From: Tony Mack <tmack@cs.princeton.edu>
Date: Mon, 9 Oct 2006 15:41:03 +0000 (+0000)
Subject: - fixed allowed roles
X-Git-Tag: pycurl-7_13_1~641
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=4714de5191bcce96f08d9d0f546394813fda7f0a;p=plcapi.git

- fixed allowed roles
---

diff --git a/PLC/Methods/AddPersonToSlice.py b/PLC/Methods/AddPersonToSlice.py
index 2e9cb60f..39df45a8 100644
--- a/PLC/Methods/AddPersonToSlice.py
+++ b/PLC/Methods/AddPersonToSlice.py
@@ -13,7 +13,7 @@ class AddPersonToSlice(Method):
     Returns 1 if successful, faults otherwise.
     """
 
-    roles = ['admin']
+    roles = ['admin', 'pi']
 
     accepts = [
         PasswordAuth(),
@@ -40,7 +40,13 @@ class AddPersonToSlice(Method):
 
         slice = slices.values()[0]
 
-        if slice['slice_id'] not in person['slice_ids']:
+        # If we are not admin, make sure the caller is a pi
+        # of the site associated with the slice
+	if 'admin' not in self.caller['roles']:
+		if slice['site_id'] not in self.caller['site_ids']:
+			raise PLCPermissionDenied, "Not allowed to add users to this slice"
+
+	if slice['slice_id'] not in person['slice_ids']:
             slice.add_person(person)
 
         return 1