Index: trunk/web/templates/getafsgroups.py
===================================================================
--- trunk/web/templates/getafsgroups.py	(revision 233)
+++ trunk/web/templates/getafsgroups.py	(revision 234)
@@ -25,50 +25,60 @@
 #     return False
 
+class MyException(Exception):
+    pass
+
+def getAfsGroupMembers(group, cell):
+    p = subprocess.Popen(["pts", "membership", group, '-c', cell], 
+                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    if p.wait():
+        return []
+    return [line.strip() for line in p.stdout.readlines()[1:]]
+
 def checkAfsGroup(user, group, cell):
     """
     checkAfsGroup(user, group) returns True if and only if user is in AFS group group in cell cell
     """
-    p = subprocess.Popen(["pts", "membership", group, '-c', cell], 
-                         stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-    if p.wait():
-        return False
-    for line in p.stdout.readlines()[1:]:
-        if line.strip() == user:
-            return True
-    return False
+    return user in getAfsGroupMembers(group, cell)
 
-def checkLockerOwner(user, locker, verbose=False):
-    """
-    checkLockerOwner(user, locker) returns True if and only if user administers locker.
-
-    If verbose is true, instead return the reason for failure, or None
-    if there is no failure.
-    """
+def getCell(locker):
     p = subprocess.Popen(["fs", "whichcell", "/mit/" + locker], 
                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     if p.wait():
-        if verbose:
-            return p.stderr.read()
-        return False
-    cell = p.stdout.read().split()[-1][1:-1]
+        raise MyException(p.stderr.read())
+    return p.stdout.read().split()[-1][1:-1]
+
+def getLockerAcl(locker):
     p = subprocess.Popen(["fs", "listacl", "/mit/" + locker], 
                          stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     if p.wait():
-        if verbose:
-            return p.stderr.read()
-        return False
-    for line in p.stdout.readlines()[1:]:
-        entry = line.split()
-        if not entry or entry[0] == "Negative":
+        raise MyException(p.stderr.read())
+    lines = p.stdout.readlines()
+    values = []
+    for line in lines[1:]:
+        fields = line.split()
+        if fields[0] == 'Negative':
             break
-        if entry[1] == "rlidwka":
-            if entry[0] == user or (entry[0][0:6] == "system" and 
-                                    checkAfsGroup(user, entry[0], cell)):
-                if verbose:
-                    return None
-                return True
-    if verbose:
-        return "You don't have admin bits on /mit/" + locker
-    return False
+        if 'rlidwka' in fields[1]:
+            values.append(fields[0])
+    return values
+
+def notLockerOwner(user, locker):
+    """
+    notLockerOwner(user, locker) returns false if and only if user administers locker.
+
+    If the user does not own the locker, returns the string reason for
+    the failure.
+    """
+    try:
+        cell = getCell(locker)
+        values = getLockerAcl(locker)
+    except MyException, e:
+        return str(e)
+
+    for entry in values:
+        if entry[0] == user or (entry[0][0:6] == "system" and 
+                                checkAfsGroup(user, entry[0], cell)):
+            return False
+    return "You don't have admin bits on /mit/" + locker
 
 
@@ -79,8 +89,8 @@
     print checkAfsGroup("tabbott", "system:debathena-root", 'athena.mit.edu')
     print checkAfsGroup("tabbott", "system:hmmt-request", 'athena.mit.edu')
-    print checkLockerOwner("tabbott", "tabbott")
-    print checkLockerOwner("tabbott", "debathena")
-    print checkLockerOwner("tabbott", "sipb")
-    print checkLockerOwner("tabbott", "lsc")
-    print checkLockerOwner("tabbott", "scripts")
-    print checkLockerOwner("ecprice", "hmmt")
+    print notLockerOwner("tabbott", "tabbott")
+    print notLockerOwner("tabbott", "debathena")
+    print notLockerOwner("tabbott", "sipb")
+    print notLockerOwner("tabbott", "lsc")
+    print notLockerOwner("tabbott", "scripts")
+    print notLockerOwner("ecprice", "hmmt")
Index: trunk/web/templates/list.tmpl
===================================================================
--- trunk/web/templates/list.tmpl	(revision 233)
+++ trunk/web/templates/list.tmpl	(revision 234)
@@ -68,4 +68,5 @@
 	<td>${machine.memory}M</td>
 	<td>$machine.owner</td>
+	<td>$machine.administrator</td>
 #if $machine.nics
 #set $nic = $machine.nics[0]
@@ -107,4 +108,5 @@
 	<td>Memory</td>
 	<td>Owner</td>
+        <td>Administrator</td>
 	<td>IP</td>
 	<td>Uptime</td>
Index: trunk/web/templates/validation.py
===================================================================
--- trunk/web/templates/validation.py	(revision 233)
+++ trunk/web/templates/validation.py	(revision 234)
@@ -76,5 +76,5 @@
                                   'athena.mit.edu'): #XXX Cell?
         return True
-    if getafsgroups.checkLockerOwner(user, machine.owner):
+    if not getafsgroups.notLockerOwner(user, machine.owner):
         return True
     return owns(user, machine)
@@ -84,5 +84,5 @@
     if user == 'moo':
         return True
-    return getafsgroups.checkLockerOwner(user, machine.owner)
+    return not getafsgroups.notLockerOwner(user, machine.owner)
 
 def validMachineName(name):
@@ -169,5 +169,5 @@
     if owner is None:
         raise InvalidInput('owner', owner, "Owner must be specified")
-    value = getafsgroups.checkLockerOwner(user, owner, verbose=True)
+    value = getafsgroups.notLockerOwner(user, owner)
     if not value:
         return owner