if cache_acls.isUser(admin):
return admin
admin = 'system:' + admin
- if getafsgroups.checkAfsGroup(user, admin, 'athena.mit.edu'):
- return admin
- #XXX Should we require that user is in cache_acls.expandName(admin)?
+ try:
+ if user in getafsgroups.getAfsGroupMembers(admin, 'athena.mit.edu'):
+ return admin
+ except getafsgroups.AfsProcessError, e:
+ raise InvalidInput('administrator', admin, str(e))
+ #XXX Should we require that user is in the admin group?
return admin
def testOwner(user, owner, machine=None):