From 8f69aef49a8215a76ff7e8f4477df49e57f1fec4 Mon Sep 17 00:00:00 2001
From: Sapan Bhatia <sapanbhatia@boring3.CS.Princeton.EDU>
Date: Tue, 27 Jul 2010 14:56:47 -0400
Subject: [PATCH] Added write policy for Slices

---
 PLC/SlicesPolicy.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/PLC/SlicesPolicy.py b/PLC/SlicesPolicy.py
index e77723fe..e5eb4d99 100644
--- a/PLC/SlicesPolicy.py
+++ b/PLC/SlicesPolicy.py
@@ -18,6 +18,26 @@ class SlicesPolicy(Policy):
         slice_states = ['incoming','outgoing']
         return Policy(api, caller, slice_states)
         
+    def modify_ok(self, slice_filter, column_filter, value_filters):
+        for value_filter in value_filters:
+            # N.B. Allow foreign users to be added to local slices and
+            # local users to be added to foreign slices (and, of course,
+            # local users to be added to local slices).
+            if (value_filter['key']=='slice_person'):
+                person = value_filter['value']
+                if person['peer_id'] is not None and self['peer_id'] is not None:
+                    raise PLCInvalidArgument, "Cannot add foreign users to foreign slices"
+                
+                # If we are not admin, make sure the caller is a PI
+                # of the site associated with the slice
+                # XXX no PI check around here, which is suggested by the preceding comment
+                if 'admin' not in self.caller['roles']:
+                    if self['site_id'] not in self.caller['site_ids']:
+                        raise PLCPermissionDenied, "Not allowed to add users to this slice"
+
+        return True
+
+        
     def incoming(self, slice_filter, column_filter, value_filter):
         """ 
         Returns set of rows/columns caller is allowed to touch
-- 
2.47.0