X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fmethods%2Fremove.py;h=b9dd9bdefe9b824707e22bb77abebb5ce094ecb4;hb=c3ea74b41d43ca0dd2d5f912381df5a5732fbf62;hp=c0f5c52accb40225dacb036fa0a4df6dd6b051e4;hpb=516121e1edb8974e75b662475219ce583b4523ef;p=sfa.git

diff --git a/sfa/methods/remove.py b/sfa/methods/remove.py
index c0f5c52a..b9dd9bde 100644
--- a/sfa/methods/remove.py
+++ b/sfa/methods/remove.py
@@ -6,7 +6,10 @@ from sfa.util.method import Method
 from sfa.util.parameter import Parameter, Mixed
 from sfa.trust.auth import Auth
 from sfa.util.record import GeniRecord
+from sfa.util.genitable import GeniTable
 from sfa.util.debug import log
+from sfa.trust.credential import Credential
+from sfa.server.registry import Registries
 
 class remove(Method):
     """
@@ -25,37 +28,71 @@ class remove(Method):
     accepts = [
         Parameter(str, "Credential string"),
         Parameter(str, "Record type"),
-        Parameter(str, "Human readable name (hrn) of record to be removed")
+        Parameter(str, "Human readable name (hrn) of record to be removed"),
+        Mixed(Parameter(str, "Request hash"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(int, "1 if successful")
     
-    def call(self, cred, type, hrn):
+    def call(self, cred, type, hrn, request_hash=None, origin_hrn=None):
+        # This cred will be an authority cred, not a user, so we cant use it to 
+        # authenticate the caller's request_hash. Let just get the caller's gid
+        # from the cred and authenticate using that
+        client_gid = Credential(string=cred).get_gid_caller()
+        client_gid_str = client_gid.save_to_string(save_parents=True)
+        self.api.auth.authenticateGid(client_gid_str, [cred, type, hrn], request_hash)
         self.api.auth.check(cred, "remove")
         self.api.auth.verify_object_permission(hrn)
-        auth_name = self.api.auth.get_authority(hrn)
-        table = self.api.auth.get_auth_table(auth_name)
-        record_list = table.resolve(type, hrn)
-        if not record_list:
+
+        if origin_hrn==None:
+            origin_hrn=Credential(string=cred).get_gid_caller().get_hrn()
+
+        #log the call
+        self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
+        table = GeniTable()
+        filter = {'hrn': hrn}
+        if type not in ['all', '*']:
+            filter['type'] = type
+        records = table.find(filter)
+        if not records:
             raise RecordNotFound(hrn)
-        record = record_list[0]
-        
+        record = records[0]
         type = record['type']
+
+        credential = self.api.getCredential()
+       	registries = Registries(self.api) 
+
+        # Try to remove the object from the PLCDB of federated agg.
+        # This is attempted before removing the object from the local agg's PLCDB and sfa table
+        if hrn.startswith(self.api.hrn) and type in ['user', 'slice', 'authority']:
+            for registry in registries:
+                if registry not in [self.api.hrn]:
+                    try:
+			request_hash=None
+                        result=registries[registry].remove_peer_object(credential, record, request_hash, origin_hrn)
+                    except:
+                        pass
         if type == "user":
-            if self.api.plshell.GetPersons(self.api.plauth, record.get_pointer()):
-                self.api.plshell.DeletePerson(self.api.plauth, record.get_pointer())
+            persons = self.api.plshell.GetPersons(self.api.plauth, record['pointer'])
+            # only delete this person if he has site ids. if he doesnt, it probably means 
+            # he was just removed from a site, not actually deleted
+            if persons and persons[0]['site_ids']:
+                self.api.plshell.DeletePerson(self.api.plauth, record['pointer'])
         elif type == "slice":
-            if self.api.plshell.GetSlices(self.api.plauth, record.get_pointer()):
-                self.api.plshell.DeleteSlice(self.api.plauth, record.get_pointer())
+            if self.api.plshell.GetSlices(self.api.plauth, record['pointer']):
+                self.api.plshell.DeleteSlice(self.api.plauth, record['pointer'])
         elif type == "node":
-            if self.api.plshell.GetNodes(self.api.plauth, record.get_pointer()):
-                self.api.plshell.DeleteNode(self.api.plauth, record.get_pointer())
+            if self.api.plshell.GetNodes(self.api.plauth, record['pointer']):
+                self.api.plshell.DeleteNode(self.api.plauth, record['pointer'])
         elif type == "authority":
-            if self.api.plshell.GetSites(self.api.plauth, record.get_pointer()):
-                self.api.plshell.DeleteSite(self.api.plauth, record.get_pointer())
+            if self.api.plshell.GetSites(self.api.plauth, record['pointer']):
+                self.api.plshell.DeleteSite(self.api.plauth, record['pointer'])
         else:
             raise UnknownGeniType(type)
 
         table.remove(record)
+           
+	# forward the call after replacing the root hrn
 
         return 1