1 from PLC.Faults import *
2 from PLC.Method import Method
3 from PLC.Parameter import Parameter, Mixed
4 from PLC.Persons import Person, Persons
5 from PLC.Auth import PasswordAuth
6 from PLC.Roles import Roles
8 class AdmRevokeRoleFromPerson(Method):
10 Revokes the specified role from the person.
12 PIs can only revoke the tech and user roles from users and techs
13 at their sites. Admins can revoke any role from any user.
15 Returns 1 if successful, faults otherwise.
18 roles = ['admin', 'pi']
22 Mixed(Person.fields['person_id'],
23 Person.fields['email']),
24 Parameter(int, 'Role ID')
27 returns = Parameter(int, '1 if successful')
29 def call(self, auth, person_id_or_email, role_id):
31 roles = Roles(self.api)
32 if role_id not in roles:
33 raise PLCInvalidArgument, "Invalid role ID"
35 # Get account information
36 persons = Persons(self.api, [person_id_or_email])
38 raise PLCInvalidArgument, "No such account"
40 person = persons.values()[0]
42 # Authenticated function
43 assert self.caller is not None
45 # Check if we can update this account
46 if not self.caller.can_update(person):
47 raise PLCPermissionDenied, "Not allowed to update specified account"
49 # Can only revoke lesser (higher) roles from others
50 if 'admin' not in self.caller['roles'] and \
51 role_id <= min(self.caller['role_ids']):
52 raise PLCPermissionDenied, "Not allowed to revoke that role"
54 if role_id in person['role_ids']:
55 person_id = person['person_id']
56 self.api.db.do("DELETE FROM person_roles" \
57 " WHERE person_id = %(person_id)d" \
58 " AND role_id = %(role_id)d",