accepts = [
Parameter(str, "Credential string"),
Parameter(str, "Record type"),
- Parameter(str, "Human readable name (hrn) of record to be removed")
+ Parameter(str, "Human readable name (hrn) of record to be removed"),
+ Mixed(Parameter(str, "Request hash"),
+ Parameter(None, "Request hash not specified"))
]
returns = Parameter(int, "1 if successful")
- def call(self, cred, type, hrn, caller_cred=None):
- if caller_cred==None:
- caller_cred=cred
- #log the call
- self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, Credential(string=caller_cred).get_gid_caller().get_hrn(), hrn, self.name))
+ def call(self, cred, type, hrn, request_hash=None, origin_hrn=None):
+ if origin_hrn==None:
+ origin_hrn=Credential(string=cred).get_gid_caller().get_hrn()
+ #log the call
+ self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
+ # This cred will be an authority cred, not a user, so we cant use it to
+ # authenticate the caller's request_hash. Let just get the caller's gid
+ # from the cred and authenticate using that
+ client_gid = Credential(string=cred).get_gid_caller()
+ client_gid_str = client_gid.save_to_string(save_parents=True)
+ self.api.auth.authenticateGid(client_gid_str, [cred, type, hrn], request_hash)
self.api.auth.check(cred, "remove")
self.api.auth.verify_object_permission(hrn)
table = GeniTable()
for registry in registries:
if registry not in [self.api.hrn]:
try:
- result=registries[registry].remove_peer_object(credential, record)
+ request_hash=None
+ result=registries[registry].remove_peer_object(credential, record, request_hash, origin_hrn)
except:
pass
if type == "user":