X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FPersons.py;h=8cd2856a0a238997d7d0b6f18bcdc0216b13c659;hb=19d4a01ccf66af9e00914351b3eacd5fc880f988;hp=1b66b4fc71c6cb7ff59ce58a5bee90b760f24a79;hpb=d9107b3b2614414bc66a1c11f9cb0a4383765c1d;p=plcapi.git

diff --git a/PLC/Persons.py b/PLC/Persons.py
index 1b66b4f..8cd2856 100644
--- a/PLC/Persons.py
+++ b/PLC/Persons.py
@@ -16,7 +16,6 @@ import re
 import crypt
 
 from PLC.Faults import *
-from PLC.Debug import log
 from PLC.Parameter import Parameter, Mixed
 from PLC.Filter import Filter
 from PLC.Table import Row, Table
@@ -78,7 +77,7 @@ class Person(Row):
         Validate email address. Stolen from Mailman.
         """
         email = email.lower()
-        invalid_email = PLCInvalidArgument("Invalid e-mail address")
+        invalid_email = PLCInvalidArgument("Invalid e-mail address %s"%email)
 
         if not email:
             raise invalid_email
@@ -143,8 +142,8 @@ class Person(Row):
 
         if 'pi' in self['roles']:
             if set(self['site_ids']).intersection(person['site_ids']):
-                # Can update person is neither a PI or ADMIN
-                return (not (('pi' in person['roles']) or ('admin' in person['roles'])))
+                # non-admin users cannot update a person who is neither a PI or ADMIN
+                return (not set(['pi','admin']).intersection(person['roles']))
 
         return False
 
@@ -163,10 +162,10 @@ class Person(Row):
         if self.can_update(person):
             return True
 
-        if 'pi' in self['roles'] or 'tech' in self['roles']:
+        # pis and techs can see all people on their site
+        if set(['pi','tech']).intersection(self['roles']):
             if set(self['site_ids']).intersection(person['site_ids']):
-                # Can view people with equal or higher role IDs
-                return 'admin' not in person['roles']
+                return True
 
         return False
 
@@ -360,11 +359,10 @@ class Person(Row):
         # Mark as deleted
         self['deleted'] = True
 
-        # delete will fail if verification_expires exists and isn't validated
-        if 'verification_expires' in self:
-            #self['verification_expires'] = \
-            #self.validate_verification_expires(self['verification_expires'])
-            self.pop('verification_expires')
+        # delete will fail if timestamp fields aren't validated, so lets remove them
+        for field in ['verification_expires', 'date_created', 'last_updated']:
+            if field in self:
+                self.pop(field)
 
         # don't validate, so duplicates can be consistently removed
         self.sync(commit, validate=False)
@@ -394,7 +392,8 @@ class Persons(Table):
                 person_filter = Filter(Person.fields, {'person_id': ints, 'email': strs})
                 sql += " AND (%s) %s" % person_filter.sql(api, "OR")
             elif isinstance(person_filter, dict):
-                person_filter = Filter(Person.fields, person_filter)
+                allowed_fields=dict(Person.fields.items()+Person.tags.items())
+                person_filter = Filter(allowed_fields, person_filter)
                 sql += " AND (%s) %s" % person_filter.sql(api, "AND")
             elif isinstance (person_filter, StringTypes):
                 person_filter = Filter(Person.fields, {'email':person_filter})