if strict:
if name is None:
raise InvalidInput('name', name, "You must provide a machine name.")
- if description is None:
+ if description is None or description.strip() == '':
raise InvalidInput('description', description, "You must provide a description.")
if memory is None:
raise InvalidInput('memory', memory, "You must provide a memory size.")
def testAdmin(user, admin, machine):
"""Determine whether a user can set the admin of a machine to this value.
- Return the value to set the admin field to (possibly 'system:' +
- admin). XXX is modifying this a good idea?
+ Return the value to set the admin field to (possibly 'system:' + admin).
"""
if admin is None:
return None
return admin
if admin == user:
return admin
+ # we do not require that the user be in the admin group;
+ # just that it is a non-empty set
+ if authz.expandAdmin(admin):
+ return admin
if ':' not in admin:
- if cache_acls.isUser(admin):
- return admin
- admin = 'system:' + admin
- try:
- if user in getafsgroups.getAfsGroupMembers(admin, config.authz.afs.cells[0].cell):
- return admin
- except getafsgroups.AfsProcessError, e:
- errmsg = str(e)
- if errmsg.startswith("pts: User or group doesn't exist"):
- errmsg = 'The group "%s" does not exist.' % admin
- raise InvalidInput('administrator', admin, errmsg)
- #XXX Should we require that user is in the admin group?
- return admin
+ if authz.expandAdmin('system:' + admin):
+ return 'system:' + admin
+ errmsg = 'No user "%s" or non-empty group "system:%s" found.' % (admin, admin)
+ else:
+ errmsg = 'No non-empty group "%s" found.' % (admin,)
+ raise InvalidInput('administrator', admin, errmsg)
def testOwner(user, owner, machine=None):
"""Determine whether a user can set the owner of a machine to this value.
projects / invirt/packages/invirt-web.git / blobdiff