From 96b53f394d5041e56f5fb37665e7a403bc184484 Mon Sep 17 00:00:00 2001
From: Marc Fiuczynski <mef@cs.princeton.edu>
Date: Wed, 27 May 2009 16:05:14 +0000
Subject: [PATCH] Updated can_update() and can_view() to check on "roles"
 capabilities rather than use the relative values of role_ids.  The code now
 functions even when a person has no roles whatsoever, which under certain
 error conditions can occur.

---
 PLC/Persons.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/PLC/Persons.py b/PLC/Persons.py
index ee01550e..3c49ae61 100644
--- a/PLC/Persons.py
+++ b/PLC/Persons.py
@@ -152,8 +152,8 @@ class Person(Row):
 
         if 'pi' in self['roles']:
             if set(self['site_ids']).intersection(person['site_ids']):
-                # Can update people with higher role IDs
-                return min(self['role_ids']) < min(person['role_ids'])
+                # Can update person is neither a PI or ADMIN
+                return (not (('pi' in person['roles']) or ('admin' in person['roles'])))
 
         return False
 
@@ -175,7 +175,7 @@ class Person(Row):
         if 'pi' in self['roles']:
             if set(self['site_ids']).intersection(person['site_ids']):
                 # Can view people with equal or higher role IDs
-                return min(self['role_ids']) <= min(person['role_ids'])
+                return 'admin' not in person['roles']
 
         return False
 
-- 
2.47.0