X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/289f1313e45320efc6775caefa0cea71caacb10c..a8aa7e93e31e7c9dee007c3fbda010a158607ce4:/code/validation.py?ds=sidebyside diff --git a/code/validation.py b/code/validation.py index 9189764..3f05017 100644 --- a/code/validation.py +++ b/code/validation.py @@ -158,9 +158,15 @@ def testAdmin(user, admin, machine): if cache_acls.isUser(admin): return admin admin = 'system:' + admin - if getafsgroups.checkAfsGroup(user, admin, 'athena.mit.edu'): - return admin - #XXX Should we require that user is in cache_acls.expandName(admin)? + try: + if user in getafsgroups.getAfsGroupMembers(admin, 'athena.mit.edu'): + return admin + except getafsgroups.AfsProcessError, e: + errmsg = str(e) + if errmsg.startswith("pts: User or group doesn't exist"): + errmsg = 'The group "%s" does not exist.' % admin + raise InvalidInput('administrator', admin, errmsg) + #XXX Should we require that user is in the admin group? return admin def testOwner(user, owner, machine=None):