Merge branch 'master' of ssh://git.planet-lab.org/git/plstackapi
diff --git a/planetstack/core/models/slice.py b/planetstack/core/models/slice.py
index 50b10c5..e474560 100644
--- a/planetstack/core/models/slice.py
+++ b/planetstack/core/models/slice.py
@@ -2,6 +2,7 @@
from django.db import models
from core.models import PlCoreBase
from core.models import Site
+from core.models.site import SitePrivilege
from core.models import User
from core.models import Role
from core.models import Deployment
@@ -51,10 +52,17 @@
return False
if user.is_admin:
return True
+ # slice admins can update
slice_privs = SlicePrivilege.objects.filter(user=user, slice=self)
for slice_priv in slice_privs:
if slice_priv.role.role == 'admin':
return True
+ # site pis can update
+ site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
+ for site_priv in site_privs:
+ if site_priv.role.role == 'pi':
+ return True
+
return False
@staticmethod
@@ -62,7 +70,12 @@
if user.is_admin:
qs = Slice.objects.all()
else:
+ # users can see slices they belong to
slice_ids = [sp.slice.id for sp in SlicePrivilege.objects.filter(user=user)]
+ # pis can see slices at their sites
+ sites = [sp.site for sp in SitePrivilege.objects.filter(user=user)\
+ if sp.role.role == 'pi']
+ slice_ids.extend([s.id for s in Slice.objects.filter(site__in=sites)])
qs = Slice.objects.filter(id__in=slice_ids)
return qs