From 77f734afc7c78465e0b18bc2c25820da95c98934 Mon Sep 17 00:00:00 2001
From: Tony Mack <tmack@paris.CS.Princeton.EDU>
Date: Thu, 4 Oct 2012 13:27:01 -0400
Subject: [PATCH] implement add_role, remove_role

---
 PLC/Persons.py | 41 +++++++++++++++++++++++++++++------------
 1 file changed, 29 insertions(+), 12 deletions(-)

diff --git a/PLC/Persons.py b/PLC/Persons.py
index f6d44078..100932e4 100644
--- a/PLC/Persons.py
+++ b/PLC/Persons.py
@@ -15,10 +15,9 @@ import crypt
 from PLC.Faults import *
 from PLC.Debug import log
 from PLC.Parameter import Parameter, Mixed
-from PLC.Table import Row, Table
+from PLC.Messages import Message, Messages
 from PLC.Roles import Role, Roles
 from PLC.Keys import Key, Keys
-from PLC.Messages import Message, Messages
 from PLC.Storage.AlchemyObject import AlchemyObj
 
 class Person(AlchemyObj):
@@ -120,8 +119,34 @@ class Person(AlchemyObj):
 
         return False
 
-    #add_role = Row.add_object(Role, 'person_role')
-    #remove_role = Row.remove_object(Role, 'person_role')
+    def add_role(self, role_name, login_base=None):
+        user = self.api.client_shell.keystone.users.find(id=self['keystone_id'])
+        roles = Roles(self.api, {'name': role_name})
+        if not roles:
+            raise PLCInvalidArgument, "Role %s not found" % role_name 
+        role = roles[0]
+       
+        if login_base:
+            tenant = self.api.client_shell.keystone.tenants.find(name=login_base) 
+        else:
+            tenant = self.api.client_shell.keystone.tenants.find(id=self['tenantId'])
+          
+        self.api.client_shell.keystone.roles.add_user_role(user, role, tenant)
+    
+    def remove_role(self, role_name, login_base=None):
+        user = self.api.client_shell.keystone.users.find(id=self['keystone_id'])
+        roles = Roles(self.api, {'name': role_name})
+        if not roles:
+            raise PLCInvalidArgument, "Role %s not found" % role_name
+        role = roles[0]
+
+        if login_base:
+            tenant = self.api.client_shell.keystone.tenants.find(name=login_base)
+        else:
+            tenant = self.api.client_shell.keystone.tenants.find(id=self['tenantId'])
+
+        self.api.client_shell.keystone.roles.remove_user_role(user, role, tenant)        
+
 
     #add_key = Row.add_object(Key, 'person_key')
     #remove_key = Row.remove_object(Key, 'person_key')
@@ -156,12 +181,6 @@ class Person(AlchemyObj):
         AlchemyObj.delete(self, dict(self))
 
  
-    def get_roles(self):
-        roles = []
-        if self.tenant:
-            roles = self.api.client_shell.keystone.roles.roles_for_user(self.object, self.tenant)
-        return [role.name for role in roles] 
-
     def get_tenants_ids(self):
         tenants = []
         if self.tenantId:
@@ -183,8 +202,6 @@ class Persons(list):
             #persons = self.api.client_shell.keystone.users.findall()
             persons = Person().select()
         elif isinstance(person_filter, (list, tuple, set)):
-            #persons = self.api.client_shell.keystone.users.findall()
-            #persons = [person for person in persons if person.id in person_filter]
             ints = filter(lambda x: isinstance(x, (int, long)), person_filter)
             strs = filter(lambda x: isinstance(x, StringTypes), person_filter)
             person_filter = {'person_id': ints, 'email': strs}
-- 
2.47.0