Delegation is now per-privilege, instead of one bit per credential

[sfa.git] / sfa / managers / registry_manager_pl.py

diff --git a/sfa/managers/registry_manager_pl.py b/sfa/managers/registry_manager_pl.py
index 158a664..2108c15 100644 (file)
--- a/sfa/managers/registry_manager_pl.py
+++ b/sfa/managers/registry_manager_pl.py
@@ -55,12 +55,13 @@ def get_credential(api, xrn, type, is_self=False):
     new_cred = Credential(subject = object_gid.get_subject())
     new_cred.set_gid_caller(caller_gid)
     new_cred.set_gid_object(object_gid)
-    new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
-    new_cred.set_pubkey(object_gid.get_pubkey())
+    new_cred.set_issuer_keys(auth_info.get_privkey_filename(), auth_info.get_gid_filename())
+    #new_cred.set_pubkey(object_gid.get_pubkey())
     new_cred.set_privileges(rights)
-    new_cred.set_delegate(True)
+    new_cred.get_privileges().delegate_all_privileges(True)
     auth_kind = "authority,ma,sa"
-    new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
+    # Parent not necessary, verify with certs
+    #new_cred.set_parent(api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
     new_cred.encode()
     new_cred.sign()
 
@@ -110,7 +111,9 @@ def resolve(api, xrns, type=None, origin_hrn=None, full=True):
     local_records = table.findObjects({'hrn': remaining_hrns})
     if full:
         api.fill_record_info(local_records)
-    records.extend(local_records)
+    
+    # convert local record objects to dicts
+    records.extend([dict(record) for record in local_records])
     if not records:
         raise RecordNotFound(str(hrns))