Resolve #69, by checking that administrators are either users or
[invirt/packages/invirt-web.git] / code / validation.py
index 9189764..4886638 100644 (file)
@@ -158,9 +158,12 @@ def testAdmin(user, admin, machine):
         if cache_acls.isUser(admin):
             return admin
         admin = 'system:' + admin
-    if getafsgroups.checkAfsGroup(user, admin, 'athena.mit.edu'):
-        return admin
-    #XXX Should we require that user is in cache_acls.expandName(admin)?
+    try:
+        if user in getafsgroups.getAfsGroupMembers(admin, 'athena.mit.edu'):
+            return admin
+    except getafsgroups.AfsProcessError, e:
+        raise InvalidInput('administrator', admin, str(e))
+    #XXX Should we require that user is in the admin group?
     return admin
     
 def testOwner(user, owner, machine=None):