verbose in case if the trusted_roots directory is missing

[sfa.git] / sfa / trust / auth.py

diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py
index 6faa397..4e5a31c 100644 (file)
--- a/sfa/trust/auth.py
+++ b/sfa/trust/auth.py
@@ -12,7 +12,6 @@ from sfa.trust.trustedroot import TrustedRootList
 from sfa.trust.rights import RightList
 from sfa.util.faults import *
 from sfa.trust.hierarchy import Hierarchy
-from sfa.util.genitable import GeniTable
 from sfa.util.config import *
 from sfa.util.misc import *
 from sfa.trust.gid import GID
@@ -61,6 +60,8 @@ class Auth:
                 self.client_gid.verify_chain(self.trusted_cert_list)
             if self.object_gid:
                 self.object_gid.verify_chain(self.trusted_cert_list)
+       else:
+           raise MissingTrustedRoots(self.config.get_trustedroots_dir())
 
         return True
 
@@ -225,10 +226,10 @@ class Auth:
                 rl.add("info")
 
         elif type == "authority":
-            pis = record.get("pi", [])
+            pis = record.get("PI", [])
             operators = record.get("operator", [])
-            if (caller_hrn == config.SFA_INTERFACE_HRN):
-                rl.add("authority")
+            if (caller_hrn == self.config.SFA_INTERFACE_HRN):
+                rl.add("authority,sa,ma",)
             if (caller_hrn in pis):
                 rl.add("authority,sa")
             if (caller_hrn in operators):
@@ -239,6 +240,9 @@ class Auth:
             rl.add("resolve")
             rl.add("info")
 
+        elif type == "component":
+            r1.add("operator")
+
         return rl
 
     def verify_cancreate_credential(self, src_cred, record):