Added write policy for Slices

diff --git a/PLC/SlicesPolicy.py b/PLC/SlicesPolicy.py
index e77723f..e5eb4d9 100644 (file)
--- a/PLC/SlicesPolicy.py
+++ b/PLC/SlicesPolicy.py
@@ -18,6 +18,26 @@ class SlicesPolicy(Policy):
         slice_states = ['incoming','outgoing']
         return Policy(api, caller, slice_states)
         
+    def modify_ok(self, slice_filter, column_filter, value_filters):
+        for value_filter in value_filters:
+            # N.B. Allow foreign users to be added to local slices and
+            # local users to be added to foreign slices (and, of course,
+            # local users to be added to local slices).
+            if (value_filter['key']=='slice_person'):
+                person = value_filter['value']
+                if person['peer_id'] is not None and self['peer_id'] is not None:
+                    raise PLCInvalidArgument, "Cannot add foreign users to foreign slices"
+                
+                # If we are not admin, make sure the caller is a PI
+                # of the site associated with the slice
+                # XXX no PI check around here, which is suggested by the preceding comment
+                if 'admin' not in self.caller['roles']:
+                    if self['site_id'] not in self.caller['site_ids']:
+                        raise PLCPermissionDenied, "Not allowed to add users to this slice"
+
+        return True
+
+        
     def incoming(self, slice_filter, column_filter, value_filter):
         """ 
         Returns set of rows/columns caller is allowed to touch