X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FUpdateSliceTag.py;h=5eff0c37f94b6feee1e53bcf8af3f8435887ee8a;hb=da06561d0f5240a5409474e16824e4e015f31fac;hp=e8b8b33d3411a45dbecb15b0f3b5d1e2bb7cd732;hpb=0c28b6c095054293cc35c75a7a601486a4c249ff;p=plcapi.git

diff --git a/PLC/Methods/UpdateSliceTag.py b/PLC/Methods/UpdateSliceTag.py
index e8b8b33..5eff0c3 100644
--- a/PLC/Methods/UpdateSliceTag.py
+++ b/PLC/Methods/UpdateSliceTag.py
@@ -6,13 +6,17 @@ from PLC.Method import Method
 from PLC.Parameter import Parameter, Mixed
 from PLC.Auth import Auth
 
-from PLC.SliceTags import SliceTag, SliceTags
+from PLC.TagTypes import TagTypes, TagType
 from PLC.Nodes import Node
 from PLC.Slices import Slice, Slices
+from PLC.SliceTags import SliceTag, SliceTags
 from PLC.InitScripts import InitScript, InitScripts
 
 from PLC.AuthorizeHelpers import AuthorizeHelpers
 
+# need to import so the core classes get decorated with caller_may_write_tag
+from PLC.AuthorizeHelpers import AuthorizeHelpers
+
 class UpdateSliceTag(Method):
     """
     Updates the value of an existing slice or sliver attribute.
@@ -42,30 +46,20 @@ class UpdateSliceTag(Method):
             raise PLCInvalidArgument, "No such slice attribute"
         slice_tag = slice_tags[0]
 
+        tag_type_id = slice_tag['tag_type_id']
+        tag_type = TagTypes (self.api,[tag_type_id])[0]
+
         slices = Slices(self.api, [slice_tag['slice_id']])
         if not slices:
-            raise PLCInvalidArgument, "No such slice"
+            raise PLCInvalidArgument, "No such slice %d"%slice_tag['slice_id']
         slice = slices[0]
 
         assert slice_tag['slice_tag_id'] in slice['slice_tag_ids']
 
-        if not isinstance(self.caller, Node):
-            if 'admin' not in self.caller['roles']:
-                if self.caller['person_id'] in slice['person_ids']:
-                    pass
-                elif 'pi' not in self.caller['roles']:
-                    raise PLCPermissionDenied, "Not a member of the specified slice"
-                elif slice['site_id'] not in self.caller['site_ids']:
-                    raise PLCPermissionDenied, "Specified slice not associated with any of your sites"
-
-                if slice_tag['min_role_id'] is not None and \
-                       min(self.caller['role_ids']) > slice_tag['min_role_id']:
-                    raise PLCPermissionDenied, "Not allowed to update the specified attribute"
-        else:
-            ### make node's min_role_id == PI min_role_id
-            node_role_id = 20
-            if slice_tag['min_role_id'] is not None and node_role_id > slice_tag['min_role_id']:
-                raise PLCPermissionDenied, "Not allowed to update the specified slice attribute"
+        # check authorizations
+        node_id_or_hostname=slice_tag['node_id']
+        nodegroup_id_or_name=slice_tag['nodegroup_id']
+        slice.caller_may_write_tag(self.api,self.caller,tag_type,node_id_or_hostname,nodegroup_id_or_name)
 
         if slice_tag['tagname'] in ['initscript']:
             initscripts = InitScripts(self.api, {'enabled': True, 'name': value})