4 from sfa.trust.credential import *
5 from sfa.trust.rights import *
6 from sfa.util.faults import *
7 from sfa.util.method import Method
8 from sfa.util.parameter import Parameter, Mixed
9 from sfa.trust.auth import Auth
10 from sfa.trust.gid import GID
11 from sfa.util.record import GeniRecord
12 from sfa.util.genitable import *
13 from sfa.util.debug import log
15 class get_credential(Method):
17 Retrive a credential for an object
18 If cred == Nonee then the behavior reverts to get_self_credential
20 @param cred credential object specifying rights of the caller
21 @param type type of object (user | slice | sa | ma | node)
22 @param hrn human readable name of object
24 @return the string representation of a credential object
27 interfaces = ['registry']
30 Mixed(Parameter(str, "credential"),
31 Parameter(None, "No credential")),
32 Parameter(str, "Human readable name (hrn)"),
33 Mixed(Parameter(str, "Request hash"),
34 Parameter(None, "Request hash not specified"))
37 returns = Parameter(str, "String representation of a credential object")
39 def call(self, cred, type, hrn, request_hash=None):
41 self.api.auth.authenticateCred(cred, [cred, type, hrn], request_hash)
42 self.api.auth.check(cred, 'getcredential')
43 self.api.auth.verify_object_belongs_to_me(hrn)
44 auth_hrn = self.api.auth.get_authority(hrn)
46 # Is this a root or sub authority
47 if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN:
49 auth_info = self.api.auth.get_auth_info(auth_hrn)
51 records = table.find({'type': type, 'hrn': hrn})
53 raise RecordNotFound(hrn)
55 # verify_cancreate_credential requires that the member lists
56 # (researchers, pis, etc) be filled in
57 self.api.fill_record_info(record)
59 caller_hrn = self.api.auth.client_cred.get_gid_caller().get_hrn()
60 rights = self.api.auth.determine_user_rights(caller_hrn, record)
62 raise PermissionError(self.api.auth.client_cred.get_gid_object().get_hrn() + " has no rights to " + record['name'])
64 # TODO: Check permission that self.client_cred can access the object
67 gid_object = GID(string=gid)
69 new_cred = Credential(subject = gid_object.get_subject())
70 new_cred.set_gid_caller(self.api.auth.client_gid)
71 new_cred.set_gid_object(gid_object)
72 new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
73 new_cred.set_pubkey(gid_object.get_pubkey())
74 new_cred.set_privileges(rights)
75 new_cred.set_delegate(True)
77 auth_kind = "authority,ma,sa"
78 new_cred.set_parent(self.api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
83 return new_cred.save_to_string(save_parents=True)