#
# GeniAPI authentication
#
+### $Id$
+### $URL$
#
import time
+
+from geni.trust.credential import Credential
+from geni.trust.trustedroot import TrustedRootList
+from geni.trust.rights import RightList
from geni.util.faults import *
-from geni.util.excep import *
-from geni.util.credential import Credential
-from geni.util.trustedroot import TrustedRootList
from geni.util.hierarchy import Hierarchy
-from geni.util.rights import RightList
from geni.util.genitable import *
from geni.util.config import *
+from geni.util.misc import *
class Auth:
"""
@param auth_name human readable name of authority
"""
- auth_info = self.get_auth_info(auth_name)
+ auth_info = get_auth_info(auth_name)
table = GeniTable(hrn=auth_name,
cninfo=auth_info.get_dbinfo())
# if the table doesn't exist, then it means we haven't put any records
return
if name.startswith(object_hrn + "."):
return
+ if name.startswith(get_authority(name)):
+ return
+
raise PermissionError(name)
def determine_user_rights(self, src_cred, record):
rl = RightList()
if type=="slice":
- researchers = record.get_geni_info().get("researcher", [])
+ researchers = record.get("researcher", [])
if (cred_object_hrn in researchers):
rl.add("refresh")
rl.add("embed")
rl.add("info")
elif type == "authority":
- pis = record.get_geni_info().get("pi", [])
- operators = record.get_geni_info().get("operator", [])
- rl.add("authority")
+ pis = record.get("pi", [])
+ operators = record.get("operator", [])
+ rl.add("authority,sa,ma")
if (cred_object_hrn in pis):
rl.add("sa")
if (cred_object_hrn in operators):
if cred_object_hrn in [self.config.GENI_REGISTRY_ROOT_AUTH]:
return
if type=="slice":
- researchers = record.get_geni_info().get("researcher", [])
+ researchers = record.get("researcher", [])
if not (cred_object_hrn in researchers):
raise PermissionError(cred_object_hrn + " is not in researcher list for " + record.get_name())
elif type == "sa":
- pis = record.get_geni_info().get("pi", [])
+ pis = record.get("pi", [])
if not (cred_object_hrn in pis):
raise PermissionError(cred_object_hrn + " is not in pi list for " + record.get_name())
elif type == "ma":
- operators = record.get_geni_info().get("operator", [])
+ operators = record.get("operator", [])
if not (cred_object_hrn in operators):
raise PermissionError(cred_object_hrn + " is not in operator list for " + record.get_name())
- def get_leaf(self, hrn):
- parts = hrn.split(".")
- return ".".join(parts[-1:])
-
def get_authority(self, hrn):
- parts = hrn.split(".")
- return ".".join(parts[:-1])
-
- def hrn_to_pl_slicename(self, hrn):
- parts = hrn.split(".")
- return parts[-2] + "_" + parts[-1]
-
- # assuming hrn is the hrn of an authority, return the plc authority name
- def hrn_to_pl_authname(self, hrn):
- parts = hrn.split(".")
- return parts[-1]
-
- # assuming hrn is the hrn of an authority, return the plc login_base
- def hrn_to_pl_login_base(self, hrn):
- return self.hrn_to_pl_authname(hrn)
-
+ return get_authority(hrn)