we were better off creating the record at sfa after it has been created at plc. That...

[sfa.git] / sfa / methods / register.py
diff --git a/sfa/methods/register.py b/sfa/methods/register.py

index 31220ea..029db0a 100644 (file)
--- a/sfa/methods/register.py
+++ b/sfa/methods/register.py
@@ -13,6 +13,7 @@ from sfa.util.genitable import GeniTable
  from sfa.util.debug import log
  from sfa.trust.auth import Auth
  from sfa.trust.gid import create_uuid
+from sfa.trust.credential import Credential
  
  class register(Method):
      """
@@ -30,20 +31,31 @@ class register(Method):
      
      accepts = [
          Parameter(str, "Credential string"),
-        Parameter(dict, "Record dictionary containing record fields")
+        Parameter(dict, "Record dictionary containing record fields"),
+        Parameter(str, "Request hash")
          ]
  
      returns = Parameter(int, "String representation of gid object")
      
-    def call(self, cred, record_dict):
+    def call(self, cred, record_dict, request_hash, caller_cred=None):
+        # This cred will be an authority cred, not a user, so we cant use it to 
+        # authenticate the caller's request_hash. Let just get the caller's gid
+        # from the cred and authenticate using that 
+        client_gid = Credential(string=cred).get_gid_caller()
+        client_gid_str = client_gid.save_to_string(save_parents=True)
+        self.api.auth.authenticateGid(client_gid_str, [cred], request_hash)
          self.api.auth.check(cred, "register")
+        if caller_cred==None:
+               caller_cred=cred
+       
+        #log the call
+        self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, Credential(string=caller_cred).get_gid_caller().get_hrn(), None, self.name))
          record = GeniRecord(dict = record_dict)
-        table = GeniTable()
+        record['authority'] = get_authority(record['hrn'])
          type = record['type']
          hrn = record['hrn']
-        auth_name = get_authority(hrn)
          self.api.auth.verify_object_permission(hrn)
-        auth_info = self.api.auth.get_auth_info(auth_name)
+        auth_info = self.api.auth.get_auth_info(record['authority'])
          pub_key = None  
          # make sure record has a gid
          if 'gid' not in record:
@@ -62,10 +74,11 @@ class register(Method):
              record.set_gid(gid)
  
          # check if record already exists
+        table = GeniTable()
          existing_records = table.find({'type': type, 'hrn': hrn})
          if existing_records:
              raise ExistingRecord(hrn)
-        
+ 
          if type in ["authority"]:
              # update the tree
              if not self.api.auth.hierarchy.auth_exists(hrn):
@@ -87,6 +100,7 @@ class register(Method):
                  pointer = sites[0]['site_id']
  
              record.set_pointer(pointer)
+            record['pointer'] = pointer
  
          elif (type == "slice"):
              pl_record = self.api.geni_fields_to_pl_fields(type, hrn, record)
@@ -96,8 +110,9 @@ class register(Method):
              else:
                  pointer = slices[0]['slice_id']
              record.set_pointer(pointer)
+            record['pointer'] = pointer
  
-        elif (type == "user"):
+        elif  (type == "user"):
              persons = self.api.plshell.GetPersons(self.api.plauth, [record['email']])
              if not persons:
                  pointer = self.api.plshell.AddPerson(self.api.plauth, dict(record))
@@ -106,34 +121,36 @@ class register(Method):
   
              if 'enabled' in record and record['enabled']:
                  self.api.plshell.UpdatePerson(self.api.plauth, pointer, {'enabled': record['enabled']})
-            login_base = get_leaf(auth_name)
-            self.api.plshell.AddPersonToSite(self.api.plauth, pointer, login_base)
+            # add this persons to the site only if he is being added for the first
+            # time by sfa and doesont already exist in plc     
+            if not persons or not persons[0]['site_ids']:
+                login_base = get_leaf(record['authority'])
+                self.api.plshell.AddPersonToSite(self.api.plauth, pointer, login_base)
+        
              # What roles should this user have?
              self.api.plshell.AddRoleToPerson(self.api.plauth, 'user', pointer) 
              record.set_pointer(pointer)
-           
+            record['pointer'] = pointer
              # Add the user's key
              if pub_key:
                  self.api.plshell.AddPersonKey(self.api.plauth, pointer, {'key_type' : 'ssh', 'key' : pub_key})
  
          elif (type == "node"):
              pl_record = self.api.geni_fields_to_pl_fields(type, hrn, record)
-            login_base = hrn_to_pl_login_base(auth_name)
+            login_base = hrn_to_pl_login_base(record['authority'])
              nodes = self.api.plshell.GetNodes(self.api.plauth, [pl_record['hostname']])
              if not nodes:
                  pointer = self.api.plshell.AddNode(self.api.plauth, login_base, pl_record)
              else:
                  pointer = nodes[0]['node_id']
+            record['pointer'] = pointer
              record.set_pointer(pointer)
  
          else:
              raise UnknownGeniType(type)
  
-        # SFA upcalls may exist in PLCAPI and they could have already added the
-        # record for us. Lets check if the record already exists  
-        existing_records = table.find({'type': type, 'hrn': hrn})
-        if not existing_records:
-            table.insert(record)
+        record_id = table.insert(record)
+        record['record_id'] = record_id
  
          # update membership for researchers, pis, owners, operators
          self.api.update_membership(None, record)