X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FUpdateSiteTag.py;h=a5d69f4aee73a170d1bc363d000bc3d8d183b8cf;hb=19d4a01ccf66af9e00914351b3eacd5fc880f988;hp=c7f63a304f2bc3b6027223e94bd4973a767068d9;hpb=84d214e3c398bbb172e1a4a0adc22e57179d5954;p=plcapi.git

diff --git a/PLC/Methods/UpdateSiteTag.py b/PLC/Methods/UpdateSiteTag.py
index c7f63a3..a5d69f4 100644
--- a/PLC/Methods/UpdateSiteTag.py
+++ b/PLC/Methods/UpdateSiteTag.py
@@ -1,25 +1,25 @@
-# $Id: UpdateSiteTag.py 14587 2009-07-19 13:18:50Z thierry $
-# $URL: http://svn.planet-lab.org/svn/PLCAPI/tags/PLCAPI-4.3-27/PLC/Methods/UpdateSiteTag.py $
 #
-# $Revision: 14587 $
+# Thierry Parmentelat - INRIA
 #
-
 from PLC.Faults import *
 from PLC.Method import Method
 from PLC.Parameter import Parameter, Mixed
 from PLC.Auth import Auth
 
-from PLC.SiteTags import SiteTag, SiteTags
 from PLC.Sites import Site, Sites
+from PLC.TagTypes import TagType, TagTypes
+from PLC.SiteTags import SiteTag, SiteTags
 
-from PLC.Nodes import Nodes
-from PLC.Sites import Sites
+# need to import so the core classes get decorated with caller_may_write_tag
+from PLC.AuthorizeHelpers import AuthorizeHelpers
 
 class UpdateSiteTag(Method):
     """
     Updates the value of an existing site setting
 
-    Access rights depend on the tag type.
+    Admins have full access.  Non-admins need to 
+    (1) have at least one of the roles attached to the tagtype, 
+    and (2) belong in the same site as the tagged subject.
 
     Returns 1 if successful, faults otherwise.
     """
@@ -34,35 +34,25 @@ class UpdateSiteTag(Method):
 
     returns = Parameter(int, '1 if successful')
 
-    object_type = 'Site'
-
     def call(self, auth, site_tag_id, value):
         site_tags = SiteTags(self.api, [site_tag_id])
         if not site_tags:
             raise PLCInvalidArgument, "No such site setting %r"%site_tag_id
         site_tag = site_tags[0]
 
-        ### reproducing a check from UpdateSliceTag, looks dumb though
-        sites = Sites(self.api, [site_tag['site_id']])
-        if not sites:
-            raise PLCInvalidArgument, "No such site %r"%site_tag['site_id']
-        site = sites[0]
-
-        assert site_tag['site_tag_id'] in site['site_tag_ids']
-
-	# check permission : it not admin, is the user affiliated with the right site
-	if 'admin' not in self.caller['roles']:
-	    # check caller is affiliated with this site
-	    if self.caller['person_id'] not in site['person_ids']:
-		raise PLCPermissionDenied, "Not a member of the hosting site %s"%site['abbreviated_site']
-	    
-	    required_min_role = tag_type ['min_role_id']
-	    if required_min_role is not None and \
-		    min(self.caller['role_ids']) > required_min_role:
-		raise PLCPermissionDenied, "Not allowed to modify the specified site setting, requires role %d",required_min_role
+        tag_type_id = site_tag['tag_type_id']
+        tag_type = TagTypes (self.api,[tag_type_id])[0]
 
+        sites = Sites (self.api, site_tag['site_id'])
+        if not sites:
+            raise PLCInvalidArgument, "No such site %d"%site_tag['site_id']
+        site=sites[0]
+        
+        # check authorizations
+        site.caller_may_write_tag(self.api,self.caller,tag_type)
+            
         site_tag['value'] = value
         site_tag.sync()
 
-	self.object_ids = [site_tag['site_tag_id']]
+        self.object_ids = [site_tag['site_tag_id']]
         return 1