From: Mark Huang <mlhuang@cs.princeton.edu>
Date: Wed, 18 Oct 2006 20:33:28 +0000 (+0000)
Subject: fix pcu site check
X-Git-Tag: pycurl-7_13_1~539
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=8bc7a27d47772dd1a2f60c4eac18bc6f21d7a9ca;p=plcapi.git

fix pcu site check
---

diff --git a/PLC/Methods/DeletePCU.py b/PLC/Methods/DeletePCU.py
index a6320ed1..ae52b43f 100644
--- a/PLC/Methods/DeletePCU.py
+++ b/PLC/Methods/DeletePCU.py
@@ -30,14 +30,8 @@ class DeletePCU(Method):
         pcu = pcus[0]
 
         if 'admin' not in self.caller['roles']:
-            ok = False
-            sites = Sites(self.api, self.caller['site_ids']).values()
-            for site in sites:
-                if pcu['pcu_id'] in site['pcu_ids']:
-                    ok = True
-                    break
-            if not ok:
-                raise PLCPermissionDenied, "Not allowed to delete that PCU"
+            if pcu['site_id'] not in self.caller['site_ids']:
+                raise PLCPermissionDenied, "Not allowed to update that PCU"
 
         pcu.delete()
 
diff --git a/PLC/Methods/GetPCUs.py b/PLC/Methods/GetPCUs.py
index 17b9670f..6da58a07 100644
--- a/PLC/Methods/GetPCUs.py
+++ b/PLC/Methods/GetPCUs.py
@@ -25,15 +25,20 @@ class GetPCUs(Method):
     def call(self, auth, pcu_ids = None):
 	# If we are not admin, make sure to only return our own PCUs
         if 'admin' not in self.caller['roles']:
+            # Get list of PCUs that we are able to view
+            sites = Sites(self.api, self.caller['site_ids']).values()
+
+            valid_pcu_ids = set()
+            for site in sites:
+                valid_pcu_ids = valid_pcu_ids.union(site['pcu_ids'])
+
             if not pcu_ids:
-                pcu_ids = []
-                sites = Sites(self.api, self.caller['site_ids']).values()
-                for site in sites:
-                    pcu_ids = set(pcu_ids).union(site['pcu_ids'])
+                pcu_ids = valid_pcu_ids
+            else:
+                pcu_ids = valid_pcu_ids.intersection(pcu_ids)
 
         pcus = PCUs(self.api, pcu_ids).values()
 
-	# turn each pcu into a real dict
 	pcus = [dict(pcu) for pcu in pcus]
 
 	return pcus
diff --git a/PLC/Methods/UpdatePCU.py b/PLC/Methods/UpdatePCU.py
index 4459b809..f133af96 100644
--- a/PLC/Methods/UpdatePCU.py
+++ b/PLC/Methods/UpdatePCU.py
@@ -39,13 +39,7 @@ class UpdatePCU(Method):
         pcu = pcus[0]
 
         if 'admin' not in self.caller['roles']:
-            ok = False
-            sites = Sites(self.api, self.caller['site_ids']).values()
-            for site in sites:
-                if pcu['pcu_id'] in site['pcu_ids']:
-                    ok = True
-                    break
-            if not ok:
+            if pcu['site_id'] not in self.caller['site_ids']:
                 raise PLCPermissionDenied, "Not allowed to update that PCU"
 
         pcu.update(pcu_fields)