Full error handling

[invirt/packages/invirt-web.git] / code / validation.py

diff --git a/code/validation.py b/code/validation.py
index 480d007..875115c 100644 (file)
--- a/code/validation.py
+++ b/code/validation.py
@@ -222,7 +222,7 @@ def testAdmin(user, admin, machine):
             return admin
         admin = 'system:' + admin
     try:
-        if user in getafsgroups.getAfsGroupMembers(admin, config.authz[0].cell):
+        if user in getafsgroups.getAfsGroupMembers(admin, config.authz.afs.cells[0].cell):
             return admin
     except getafsgroups.AfsProcessError, e:
         errmsg = str(e)
@@ -241,6 +241,8 @@ def testOwner(user, owner, machine=None):
         return machine.owner
     if owner is None:
         raise InvalidInput('owner', owner, "Owner must be specified")
+    if '@' in owner:
+        raise InvalidInput('owner', owner, "No cross-realm Hesiod lockers allowed")
     try:
         if user not in cache_acls.expandLocker(owner):
             raise InvalidInput('owner', owner, 'You do not have access to the '