X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmethods%2Fget_credential.py;h=f788eadc89e093e8245e6a0354c1ad712a807dc4;hb=09089b7cecf89a0fa3f807c466f774683c29f221;hp=2ac75feac68dde6277875e4fd7bb6d4d92595b86;hpb=2af028a85f5fcfdc15a38cec158de7b9cb7171b7;p=sfa.git

diff --git a/sfa/methods/get_credential.py b/sfa/methods/get_credential.py
index 2ac75fea..f788eadc 100644
--- a/sfa/methods/get_credential.py
+++ b/sfa/methods/get_credential.py
@@ -4,13 +4,11 @@
 from sfa.trust.credential import *
 from sfa.trust.rights import *
 from sfa.util.faults import *
+from sfa.util.namespace import *
 from sfa.util.method import Method
 from sfa.util.parameter import Parameter, Mixed
-from sfa.trust.auth import Auth
-from sfa.trust.gid import GID
-from sfa.util.record import GeniRecord
-from sfa.util.genitable import *
 from sfa.util.debug import log
+from sfa.trust.credential import Credential
 
 class get_credential(Method):
     """
@@ -19,8 +17,7 @@ class get_credential(Method):
 
     @param cred credential object specifying rights of the caller
     @param type type of object (user | slice | sa | ma | node)
-    @param hrn human readable name of object
-    @param origin_hrn human readable name of calls origin 
+    @param hrn human readable name of object (hrn or urn)
 
     @return the string representation of a credential object  
     """
@@ -30,72 +27,28 @@ class get_credential(Method):
     accepts = [
         Mixed(Parameter(str, "credential"),
               Parameter(None, "No credential")),  
-        Parameter(str, "Human readable name (hrn)"),
-        Mixed(Parameter(str, "Request hash"),
-              Parameter(None, "Request hash not specified")),
-        Parameter(str, "Human readable name (hrn)"),
+        Parameter(str, "Human readable name (hrn or urn)")
         ]
 
     returns = Parameter(str, "String representation of a credential object")
 
-    def call(self, cred, type, hrn, origin_hrn=None, request_hash=None):
-
-        self.api.auth.authenticateCred(cred, [cred, type, hrn], request_hash)
-        self.api.auth.check(cred, 'getcredential')
-        self.api.auth.verify_object_belongs_to_me(hrn)
-        auth_hrn = self.api.auth.get_authority(hrn)
-
-        # Is this a root or sub authority 
-        if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN:
-            auth_hrn = hrn
-
-        # get record info
-        auth_info = self.api.auth.get_auth_info(auth_hrn)
-        table = GeniTable()
-        records = table.find({'type': type, 'hrn': hrn})
-        if not records:
-            raise RecordNotFound(hrn)
-        record = records[0]
-        
-        # get the origin caller's gid (this is the caller's gid by default)    
-        if origin_hrn:
-            orgin_records = table.find({'hrn': origin_hrn})
-            if not origin_records:
-                raise RecordNotFound(origin_hrn)
-            origin_record = origin_records[0]
-            origin_caller_gid_object = GID(string = record['gid'])
+    def call(self, cred, type, xrn, origin_hrn=None):
+        if type:
+            hrn = urn_to_hrn(xrn)[0]
         else:
-            origin_caller_gid_object = self.api.auth.client_gid
-
-        
-        # verify_cancreate_credential requires that the member lists
-        # (researchers, pis, etc) be filled in
-        self.api.fill_record_info(record)
-
-        caller_hrn = self.api.auth.client_cred.get_gid_caller().get_hrn()
-        rights = self.api.auth.determine_user_rights(caller_hrn, record)
-        if rights.is_empty():
-            raise PermissionError(self.api.auth.client_cred.get_gid_object().get_hrn() + " has no rights to " + record['name'])
+            hrn, type = urn_to_hrn(xrn)
 
-        # TODO: Check permission that self.client_cred can access the object
+	#log the call
+	if not origin_hrn:
+            origin_hrn = Credential(string=cred).get_gid_caller().get_hrn()
+	self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))	
 
-        gid = record['gid']
-        gid_object = GID(string=gid)
-
-        new_cred = Credential(subject = gid_object.get_subject())
-        new_cred.set_gid_caller(self.api.auth.client_gid)
-        new_cred.set_gid_origin_caller(origin_caller_gid_object)
-        new_cred.set_gid_object(gid_object)
-        new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
-        new_cred.set_pubkey(gid_object.get_pubkey())
-        new_cred.set_privileges(rights)
-        new_cred.set_delegate(True)
-
-        auth_kind = "authority,ma,sa"
-        new_cred.set_parent(self.api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
-
-        new_cred.encode()
-        new_cred.sign()
-
-        return new_cred.save_to_string(save_parents=True)
+        self.api.auth.check(cred, 'getcredential')
+        self.api.auth.verify_object_belongs_to_me(hrn)
 
+        # send the call to the right manager
+        manager_base = 'sfa.managers'
+        mgr_type = self.api.config.SFA_REGISTRY_TYPE
+        manager_module = manager_base + ".registry_manager_%s" % mgr_type
+        manager = __import__(manager_module, fromlist=[manager_base])
+        return manager.get_credential(self.api, xrn, type)