add an extra condition in verify_object_pemission

[sfa.git] / geni / util / auth.py

diff --git a/geni/util/auth.py b/geni/util/auth.py
index f190432..723a8b1 100644 (file)
--- a/geni/util/auth.py
+++ b/geni/util/auth.py
@@ -12,6 +12,7 @@ from geni.util.hierarchy import Hierarchy
 from geni.util.rights import RightList
 from geni.util.genitable import *
 from geni.util.config import *
+from geni.util.misc import *
 
 class Auth:
     """
@@ -140,6 +141,9 @@ class Auth:
             return
         if name.startswith(object_hrn + "."):
             return
+        if name.startswith(get_authority(name)):
+            return
+    
         raise PermissionError(name)
 
     def determine_user_rights(self, src_cred, record):