fix bugs. refactor
diff --git a/planetstack/core/models/site.py b/planetstack/core/models/site.py
index 9b9aba9..edd9373 100644
--- a/planetstack/core/models/site.py
+++ b/planetstack/core/models/site.py
@@ -28,11 +28,13 @@
     def __unicode__(self):  return u'%s' % (self.name)
 
     def can_update(self, user):
+        if user.is_readonly:
+            return False
         if user.is_admin:
             return True
         site_privs = SitePrivilege.objects.filter(user=user, site=self)
         for site_priv in site_privs:
-            if site_priv.role.role_type == 'pi':
+            if site_priv.role.role == 'pi':
                 return True
         return False 
 
@@ -69,13 +71,7 @@
         super(SitePrivilege, self).delete(*args, **kwds)
 
     def can_update(self, user):
-        if user.is_admin:
-            return True
-        site_privs = SitePrivilege.objects.filter(user=user, site=self)
-        for site_priv in site_privs:
-            if site_priv.role.role_type == 'pi':
-                return True
-        return False 
+        return self.site.can_update(user)
 
     @staticmethod
     def select_by_user(user):
@@ -115,7 +111,7 @@
             return True
         dprivs = DeploymentPrivilege.objects.filter(user=user)
         for dpriv in dprivs:
-            if dpriv.role.role_type == 'admin':
+            if dpriv.role.role == 'admin':
                 return True
         return False
 
diff --git a/planetstack/core/models/slice.py b/planetstack/core/models/slice.py
index 823b1d1..c39d09b 100644
--- a/planetstack/core/models/slice.py
+++ b/planetstack/core/models/slice.py
@@ -49,7 +49,7 @@
             return True
         slice_privs = SlicePrivilege.objects.filter(user=user, slice=self)
         for slice_priv in slice_privs:
-            if slice_priv.role.role_type == 'admin':
+            if slice_priv.role.role == 'admin':
                 return True
         return False
 
@@ -77,13 +77,7 @@
     def __unicode__(self):  return u'%s %s %s' % (self.slice, self.user, self.role)
 
     def can_update(self, user):
-        if user.is_admin:
-            return True
-        slice_privs = SlicePrivilege.objects.filter(user=user, slice=self)
-        for slice_priv in slice_privs:
-            if slice_priv.role.role_type == 'admin':
-                return True
-        return False
+        return self.slice.can_update(user)
 
     @staticmethod
     def select_by_user(user):