From: Tony Mack <tmack@paris.CS.Princeton.EDU>
Date: Fri, 5 Oct 2012 01:40:53 +0000 (-0400)
Subject: add role at all of user's currnet sites if site is not specified
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=c075188576eb7f5789e51f5face6af4282631ea7;p=plcapi.git

add role at all of user's currnet sites if site is not specified
---

diff --git a/PLC/Persons.py b/PLC/Persons.py
index 100932e4..8170a713 100644
--- a/PLC/Persons.py
+++ b/PLC/Persons.py
@@ -125,13 +125,21 @@ class Person(AlchemyObj):
         if not roles:
             raise PLCInvalidArgument, "Role %s not found" % role_name 
         role = roles[0]
-       
+      
         if login_base:
+            # add role at the requested site
             tenant = self.api.client_shell.keystone.tenants.find(name=login_base) 
+            self.api.client_shell.keystone.roles.add_user_role(user, role, tenant)
         else:
-            tenant = self.api.client_shell.keystone.tenants.find(id=self['tenantId'])
-          
-        self.api.client_shell.keystone.roles.add_user_role(user, role, tenant)
+            from PLC.Sites import Sites
+            # add role to at all of users sites
+            if not self['site_ids']:
+                raise PLCInvalidArgument, "Cannot add role unless user already belongs to a site or a valid site is specified"
+            for site_id in self['site_ids']:
+                sites = Sites(self.api, {'site_id': site_id})
+                site = sites[0]
+                tenant = self.api.client_shell.keystone.tenants.find(id=site['tenant_id'])
+                self.api.client_shell.keystone.roles.add_user_role(user, role, tenant)
     
     def remove_role(self, role_name, login_base=None):
         user = self.api.client_shell.keystone.users.find(id=self['keystone_id'])
@@ -141,12 +149,20 @@ class Person(AlchemyObj):
         role = roles[0]
 
         if login_base:
+            # add role at the requested site
             tenant = self.api.client_shell.keystone.tenants.find(name=login_base)
+            self.api.client_shell.keystone.roles.add_user_role(user, role, tenant)
         else:
-            tenant = self.api.client_shell.keystone.tenants.find(id=self['tenantId'])
-
-        self.api.client_shell.keystone.roles.remove_user_role(user, role, tenant)        
-
+            from PLC.Sites import Sites
+            # add role to at all of users sites
+            if not self['site_ids']:
+                raise PLCInvalidArgument, "Cannot add role unless user already belongs to a site or a valid site
+ is specified"
+            for site_id in self['site_ids']:
+                sites = Sites(self.api, {'site_id': site_id})
+                site = sites[0]
+                tenant = self.api.client_shell.keystone.tenants.find(id=site['tenant_id'])
+                self.api.client_shell.keystone.roles.remove_user_role(user, role, tenant)
 
     #add_key = Row.add_object(Key, 'person_key')
     #remove_key = Row.remove_object(Key, 'person_key')