if not auth_hrn:
auth_hrn = hrn
auth_info = self.api.auth.get_auth_info(auth_hrn)
- record = None
table = self.api.auth.get_auth_table(auth_hrn)
records = table.resolve('*', hrn)
-
+ if not records:
+ raise RecordNotFount(hrn)
+ record = records[0]
# verify_cancreate_credential requires that the member lists
# (researchers, pis, etc) be filled in
self.api.fill_record_info(record)
- self.api.auth.verify_cancreate_credential(self.client_cred, record)
+ self.api.auth.verify_cancreate_credential(self.api.auth.client_cred, record)
# TODO: Check permission that self.client_cred can access the object
object_gid = record.get_gid_object()
new_cred = Credential(subject = object_gid.get_subject())
- new_cred.set_gid_caller(self.client_gid)
+ new_cred.set_gid_caller(self.api.auth.client_gid)
new_cred.set_gid_object(object_gid)
new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
new_cred.set_pubkey(object_gid.get_pubkey())
- rl = determine_rights(type, name)
+ rl = determine_rights(type,hrn)
new_cred.set_privileges(rl)
# determine the type of credential that we want to use as a parent for