From: Marc Fiuczynski <mef@cs.princeton.edu>
Date: Wed, 27 May 2009 16:05:14 +0000 (+0000)
Subject: Updated can_update() and can_view() to check on "roles" capabilities
X-Git-Tag: PLCAPI-4.3-16~3
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=96b53f394d5041e56f5fb37665e7a403bc184484;p=plcapi.git

Updated can_update() and can_view() to check on "roles" capabilities
rather than use the relative values of role_ids.  The code now
functions even when a person has no roles whatsoever, which under
certain error conditions can occur.
---

diff --git a/PLC/Persons.py b/PLC/Persons.py
index ee01550..3c49ae6 100644
--- a/PLC/Persons.py
+++ b/PLC/Persons.py
@@ -152,8 +152,8 @@ class Person(Row):
 
         if 'pi' in self['roles']:
             if set(self['site_ids']).intersection(person['site_ids']):
-                # Can update people with higher role IDs
-                return min(self['role_ids']) < min(person['role_ids'])
+                # Can update person is neither a PI or ADMIN
+                return (not (('pi' in person['roles']) or ('admin' in person['roles'])))
 
         return False
 
@@ -175,7 +175,7 @@ class Person(Row):
         if 'pi' in self['roles']:
             if set(self['site_ids']).intersection(person['site_ids']):
                 # Can view people with equal or higher role IDs
-                return min(self['role_ids']) <= min(person['role_ids'])
+                return 'admin' not in person['roles']
 
         return False