X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FDeleteRoleFromPerson.py;h=28dedfb076ba2be9a4f74a655094ed573537779c;hb=5d8a25ab329d0c44d34645b0ddeacba2f02331eb;hp=1119ad450229fd729b41a55d68b01c0d2eab2499;hpb=d4c363a3ee55334eacd91f303adf6ecc20055d1e;p=plcapi.git

diff --git a/PLC/Methods/DeleteRoleFromPerson.py b/PLC/Methods/DeleteRoleFromPerson.py
index 1119ad4..28dedfb 100644
--- a/PLC/Methods/DeleteRoleFromPerson.py
+++ b/PLC/Methods/DeleteRoleFromPerson.py
@@ -1,3 +1,5 @@
+# $Id$
+# $URL$
 from PLC.Faults import *
 from PLC.Method import Method
 from PLC.Parameter import Parameter, Mixed
@@ -8,7 +10,7 @@ from PLC.Roles import Role, Roles
 class DeleteRoleFromPerson(Method):
     """
     Deletes the specified role from the person.
-    
+
     PIs can only revoke the tech and user roles from users and techs
     at their sites. ins can revoke any role from any user.
 
@@ -27,29 +29,22 @@ class DeleteRoleFromPerson(Method):
 
     returns = Parameter(int, '1 if successful')
 
-
     def call(self, auth, role_id_or_name, person_id_or_email):
-        # Get all roles
-        roles = {}
-        for role in Roles(self.api):
-            roles[role['role_id']] = role['name']
-            roles[role['name']] = role['role_id']
-
-        if role_id_or_name not in roles:
-            raise PLCInvalidArgument, "Invalid role identifier or name"
-
-        if isinstance(role_id_or_name, int):
-            role_id = role_id_or_name
-        else:
-            role_id = roles[role_id_or_name]
+        # Get role
+        roles = Roles(self.api, [role_id_or_name])
+        if not roles:
+            raise PLCInvalidArgument, "Invalid role '%s'" % unicode(role_id_or_name)
+        role = roles[0]
 
         # Get account information
         persons = Persons(self.api, [person_id_or_email])
         if not persons:
             raise PLCInvalidArgument, "No such account"
-
         person = persons[0]
 
+        if person['peer_id'] is not None:
+            raise PLCInvalidArgument, "Not a local account"
+
         # Authenticated function
         assert self.caller is not None
 
@@ -59,12 +54,16 @@ class DeleteRoleFromPerson(Method):
 
         # Can only revoke lesser (higher) roles from others
         if 'admin' not in self.caller['roles'] and \
-           role_id <= min(self.caller['role_ids']):
+           role['role_id'] <= min(self.caller['role_ids']):
             raise PLCPermissionDenied, "Not allowed to revoke that role"
 
-        if role_id in person['role_ids']:
-            person.remove_role(role_id)
-	
-	self.object_ids = [person['person_id']]
+        if role['role_id'] in person['role_ids']:
+            person.remove_role(role)
+
+        # Logging variables
+        self.event_objects = {'Person': [person['person_id']],
+                              'Role': [role['role_id']]}
+        self.message = "Role %d revoked from person %d" % \
+                       (role['role_id'], person['person_id'])
 
         return 1