From 7824b2db8f1795ea784d70def02c362d48ab91b5 Mon Sep 17 00:00:00 2001
From: Evan Broder <broder@mit.edu>
Date: Fri, 5 Feb 2010 11:20:53 -0500
Subject: [PATCH] Drop the second "owner" argument from
 invirt.authz.expandAdmin.

If we find out later that some authz mechanism requires knowing the
owner to interpret the administrator, we can add it back. But so long
as all authz modules live in our tree, let's not add unnecessary API
complexity just because we can.

svn path=/trunk/packages/xvm-authz-locker/; revision=2988
---
 python/invirt/authz.py |   11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/python/invirt/authz.py b/python/invirt/authz.py
index cbfc28a..59b480e 100644
--- a/python/invirt/authz.py
+++ b/python/invirt/authz.py
@@ -48,15 +48,12 @@ def expandOwner(name):
             raise
 
 
-def expandAdmin(name, owner):
+def expandAdmin(name):
     """Expand an administrator to a list of authorized users.
 
-    Because the interpretation of an administrator might depend on the
-    owner, the owner is passed in as an argument.
-
-    However, in the case of locker-based authentication, the
-    administrator is always interpreted as an AFS entry (either a user
-    or a group) in the home cell (athena.mit.edu for XVM).
+    For locker-based authorization, the administrator is always
+    interpreted as an AFS entry (either a user or a group) in the
+    machine's home cell (athena.mit.edu for XVM).
     """
     cell = config.authz.afs.cells[0].cell
     auth = _authenticate(cell)
-- 
1.7.9.5