if not roles:
raise PLCInvalidArgument, "Role %s not found" % role_name
role = roles[0]
-
+
if login_base:
+ # add role at the requested site
tenant = self.api.client_shell.keystone.tenants.find(name=login_base)
+ self.api.client_shell.keystone.roles.add_user_role(user, role, tenant)
else:
- tenant = self.api.client_shell.keystone.tenants.find(id=self['tenantId'])
-
- self.api.client_shell.keystone.roles.add_user_role(user, role, tenant)
+ from PLC.Sites import Sites
+ # add role to at all of users sites
+ if not self['site_ids']:
+ raise PLCInvalidArgument, "Cannot add role unless user already belongs to a site or a valid site is specified"
+ for site_id in self['site_ids']:
+ sites = Sites(self.api, {'site_id': site_id})
+ site = sites[0]
+ tenant = self.api.client_shell.keystone.tenants.find(id=site['tenant_id'])
+ self.api.client_shell.keystone.roles.add_user_role(user, role, tenant)
def remove_role(self, role_name, login_base=None):
user = self.api.client_shell.keystone.users.find(id=self['keystone_id'])
role = roles[0]
if login_base:
+ # add role at the requested site
tenant = self.api.client_shell.keystone.tenants.find(name=login_base)
+ self.api.client_shell.keystone.roles.add_user_role(user, role, tenant)
else:
- tenant = self.api.client_shell.keystone.tenants.find(id=self['tenantId'])
-
- self.api.client_shell.keystone.roles.remove_user_role(user, role, tenant)
-
+ from PLC.Sites import Sites
+ # add role to at all of users sites
+ if not self['site_ids']:
+ raise PLCInvalidArgument, "Cannot add role unless user already belongs to a site or a valid site
+ is specified"
+ for site_id in self['site_ids']:
+ sites = Sites(self.api, {'site_id': site_id})
+ site = sites[0]
+ tenant = self.api.client_shell.keystone.tenants.find(id=site['tenant_id'])
+ self.api.client_shell.keystone.roles.remove_user_role(user, role, tenant)
#add_key = Row.add_object(Key, 'person_key')
#remove_key = Row.remove_object(Key, 'person_key')