1 from PLC.Faults import *
2 from PLC.Method import Method
3 from PLC.Parameter import Parameter, Mixed
4 from PLC.Persons import Person, Persons
5 from PLC.Auth import Auth
6 from PLC.Roles import Role, Roles
8 class DeleteRoleFromPerson(Method):
10 Deletes the specified role from the person.
12 PIs can only revoke the tech and user roles from users and techs
13 at their sites. ins can revoke any role from any user.
15 Returns 1 if successful, faults otherwise.
18 roles = ['admin', 'pi']
22 Mixed(Role.fields['role_id'],
24 Mixed(Person.fields['person_id'],
25 Person.fields['email']),
28 returns = Parameter(int, '1 if successful')
30 event_type = 'DeleteFrom'
31 object_type = 'Person'
33 def call(self, auth, role_id_or_name, person_id_or_email):
36 for role in Roles(self.api):
37 roles[role['role_id']] = role['name']
38 roles[role['name']] = role['role_id']
40 if role_id_or_name not in roles:
41 raise PLCInvalidArgument, "Invalid role identifier or name"
43 if isinstance(role_id_or_name, int):
44 role_id = role_id_or_name
46 role_id = roles[role_id_or_name]
48 # Get account information
49 persons = Persons(self.api, [person_id_or_email])
51 raise PLCInvalidArgument, "No such account"
55 # Authenticated function
56 assert self.caller is not None
58 # Check if we can update this account
59 if not self.caller.can_update(person):
60 raise PLCPermissionDenied, "Not allowed to update specified account"
62 # Can only revoke lesser (higher) roles from others
63 if 'admin' not in self.caller['roles'] and \
64 role_id <= min(self.caller['role_ids']):
65 raise PLCPermissionDenied, "Not allowed to revoke that role"
67 if role_id in person['role_ids']:
68 person.remove_role(role_id)
70 self.object_ids = [person['person_id']]
git://git.onelab.eu / plcapi.git / blob