X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmethods%2Fget_self_credential.py;h=b4f3b6facb1f5534a2d1dd9b1e662d82db4c53c0;hb=c2e91d1eb26e884450ddc4b43c3a708919de67c0;hp=b5840230e258b72839aff57e0ff0b52f66ec8bd7;hpb=93240d7a86ad9f4c0880eddea25856f5713671b7;p=sfa.git diff --git a/sfa/methods/get_self_credential.py b/sfa/methods/get_self_credential.py index b5840230..b4f3b6fa 100644 --- a/sfa/methods/get_self_credential.py +++ b/sfa/methods/get_self_credential.py @@ -67,22 +67,21 @@ class get_self_credential(Method): raise RecordNotFound(hrn) record = records[0] - # get the right of this record - rights = self.api.auth.determine_user_rights(None, record) - if rights.is_empty(): - raise PermissionError(gid.get_hrn() + " has no rights to " + record.get_name()) - # authenticate the gid - if request_hash: - gid = record.get_gid_object() - gid_str = gid.save_to_string(save_parents=True) - self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash) + gid = record.get_gid_object() + gid_str = gid.save_to_string(save_parents=True) + self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash) - # authenticate the certificate + # authenticate the certificate against the gid in the db certificate = Certificate(string=cert) if not certificate.is_pubkey(gid.get_pubkey()): raise ConnectionKeyGIDMismatch(gid.get_subject()) + # get the right of this record + rights = self.api.auth.determine_user_rights(None, record) + if rights.is_empty(): + raise PermissionError(gid.get_hrn() + " has no rights to " + record.get_name()) + # create the credential gid = record.get_gid_object() cred = Credential(subject = gid.get_subject())