Index: trunk/packages/sipb-xen-www/code/validation.py
===================================================================
--- trunk/packages/sipb-xen-www/code/validation.py	(revision 869)
+++ trunk/packages/sipb-xen-www/code/validation.py	(revision 874)
@@ -126,5 +126,6 @@
 def haveAccess(user, state, machine):
     """Return whether a user has administrative access to a machine"""
-    return state.isadmin or user in cache_acls.accessList(machine)
+    return (user in cache_acls.accessList(machine)
+            or (machine.adminable and state.isadmin))
 
 def owns(user, machine):
Index: trunk/packages/sipb-xen-www/code/webcommon.py
===================================================================
--- trunk/packages/sipb-xen-www/code/webcommon.py	(revision 869)
+++ trunk/packages/sipb-xen-www/code/webcommon.py	(revision 874)
@@ -2,4 +2,5 @@
 
 import time
+from invirt import database
 from invirt.database import Machine, MachineAccess
 
@@ -45,5 +46,7 @@
     def getMachines(self):
         if self.isadmin:
-            return Machine.select()
+            return Machine.query().join('acl').select_by(
+                database.or_(MachineAccess.c.user == self.username,
+                             Machine.c.adminable == True))
         else:
             return Machine.query().join('acl').select_by(user=self.username)