this one is actually used in methods

[sfa.git] / geni / util / auth.py

diff --git a/geni/util/auth.py b/geni/util/auth.py
index 0204122..5d16959 100644 (file)
--- a/geni/util/auth.py
+++ b/geni/util/auth.py
@@ -1,17 +1,20 @@
 #
 # GeniAPI authentication 
 #
+### $Id$
+### $URL$
 #
 
 import time
+
+from geni.trust.credential import Credential
+from geni.trust.trustedroot import TrustedRootList
+from geni.trust.rights import RightList
 from geni.util.faults import *
-from geni.util.excep import *
-from geni.util.credential import Credential
-from geni.util.trustedroot import TrustedRootList
 from geni.util.hierarchy import Hierarchy
-from geni.util.rights import RightList
 from geni.util.genitable import *
 from geni.util.config import *
+from geni.util.misc import *
 
 class Auth:
     """
@@ -81,7 +84,7 @@ class Auth:
 
         @param auth_name human readable name of authority
         """
-        auth_info = self.get_auth_info(auth_name)
+        auth_info = get_auth_info(auth_name)
         table = GeniTable(hrn=auth_name,
                           cninfo=auth_info.get_dbinfo())
         # if the table doesn't exist, then it means we haven't put any records
@@ -140,6 +143,9 @@ class Auth:
             return
         if name.startswith(object_hrn + "."):
             return
+        if name.startswith(get_authority(name)):
+            return
+    
         raise PermissionError(name)
 
     def determine_user_rights(self, src_cred, record):
@@ -168,7 +174,7 @@ class Auth:
         rl = RightList()
 
         if type=="slice":
-            researchers = record.get_geni_info().get("researcher", [])
+            researchers = record.get("researcher", [])
             if (cred_object_hrn in researchers):
                 rl.add("refresh")
                 rl.add("embed")
@@ -177,9 +183,9 @@ class Auth:
                 rl.add("info")
 
         elif type == "authority":
-            pis = record.get_geni_info().get("pi", [])
-            operators = record.get_geni_info().get("operator", [])
-            rl.add("authority")
+            pis = record.get("pi", [])
+            operators = record.get("operator", [])
+            rl.add("authority,sa,ma")
             if (cred_object_hrn in pis):
                 rl.add("sa")
             if (cred_object_hrn in operators):
@@ -204,36 +210,17 @@ class Auth:
         if cred_object_hrn in [self.config.GENI_REGISTRY_ROOT_AUTH]:
             return
         if type=="slice":
-            researchers = record.get_geni_info().get("researcher", [])
+            researchers = record.get("researcher", [])
             if not (cred_object_hrn in researchers):
                 raise PermissionError(cred_object_hrn + " is not in researcher list for " + record.get_name())
         elif type == "sa":
-            pis = record.get_geni_info().get("pi", [])
+            pis = record.get("pi", [])
             if not (cred_object_hrn in pis):
                 raise PermissionError(cred_object_hrn + " is not in pi list for " + record.get_name())
         elif type == "ma":
-            operators = record.get_geni_info().get("operator", [])
+            operators = record.get("operator", [])
             if not (cred_object_hrn in operators):
                 raise PermissionError(cred_object_hrn + " is not in operator list for " + record.get_name())
 
-    def get_leaf(self, hrn):
-        parts = hrn.split(".")
-        return ".".join(parts[-1:])
-
     def get_authority(self, hrn):
-        parts = hrn.split(".")
-        return ".".join(parts[:-1])
-
-    def hrn_to_pl_slicename(self, hrn):
-        parts = hrn.split(".")
-        return parts[-2] + "_" + parts[-1]
-
-    # assuming hrn is the hrn of an authority, return the plc authority name
-    def hrn_to_pl_authname(self, hrn):
-        parts = hrn.split(".")
-        return parts[-1]
-
-    # assuming hrn is the hrn of an authority, return the plc login_base
-    def hrn_to_pl_login_base(self, hrn):
-        return self.hrn_to_pl_authname(hrn)
-      
+        return get_authority(hrn)