X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Frights.py;h=14749cbeefadcad4e6e4b08e58abeb24510bf937;hb=a41875175bb14a69fc9a017e1e7fc5177302f3aa;hp=c96703b47644dd2319941917a318558d91cef0df;hpb=9887cc98e96651bc4dd1a1999f299800c187b520;p=sfa.git

diff --git a/sfa/trust/rights.py b/sfa/trust/rights.py
index c96703b4..14749cbe 100644
--- a/sfa/trust/rights.py
+++ b/sfa/trust/rights.py
@@ -24,9 +24,11 @@ privilege_table = {"authority": ["register", "remove", "update", "resolve", "lis
                    "sa": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "deleteslice", "deletesliver", "updateslice",
                           "getsliceresources", "getticket", "loanresources", "stopslice", "startslice", "renewsliver",
                           "deleteslice", "deletesliver", "resetslice", "listslices", "listnodes", "getpolicy", "sliverstatus"],
-                   "embed": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "renewsliver", "deleteslice", "deletesliver", "updateslice", "sliverstatus", "getsliceresources", "shutdown"],
+                   "embed": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "renewsliver", "deleteslice", 
+                             "deletesliver", "updateslice", "sliverstatus", "getsliceresources", "shutdown"],
                    "bind": ["getticket", "loanresources", "redeemticket"],
-                   "control": ["updateslice", "createslice", "createsliver", "renewsliver", "sliverstatus", "stopslice", "startslice", "deleteslice", "deletesliver", "resetslice", "getsliceresources", "getgids"],
+                   "control": ["updateslice", "createslice", "createsliver", "renewsliver", "sliverstatus", "stopslice", "startslice", 
+                               "deleteslice", "deletesliver", "resetslice", "getsliceresources", "getgids"],
                    "info": ["listslices", "listnodes", "getpolicy"],
                    "ma": ["setbootstate", "getbootstate", "reboot", "getgids", "gettrustedcerts"],
                    "operator": ["gettrustedcerts", "getgids"],                   
@@ -35,7 +37,7 @@ privilege_table = {"authority": ["register", "remove", "update", "resolve", "lis
 
 
 ##
-# Determine tje rights that an object should have. The rights are entirely
+# Determine the rights that an object should have. The rights are entirely
 # dependent on the type of the object. For example, users automatically
 # get "refresh", "resolve", and "info".
 #
@@ -55,10 +57,10 @@ def determine_rights(type, name):
         rl.add("refresh")
         rl.add("resolve")
         rl.add("info")
-    elif type == "sa":
+    elif type in ["sa", "authority+sa"]:
         rl.add("authority")
         rl.add("sa")
-    elif type == "ma":
+    elif type in ["ma", "authority+ma", "cm", "authority+cm"]:
         rl.add("authority")
         rl.add("ma")
     elif type == "authority":
@@ -198,6 +200,7 @@ class Rights:
     # @param op_name is an operation to check, for example "listslices"
 
     def can_perform(self, op_name):
+        
         for right in self.rights:
             if right.can_perform(op_name):
                 return True
@@ -217,6 +220,7 @@ class Rights:
             for my_right in self.rights:
                 if my_right.is_superset(child_right):
                     allowed = True
+                    break
             if not allowed:
                 return False
         return True
@@ -266,10 +270,10 @@ class Rights:
             rl.add("refresh")
             rl.add("resolve")
             rl.add("info")
-        elif type == "sa":
+        elif type in ["sa", "authority+sa"]:
             rl.add("authority")
             rl.add("sa")
-        elif type == "ma":
+        elif type in ["ma", "authority+ma", "cm", "authority+cm"]:
             rl.add("authority")
             rl.add("ma")
         elif type == "authority":