X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmanagers%2Fregistry_manager_openstack.py;h=6340bbe7ad335230ec491eb106d2ff4abe88a36e;hb=5f5f29e2bc00befe5b7b601806ef5a7e44349b75;hp=6e210faf71ad2ff25eedc93ab2050d86f2a4e406;hpb=d710b76d4d0c64f1cd16f5eb8857f8fbac1a9077;p=sfa.git

diff --git a/sfa/managers/registry_manager_openstack.py b/sfa/managers/registry_manager_openstack.py
index 6e210faf..6340bbe7 100644
--- a/sfa/managers/registry_manager_openstack.py
+++ b/sfa/managers/registry_manager_openstack.py
@@ -9,7 +9,6 @@ from sfa.util.faults import RecordNotFound, AccountNotEnabled, PermissionError,
 from sfa.util.sfatime import utcparse, datetime_to_epoch
 from sfa.util.prefixTree import prefixTree
 from sfa.util.xrn import Xrn, get_authority, hrn_to_urn, urn_to_hrn
-from sfa.util.plxrn import hrn_to_pl_login_base
 from sfa.util.version import version_core
 from sfa.util.sfalogging import logger
 
@@ -25,7 +24,7 @@ from sfa.managers.registry_manager import RegistryManager
 
 class RegistryManager(RegistryManager):
 
-    def GetCredential(self, api, xrn, type, is_self=False):
+    def GetCredential(self, api, xrn, type, caller_xrn = None):
         # convert xrn to hrn     
         if type:
             hrn = urn_to_hrn(xrn)[0]
@@ -38,7 +37,10 @@ class RegistryManager(RegistryManager):
             auth_hrn = hrn
         auth_info = api.auth.get_auth_info(auth_hrn)
         # get record info
-        record=dbsession.query(RegRecord).filter_by(type=type,hrn=hrn).first()
+        filter = {'hrn': hrn}
+        if type:
+            filter['type'] = type
+        record=dbsession.query(RegRecord).filter_by(**filter).first()
         if not record:
             raise RecordNotFound("hrn=%s, type=%s"%(hrn,type))
     
@@ -51,16 +53,23 @@ class RegistryManager(RegistryManager):
               raise AccountNotEnabled(": PlanetLab account %s is not enabled. Please contact your site PI" %(record.email))
     
         # get the callers gid
-        # if this is a self cred the record's gid is the caller's gid
-        if is_self:
+        # if caller_xrn is not specified assume the caller is the record
+        # object itself.  
+        if not caller_xrn:
             caller_hrn = hrn
             caller_gid = record.get_gid_object()
         else:
-            caller_gid = api.auth.client_cred.get_gid_caller() 
-            caller_hrn = caller_gid.get_hrn()
+            caller_hrn, caller_type = urn_to_hrn(caller_xrn)
+            caller_filter = {'hrn': caller_hrn}
+            if caller_type:
+                caller_filter['type'] = caller_type 
+            caller_record = dbsession.query(RegRecord).filter_by(**caller_filter).first()
+            if not caller_record:
+                raise RecordNotFound("Unable to associated caller (hrn=%s, type=%s) with credential for (hrn: %s, type: %s)"%(caller_hrn, caller_type, hrn, type))
+            caller_gid = GID(string=caller_record.gid) 
         
         object_hrn = record.get_gid_object().get_hrn()
-        rights = api.auth.determine_user_rights(caller_hrn, record.__dict__)
+        rights = api.auth.determine_user_rights(caller_hrn, record.todict())
         # make sure caller has rights to this object
         if rights.is_empty():
             raise PermissionError(caller_hrn + " has no rights to " + record.hrn)