X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FUpdatePersonTag.py;h=23ab6ab9bb24a927cf6f43cc8671f4c96e275f4c;hb=19d4a01ccf66af9e00914351b3eacd5fc880f988;hp=41626846ae2e5e5b2ac0964cddb987b6f7c61e99;hpb=641a829a3412936f80849d2bb43af54c4480d197;p=plcapi.git

diff --git a/PLC/Methods/UpdatePersonTag.py b/PLC/Methods/UpdatePersonTag.py
index 4162684..23ab6ab 100644
--- a/PLC/Methods/UpdatePersonTag.py
+++ b/PLC/Methods/UpdatePersonTag.py
@@ -1,25 +1,23 @@
-# $Id: UpdatePersonTag.py 14587 2009-07-19 13:18:50Z thierry $
-# $URL: http://svn.planet-lab.org/svn/PLCAPI/tags/PLCAPI-4.3-27/PLC/Methods/UpdatePersonTag.py $
 #
-# $Revision: 14587 $
+# Thierry Parmentelat - INRIA
 #
-
 from PLC.Faults import *
 from PLC.Method import Method
 from PLC.Parameter import Parameter, Mixed
 from PLC.Auth import Auth
 
-from PLC.PersonTags import PersonTag, PersonTags
 from PLC.Persons import Person, Persons
+from PLC.TagTypes import TagType, TagTypes
+from PLC.PersonTags import PersonTag, PersonTags
 
-from PLC.Nodes import Nodes
-from PLC.Persons import Persons
+# need to import so the core classes get decorated with caller_may_write_tag
+from PLC.AuthorizeHelpers import AuthorizeHelpers
 
 class UpdatePersonTag(Method):
     """
     Updates the value of an existing person setting
 
-    Access rights depend on the tag type.
+    Admins have full access.  Non-admins can change their own tags.
 
     Returns 1 if successful, faults otherwise.
     """
@@ -34,34 +32,22 @@ class UpdatePersonTag(Method):
 
     returns = Parameter(int, '1 if successful')
 
-    object_type = 'Person'
-
     def call(self, auth, person_tag_id, value):
         person_tags = PersonTags(self.api, [person_tag_id])
         if not person_tags:
             raise PLCInvalidArgument, "No such person setting %r"%person_tag_id
         person_tag = person_tags[0]
 
-        ### reproducing a check from UpdateSliceTag, looks dumb though
-        persons = Persons(self.api, [person_tag['person_id']])
-        if not persons:
-            raise PLCInvalidArgument, "No such person %r"%person_tag['person_id']
-        person = persons[0]
-
-        assert person_tag['person_tag_id'] in person['person_tag_ids']
+        tag_type_id = person_tag['tag_type_id']
+        tag_type = TagTypes (self.api,[tag_type_id])[0]
 
-        # check permission : it not admin, is the user affiliated with the right person
-        if 'admin' not in self.caller['roles']:
-            # check caller is affiliated with this person's person
-            if not self.caller.can_update(person):
-                raise PLCPermissionDenied, "person_id %s doesn't have access to person_tag_id %s" % (
-                    person['person_id'],
-                    person_tag['person_tag_id'])
+        persons = Persons (self.api, person_tag['person_id'])
+        if not persons:
+            raise PLCInvalidArgument, "No such person %d"%person_tag['person_id']
+        person=persons[0]
 
-            required_min_role = person_tag['min_role_id']
-            if required_min_role is not None and \
-                    min(self.caller['role_ids']) > required_min_role:
-                raise PLCPermissionDenied, "Not allowed to modify the specified person setting, requires role %d" % required_min_role
+        # check authorizations
+        person.caller_may_write_tag(self.api,self.caller,tag_type)
 
         person_tag['value'] = value
         person_tag.sync()