accepts = [
Parameter(str, "certificate"),
Parameter(str, "Human readable name (hrn)"),
- Parameter(str, "Request hash")
+ Mixed(Parameter(str, "Request hash"),
+ Parameter(None, "Request hash not specified"))
]
returns = Parameter(str, "String representation of a credential object")
- def call(self, cert, type, hrn, request_hash):
+ def call(self, cert, type, hrn, request_hash=None):
"""
get_self_credential a degenerate version of get_credential used by a client
to get his initial credential when de doesnt have one. This is the same as
raise RecordNotFound(hrn)
record = records[0]
- # get the right of this record
- rights = self.api.auth.determine_user_rights(None, record)
- if rights.is_empty():
- raise PermissionError(gid.get_hrn() + " has no rights to " + record.get_name())
-
# authenticate the gid
gid = record.get_gid_object()
gid_str = gid.save_to_string(save_parents=True)
self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash)
- # authenticate the certificate
+ # authenticate the certificate against the gid in the db
certificate = Certificate(string=cert)
if not certificate.is_pubkey(gid.get_pubkey()):
raise ConnectionKeyGIDMismatch(gid.get_subject())
+ # get the right of this record
+ caller_hrn = certificate.get_subject()
+ rights = self.api.auth.determine_user_rights(caller_hrn, record)
+ if rights.is_empty():
+ raise PermissionError(caller_hrn + " has no rights to " + record.get_name())
+
# create the credential
gid = record.get_gid_object()
cred = Credential(subject = gid.get_subject())