From: Mark Huang Date: Thu, 7 Sep 2006 23:48:29 +0000 (+0000) Subject: - fix bad assertion since AdmGetPersons() can return [] if the caller is X-Git-Tag: pycurl-7_13_1~782 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=9d6baf14e95eec57edcaf647081ac38b1f21f216;p=plcapi.git - fix bad assertion since AdmGetPersons() can return [] if the caller is not allowed to view the specified account --- diff --git a/PLC/Methods/AdmGetPersonSites.py b/PLC/Methods/AdmGetPersonSites.py index 9c82f5b0..161042cb 100644 --- a/PLC/Methods/AdmGetPersonSites.py +++ b/PLC/Methods/AdmGetPersonSites.py @@ -5,9 +5,7 @@ from PLC.Persons import Person, Persons from PLC.Sites import Site, Sites from PLC.Auth import PasswordAuth -from PLC.Methods.AdmGetPersons import AdmGetPersons - -class AdmGetPersonSites(AdmGetPersons): +class AdmGetPersonSites(Method): """ Returns the sites that the specified person is associated with as an array of site identifiers. @@ -28,13 +26,24 @@ class AdmGetPersonSites(AdmGetPersons): returns = [Site.fields['site_id']] def call(self, auth, person_id_or_email): - persons = AdmGetPersons.call(self, auth, [person_id_or_email]) + # Get account information + persons = Persons(self.api, [person_id_or_email]) + if not persons: + raise PLCInvalidArgument, "No such account" + + person = persons.values()[0] + + # Authenticated function + assert self.caller is not None - # AdmGetPersons() validates person_id_or_email - assert persons - person = persons[0] + # Check if we can view this account + if not self.caller.can_view(person): + raise PLCPermissionDenied, "Not allowed to view specified account" # Filter out deleted sites - sites = Sites(self.api, persons['site_ids']) + # XXX This shouldn't be necessary once the join tables are cleaned up + if person['site_ids']: + sites = Sites(self.api, person['site_ids']) + return filter(lambda site_id: site_id in sites, person['site_ids']) - return [site['site_id'] for site in sites] + return person['site_ids']