git://git.onelab.eu / sfa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
shouldn't specify an hrn when validating credentials for this operation
[sfa.git] / sfa / methods / GetCredential.py
diff --git a/sfa/methods/GetCredential.py b/sfa/methods/GetCredential.py
index d047a06..eb535ed 100644 (file)
--- a/sfa/methods/GetCredential.py
+++ b/sfa/methods/GetCredential.py
@@ -10,14 +10,14 @@ from sfa.util.parameter import Parameter, Mixed
 from sfa.util.debug import log
 from sfa.trust.credential import Credential
 
-class get_credential(Method):
+class GetCredential(Method):
     """
     Retrive a credential for an object
     If cred == Nonee then the behavior reverts to get_self_credential
 
-    @param cred credential object specifying rights of the caller
-    @param type type of object (user | slice | sa | ma | node)
     @param hrn human readable name of object (hrn or urn)
+    @param cred credential object specifying rights of the caller
+    @param type type of object (user | slice | node | authority )
 
     @return the string representation of a credential object  
     """
@@ -25,29 +25,30 @@ class get_credential(Method):
     interfaces = ['registry']
     
     accepts = [
-        Mixed(Parameter(str, "credential"),
-              Parameter(None, "No credential")),  
-        Parameter(str, "Human readable name (hrn or urn)")
+        Mixed(Parameter(str, "Credential string"),
+              Parameter(type([str]), "List of credentials")), 
+        Parameter(str, "Human readable name (hrn or urn)"),
+        Parameter(str, "Object type")
         ]
 
     returns = Parameter(str, "String representation of a credential object")
 
-    def call(self, cred, type, xrn, origin_hrn=None):
+    def call(self, creds, xrn, type):
+    
         if type:
             hrn = urn_to_hrn(xrn)[0]
         else:
             hrn, type = urn_to_hrn(xrn)
 
+        # check creds
+        valid_creds = self.api.auth.checkCredentials(creds, 'getcredential')
+        self.api.auth.verify_object_belongs_to_me(hrn)
+
         #log the call
-        if not origin_hrn:
-            origin_hrn = Credential(string=cred).get_gid_caller().get_hrn()
+        origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
         self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))        
-        self.api.auth.check(cred, 'getcredential')
-        self.api.auth.verify_object_belongs_to_me(hrn)
 
-        # send the call to the right manager
-        manager_base = 'sfa.managers'
-        mgr_type = self.api.config.SFA_REGISTRY_TYPE
-        manager_module = manager_base + ".registry_manager_%s" % mgr_type
-        manager = __import__(manager_module, fromlist=[manager_base])
+        manager = self.api.get_interface_manager()
+        
         return manager.get_credential(self.api, xrn, type)
+
sfa