X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FAdmGrantRoleToPerson.py;h=36e2e250df0f18866207257b99fc7d7155b6aaf7;hb=4c450582aee96a815d62fdfa9ed65e911d37cbf7;hp=9d1cc6d158c7a407f790880b47fd1c59cfab835f;hpb=24d16d18acab3da7bccc3e09df4927e9cf2d3246;p=plcapi.git diff --git a/PLC/Methods/AdmGrantRoleToPerson.py b/PLC/Methods/AdmGrantRoleToPerson.py index 9d1cc6d..36e2e25 100644 --- a/PLC/Methods/AdmGrantRoleToPerson.py +++ b/PLC/Methods/AdmGrantRoleToPerson.py @@ -1,60 +1,11 @@ -from PLC.Faults import * -from PLC.Method import Method -from PLC.Parameter import Parameter, Mixed -from PLC.Persons import Person, Persons -from PLC.Auth import PasswordAuth -from PLC.Roles import Roles +from PLC.Methods.AddRoleToPerson import AddRoleToPerson -class AdmGrantRoleToPerson(Method): +class AdmGrantRoleToPerson(AddRoleToPerson): """ - Grants the specified role to the person. - - PIs can only grant the tech and user roles to users and techs at - their sites. Admins can grant any role to any user. - - Returns 1 if successful, faults otherwise. + Deprecated. See AddRoleToPerson. """ - roles = ['admin', 'pi'] - - accepts = [ - PasswordAuth(), - Mixed(Person.fields['person_id'], - Person.fields['email']), - Roles.fields['role_id'] - ] - - returns = Parameter(int, '1 if successful') - - def call(self, auth, person_id_or_email, role_id): - # Get all roles - roles = Roles(self.api) - if role_id not in roles: - raise PLCInvalidArgument, "Invalid role ID" - - # Get account information - persons = Persons(self.api, [person_id_or_email]) - if not persons: - raise PLCInvalidArgument, "No such account" - - person = persons.values()[0] - - # Authenticated function - assert self.caller is not None - - # Check if we can update this account - if not self.caller.can_update(person): - raise PLCPermissionDenied, "Not allowed to update specified account" - - # Can only grant lesser (higher) roles to others - if 'admin' not in self.caller['roles'] and \ - role_id <= min(self.caller['role_ids']): - raise PLCInvalidArgument, "Not allowed to grant that role" - - if role_id not in person['role_ids']: - person_id = person['person_id'] - self.api.db.do("INSERT INTO person_roles (person_id, role_id)" \ - " VALUES(%(person_id)d, %(role_id)d)", - locals()) + status = "deprecated" - return 1 + def call(self, auth, person_id_or_email, role_id_or_name): + return AddRoleToPerson.call(self, auth, role_id_or_name, person_id_or_email)