cosmetic - this code is broken, moving the matter to Tony

[sfa.git] / sfa / trust / auth.py

diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py
index 31853ed..5d48a94 100644 (file)
--- a/sfa/trust/auth.py
+++ b/sfa/trust/auth.py
@@ -35,7 +35,6 @@ class Auth:
         self.trusted_cert_file_list = TrustedRoots(self.config.get_trustedroots_dir()).get_file_list()
 
         
-        
     def checkCredentials(self, creds, operation, xrns=[]):
         if not isinstance(xrns, list):
             xrns = [xrns]
@@ -43,8 +42,10 @@ class Auth:
         valid = []
         if not isinstance(creds, list):
             creds = [creds]
-        logger.debug("Auth.checkCredentials with %d creds"%len(creds))
-        error=[ "no credential","was given"]
+        logger.debug("Auth.checkCredentials with %d creds on hrns=%s"%(len(creds),hrns))
+        # won't work if either creds or hrns is empty - let's make it more explicit
+        if not creds: raise InsufficientRights("Access denied - no credential provided")
+        if not hrns: raise InsufficientRights("Access denied - no subject xrn provided")
         for cred in creds:
             for hrn in hrns:
                 try:
@@ -71,6 +72,8 @@ class Auth:
         the specified operation.    
         """
         self.client_cred = Credential(string = cred)
+        logger.debug("Auth.check: handling hrn=%s and credential=%s"%\
+                         (hrn,cred.get_summary_tostring()))
         self.client_gid = self.client_cred.get_gid_caller()
         self.object_gid = self.client_cred.get_gid_object()