X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FUpdateNodeTag.py;h=d0b3d8e58b454735a49b91142996575fa8264e31;hb=5112e8a0f3d4351180804255fe00657cd72f6620;hp=cb7a6a5facc24643bbabb1290af1b4cb24b2aca9;hpb=25ca2c2fee216af894640248b6d83939f31ca327;p=plcapi.git

diff --git a/PLC/Methods/UpdateNodeTag.py b/PLC/Methods/UpdateNodeTag.py
index cb7a6a5..d0b3d8e 100644
--- a/PLC/Methods/UpdateNodeTag.py
+++ b/PLC/Methods/UpdateNodeTag.py
@@ -1,9 +1,6 @@
-# $Id$
 #
 # Thierry Parmentelat - INRIA
 #
-# $Revision: 9423 $
-#
 
 from PLC.Faults import *
 from PLC.Method import Method
@@ -12,13 +9,19 @@ from PLC.Auth import Auth
 
 from PLC.Sites import Sites
 from PLC.Nodes import Node, Nodes
+from PLC.TagTypes import TagType, TagTypes
 from PLC.NodeTags import NodeTag, NodeTags
 
+# need to import so the core classes get decorated with caller_may_write_tag
+from PLC.AuthorizeHelpers import AuthorizeHelpers
+
 class UpdateNodeTag(Method):
     """
     Updates the value of an existing node tag
 
-    Access rights depend on the node tag type.
+    Admins have full access.  Non-admins need to 
+    (1) have at least one of the roles attached to the tagtype, 
+    and (2) belong in the same site as the tagged subject.
 
     Returns 1 if successful, faults otherwise.
     """
@@ -33,39 +36,25 @@ class UpdateNodeTag(Method):
 
     returns = Parameter(int, '1 if successful')
 
-    object_type = 'Node'
-
     def call(self, auth, node_tag_id, value):
         node_tags = NodeTags(self.api, [node_tag_id])
         if not node_tags:
             raise PLCInvalidArgument, "No such node tag %r"%node_tag_id
         node_tag = node_tags[0]
 
-        ### reproducing a check from UpdateSliceTag, looks dumb though
-        nodes = Nodes(self.api, [node_tag['node_id']])
-        if not nodes:
-            raise PLCInvalidArgument, "No such node %r"%node_tag['node_id']
-        node = nodes[0]
+        tag_type_id = node_tag['tag_type_id']
+        tag_type = TagTypes (self.api,[tag_type_id])[0]
 
-        assert node_tag['node_tag_id'] in node['node_tag_ids']
+        nodes = Nodes (self.api, node_tag['node_id'])
+        if not nodes:
+            raise PLCInvalidArgument, "No such node %d"%node_tag['node_id']
+        node=nodes[0]
 
-	# check permission : it not admin, is the user affiliated with the right site
-	if 'admin' not in self.caller['roles']:
-	    # locate node
-	    node = Nodes (self.api,[node['node_id']])[0]
-	    # locate site
-	    site = Sites (self.api, [node['site_id']])[0]
-	    # check caller is affiliated with this site
-	    if self.caller['person_id'] not in site['person_ids']:
-		raise PLCPermissionDenied, "Not a member of the hosting site %s"%site['abbreviated_site']
-	    
-	    required_min_role = tag_type ['min_role_id']
-	    if required_min_role is not None and \
-		    min(self.caller['role_ids']) > required_min_role:
-		raise PLCPermissionDenied, "Not allowed to modify the specified node tag, requires role %d",required_min_role
+        # check authorizations
+        node.caller_may_write_tag(self.api,self.caller,tag_type)
 
         node_tag['value'] = value
         node_tag.sync()
 
-	self.object_ids = [node_tag['node_tag_id']]
+        self.object_ids = [node_tag['node_tag_id']]
         return 1