You can use triger and spel code to get desired results. Spel code may be similar to this
uuid who;
send_wait(0,top_object(), "call_attr", "cnt", "current_user_id");
who=msg[0];
send_wait(0, top_object(), "call_attr", "api", "get_object_values", who, format("cnt:%s",who), 0, "location.site.name");
if (msg_error()) {
logf(ERROR, "get_failed %s",msg[0]);
}
else
{
if ((string)msg[1]==location)
{
return;
}else
{
set_error(1);
set_return_data("You can not update this contact. Operation aborted");
return;
}
}
Or you can use get_access_for_contact method (SPEL API methods) to get access type information for particular admin user and check if site of curent contact can be modified by particular access type.
P.S. i did not tested my code below so if you decide to use it use it on testing machine.