         ]
 
     returns = Parameter(int, '1 if successful')
 
-    def call(self, auth, person_id_or_email, role_id_or_name):
-        # Get all roles
-        roles = {}
-        for role_id, role in Roles(self.api).iteritems():
-            roles[role_id] = role['name']
-            roles[role['name']] = role_id
+    object_type = 'Person'
 
-        if role_id_or_name not in roles:
-            raise PLCInvalidArgument, "Invalid role identifier or name"
 
-        if isinstance(role_id_or_name, int):
-            role_id = role_id_or_name
-        else:
-            role_id = roles[role_id_or_name]
+    def call(self, auth, role_id_or_name, person_id_or_email):
+        # Get role
+        roles = Roles(self.api, [role_id_or_name])
+        if not roles:
+            raise PLCInvalidArgument, "Invalid role '%s'" % unicode(role_id_or_name)
+        role = roles[0]
 
         # Get account information
         persons = Persons(self.api, [person_id_or_email])
         if not persons:
             raise PLCInvalidArgument, "No such account"
+        person = persons[0]
 
-        person = persons.values()[0]
+        if person['peer_id'] is not None:
+            raise PLCInvalidArgument, "Not a local account"
 
         # Authenticated function
         assert self.caller is not None
@@ -58,10 +55,14 @@ class AddRoleToPerson(Method):
 
         # Can only grant lesser (higher) roles to others
         if 'admin' not in self.caller['roles'] and \
-           role_id <= min(self.caller['role_ids']):
+           role['role_id'] <= min(self.caller['role_ids']):
             raise PLCInvalidArgument, "Not allowed to grant that role"
 
-        if role_id not in person['role_ids']:
-            person.add_role(role_id)
+        if role['role_id'] not in person['role_ids']:
+            person.add_role(role)
+
+	self.object_ids = [person['person_id']]
+	self.message = "Role %d granted to person %d" % \
+                       (role['role_id'], person['person_id'])
 
         return 1