From f7c99e06f5fb6ece8c760704edada88e3d2e2ef8 Mon Sep 17 00:00:00 2001
From: Mark Huang <mlhuang@cs.princeton.edu>
Date: Thu, 11 Jan 2007 05:53:14 +0000
Subject: [PATCH] - simplify role validation - remove PLCCheckLocal functions,
 be more explicit about the error in   each method

---
 PLC/Methods/AddRoleToPerson.py | 31 ++++++++++++-------------------
 1 file changed, 12 insertions(+), 19 deletions(-)

diff --git a/PLC/Methods/AddRoleToPerson.py b/PLC/Methods/AddRoleToPerson.py
index cae0297..3b583f7 100644
--- a/PLC/Methods/AddRoleToPerson.py
+++ b/PLC/Methods/AddRoleToPerson.py
@@ -29,27 +29,20 @@ class AddRoleToPerson(Method):
 
 
     def call(self, auth, role_id_or_name, person_id_or_email):
-        # Get all roles
-        roles = {}
-        for role in Roles(self.api):
-            roles[role['role_id']] = role['name']
-            roles[role['name']] = role['role_id']
-
-        if role_id_or_name not in roles:
-            raise PLCInvalidArgument, "Invalid role identifier or name"
-
-        if isinstance(role_id_or_name, int):
-            role_id = role_id_or_name
-        else:
-            role_id = roles[role_id_or_name]
+        # Get role
+        roles = Roles(self.api, [role_id_or_name])
+        if not roles:
+            raise PLCInvalidArgument, "Invalid role '%s'" % unicode(role_id_or_name)
+        role = roles[0]
 
         # Get account information
         persons = Persons(self.api, [person_id_or_email])
         if not persons:
             raise PLCInvalidArgument, "No such account"
-
         person = persons[0]
-	PLCCheckLocalPerson(person,"AddRoleToPerson")
+
+        if person['peer_id'] is not None:
+            raise PLCInvalidArgument, "Not a local account"
 
         # Authenticated function
         assert self.caller is not None
@@ -60,14 +53,14 @@ class AddRoleToPerson(Method):
 
         # Can only grant lesser (higher) roles to others
         if 'admin' not in self.caller['roles'] and \
-           role_id <= min(self.caller['role_ids']):
+           role['role_id'] <= min(self.caller['role_ids']):
             raise PLCInvalidArgument, "Not allowed to grant that role"
 
-        if role_id not in person['role_ids']:
-            person.add_role(role_id)
+        if role['role_id'] not in person['role_ids']:
+            person.add_role(role)
 
 	self.object_ids = [person['person_id']]
 	self.message = "Role %d granted to person %d" % \
-		(role['role_id'], person['person_id'])
+                       (role['role_id'], person['person_id'])
 
         return 1
-- 
2.43.0