raise PermissionError(name)
- def determine_user_rights(self, caller_hrn, record):
+ def determine_user_rights(self, caller_hrn, reg_record):
"""
Given a user credential and a record, determine what set of rights the
user should have to that record.
"""
rl = Rights()
- type = record['type']
-
-
- if type=="slice":
- researchers = record.get("researcher", [])
- pis = record.get("PI", [])
- if (caller_hrn in researchers + pis):
- rl.add("refresh")
- rl.add("embed")
- rl.add("bind")
- rl.add("control")
- rl.add("info")
-
- elif type == "authority":
- pis = record.get("PI", [])
- operators = record.get("operator", [])
+ type = reg_record.type
+
+ logger.debug("entering determine_user_rights with record %s and caller_hrn %s"%(reg_record, caller_hrn))
+
+ if type=='slice':
+ researcher_hrns = [ user.hrn for user in reg_record.reg_researchers ]
+ # xxx need a means to compute pi_hrns from the registry db
+ pi_hrns = reg_record.get('PI',[])
+ if (caller_hrn in researcher_hrns + pi_hrns):
+ rl.add('refresh')
+ rl.add('embed')
+ rl.add('bind')
+ rl.add('control')
+ rl.add('info')
+
+ elif type == 'authority':
+ pi_hrns = [ user.hrn for user in reg_record.reg_pis ]
+ # xxx need a means to compute operator_hrns from the registry db
+ operator_hrns = reg_record.get('operator',[])
if (caller_hrn == self.config.SFA_INTERFACE_HRN):
- rl.add("authority")
- rl.add("sa")
- rl.add("ma")
- if (caller_hrn in pis):
- rl.add("authority")
- rl.add("sa")
- if (caller_hrn in operators):
- rl.add("authority")
- rl.add("ma")
-
- elif type == "user":
- rl.add("refresh")
- rl.add("resolve")
- rl.add("info")
-
- elif type == "node":
- rl.add("operator")
+ rl.add('authority')
+ rl.add('sa')
+ rl.add('ma')
+ if (caller_hrn in pi_hrns):
+ rl.add('authority')
+ rl.add('sa')
+ if (caller_hrn in operator_hrns):
+ rl.add('authority')
+ rl.add('ma')
+
+ elif type == 'user':
+ rl.add('refresh')
+ rl.add('resolve')
+ rl.add('info')
+
+ elif type == 'node':
+ rl.add('operator')
return rl
git://git.onelab.eu / sfa.git / blobdiff