X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Frights.py;h=1b8baa4f4ec556bcf5bac26408edd2a1ff0a649f;hb=3d9943d1e5f993408b618cde29ff31b3585e5cef;hp=c96703b47644dd2319941917a318558d91cef0df;hpb=47c8f4ead3bb58adabb9f4601acb4796a566187b;p=sfa.git

diff --git a/sfa/trust/rights.py b/sfa/trust/rights.py
index c96703b4..1b8baa4f 100644
--- a/sfa/trust/rights.py
+++ b/sfa/trust/rights.py
@@ -24,9 +24,11 @@ privilege_table = {"authority": ["register", "remove", "update", "resolve", "lis
                    "sa": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "deleteslice", "deletesliver", "updateslice",
                           "getsliceresources", "getticket", "loanresources", "stopslice", "startslice", "renewsliver",
                           "deleteslice", "deletesliver", "resetslice", "listslices", "listnodes", "getpolicy", "sliverstatus"],
-                   "embed": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "renewsliver", "deleteslice", "deletesliver", "updateslice", "sliverstatus", "getsliceresources", "shutdown"],
+                   "embed": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "renewsliver", "deleteslice", 
+                             "deletesliver", "updateslice", "sliverstatus", "getsliceresources", "shutdown"],
                    "bind": ["getticket", "loanresources", "redeemticket"],
-                   "control": ["updateslice", "createslice", "createsliver", "renewsliver", "sliverstatus", "stopslice", "startslice", "deleteslice", "deletesliver", "resetslice", "getsliceresources", "getgids"],
+                   "control": ["updateslice", "createslice", "createsliver", "renewsliver", "sliverstatus", "stopslice", "startslice", 
+                               "deleteslice", "deletesliver", "resetslice", "getsliceresources", "getgids"],
                    "info": ["listslices", "listnodes", "getpolicy"],
                    "ma": ["setbootstate", "getbootstate", "reboot", "getgids", "gettrustedcerts"],
                    "operator": ["gettrustedcerts", "getgids"],                   
@@ -35,7 +37,7 @@ privilege_table = {"authority": ["register", "remove", "update", "resolve", "lis
 
 
 ##
-# Determine tje rights that an object should have. The rights are entirely
+# Determine the rights that an object should have. The rights are entirely
 # dependent on the type of the object. For example, users automatically
 # get "refresh", "resolve", and "info".
 #
@@ -55,10 +57,10 @@ def determine_rights(type, name):
         rl.add("refresh")
         rl.add("resolve")
         rl.add("info")
-    elif type == "sa":
+    elif type in ["sa", "authority+sa"]:
         rl.add("authority")
         rl.add("sa")
-    elif type == "ma":
+    elif type in ["ma", "authority+ma", "cm", "authority+cm", "sm", "authority+sm"]:
         rl.add("authority")
         rl.add("ma")
     elif type == "authority":
@@ -71,6 +73,7 @@ def determine_rights(type, name):
         rl.add("bind")
         rl.add("control")
         rl.add("info")
+# wouldn't that be authority+cm instead ?
     elif type == "component":
         rl.add("operator")
     return rl
@@ -91,6 +94,8 @@ class Right:
         self.kind = kind
         self.delegate = delegate
 
+    def __repr__ (self): return "<Rgt:%s>"%self.kind
+
     ##
     # Test to see if this right object is allowed to perform an operation.
     # Returns True if the operation is allowed, False otherwise.
@@ -145,6 +150,8 @@ class Rights:
         if string:
             self.load_from_string(string)
 
+    def __repr__ (self): return "[" + " ".join( ["%s"%r for r in self.rights]) + "]"
+
     def is_empty(self):
         return self.rights == []
 
@@ -198,6 +205,7 @@ class Rights:
     # @param op_name is an operation to check, for example "listslices"
 
     def can_perform(self, op_name):
+        
         for right in self.rights:
             if right.can_perform(op_name):
                 return True
@@ -217,6 +225,7 @@ class Rights:
             for my_right in self.rights:
                 if my_right.is_superset(child_right):
                     allowed = True
+                    break
             if not allowed:
                 return False
         return True
@@ -242,47 +251,3 @@ class Rights:
                 return False
         return True
 
-
-
-    ##
-    # Determine the rights that an object should have. The rights are entirely
-    # dependent on the type of the object. For example, users automatically
-    # get "refresh", "resolve", and "info".
-    #
-    # @param type the type of the object (user | sa | ma | slice | node)
-    # @param name human readable name of the object (not used at this time)
-    #
-    # @return Rights object containing rights
-
-    def determine_rights(self, type, name):
-        rl = Rights()
-
-        # rights seem to be somewhat redundant with the type of the credential.
-        # For example, a "sa" credential implies the authority right, because
-        # a sa credential cannot be issued to a user who is not an owner of
-        # the authority
-
-        if type == "user":
-            rl.add("refresh")
-            rl.add("resolve")
-            rl.add("info")
-        elif type == "sa":
-            rl.add("authority")
-            rl.add("sa")
-        elif type == "ma":
-            rl.add("authority")
-            rl.add("ma")
-        elif type == "authority":
-            rl.add("authority")
-            rl.add("sa")
-            rl.add("ma")
-        elif type == "slice":
-            rl.add("refresh")
-            rl.add("embed")
-            rl.add("bind")
-            rl.add("control")
-            rl.add("info")
-        elif type == "component":
-            rl.add("operator")
-
-        return rl