From: Thierry Parmentelat Date: Tue, 6 Sep 2011 15:09:21 +0000 (+0200) Subject: Merge branch 'master' of ssh://git.onelab.eu/git/plcapi X-Git-Tag: plcapi-5.0-35~1^2 X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=f1ed8fefee508394347561f0e14dbe5a3a76dc2b;hp=-c;p=plcapi.git Merge branch 'master' of ssh://git.onelab.eu/git/plcapi --- f1ed8fefee508394347561f0e14dbe5a3a76dc2b diff --combined PLC/Persons.py index 0faa3f8,1b66b4f..616cc5a --- a/PLC/Persons.py +++ b/PLC/Persons.py @@@ -143,8 -143,8 +143,8 @@@ class Person(Row) if 'pi' in self['roles']: if set(self['site_ids']).intersection(person['site_ids']): - # Can update person is neither a PI or ADMIN - return (not (('pi' in person['roles']) or ('admin' in person['roles']))) + # non-admin users cannot update a person who is neither a PI or ADMIN + return (not set(['pi','admin']).intersection(person['roles'])) return False @@@ -163,10 -163,10 +163,10 @@@ if self.can_update(person): return True - if 'pi' in self['roles'] or 'tech' in self['roles']: + # pis and techs can see all people on their site + if set(['pi','tech']).intersection(self['roles']): if set(self['site_ids']).intersection(person['site_ids']): - # Can view people with equal or higher role IDs - return 'admin' not in person['roles'] + return True return False @@@ -359,6 -359,13 +359,13 @@@ # Mark as deleted self['deleted'] = True + + # delete will fail if verification_expires exists and isn't validated + if 'verification_expires' in self: + #self['verification_expires'] = \ + #self.validate_verification_expires(self['verification_expires']) + self.pop('verification_expires') + # don't validate, so duplicates can be consistently removed self.sync(commit, validate=False)