git://git.onelab.eu
/
sfa.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
93511aa
)
added origin_hrn to accepted args
author
Tony Mack
<tmack@cs.princeton.edu>
Thu, 31 Dec 2009 17:27:25 +0000
(17:27 +0000)
committer
Tony Mack
<tmack@cs.princeton.edu>
Thu, 31 Dec 2009 17:27:25 +0000
(17:27 +0000)
sfa/methods/get_credential.py
patch
|
blob
|
history
diff --git
a/sfa/methods/get_credential.py
b/sfa/methods/get_credential.py
index
774c1f3
..
2ac75fe
100644
(file)
--- a/
sfa/methods/get_credential.py
+++ b/
sfa/methods/get_credential.py
@@
-20,6
+20,7
@@
class get_credential(Method):
@param cred credential object specifying rights of the caller
@param type type of object (user | slice | sa | ma | node)
@param hrn human readable name of object
@param cred credential object specifying rights of the caller
@param type type of object (user | slice | sa | ma | node)
@param hrn human readable name of object
+ @param origin_hrn human readable name of calls origin
@return the string representation of a credential object
"""
@return the string representation of a credential object
"""
@@
-31,12
+32,13
@@
class get_credential(Method):
Parameter(None, "No credential")),
Parameter(str, "Human readable name (hrn)"),
Mixed(Parameter(str, "Request hash"),
Parameter(None, "No credential")),
Parameter(str, "Human readable name (hrn)"),
Mixed(Parameter(str, "Request hash"),
- Parameter(None, "Request hash not specified"))
+ Parameter(None, "Request hash not specified")),
+ Parameter(str, "Human readable name (hrn)"),
]
returns = Parameter(str, "String representation of a credential object")
]
returns = Parameter(str, "String representation of a credential object")
- def call(self, cred, type, hrn, request_hash=None):
+ def call(self, cred, type, hrn,
origin_hrn=None,
request_hash=None):
self.api.auth.authenticateCred(cred, [cred, type, hrn], request_hash)
self.api.auth.check(cred, 'getcredential')
self.api.auth.authenticateCred(cred, [cred, type, hrn], request_hash)
self.api.auth.check(cred, 'getcredential')
@@
-46,12
+48,26
@@
class get_credential(Method):
# Is this a root or sub authority
if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
# Is this a root or sub authority
if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
+
+ # get record info
auth_info = self.api.auth.get_auth_info(auth_hrn)
table = GeniTable()
records = table.find({'type': type, 'hrn': hrn})
if not records:
raise RecordNotFound(hrn)
record = records[0]
auth_info = self.api.auth.get_auth_info(auth_hrn)
table = GeniTable()
records = table.find({'type': type, 'hrn': hrn})
if not records:
raise RecordNotFound(hrn)
record = records[0]
+
+ # get the origin caller's gid (this is the caller's gid by default)
+ if origin_hrn:
+ orgin_records = table.find({'hrn': origin_hrn})
+ if not origin_records:
+ raise RecordNotFound(origin_hrn)
+ origin_record = origin_records[0]
+ origin_caller_gid_object = GID(string = record['gid'])
+ else:
+ origin_caller_gid_object = self.api.auth.client_gid
+
+
# verify_cancreate_credential requires that the member lists
# (researchers, pis, etc) be filled in
self.api.fill_record_info(record)
# verify_cancreate_credential requires that the member lists
# (researchers, pis, etc) be filled in
self.api.fill_record_info(record)
@@
-68,6
+84,7
@@
class get_credential(Method):
new_cred = Credential(subject = gid_object.get_subject())
new_cred.set_gid_caller(self.api.auth.client_gid)
new_cred = Credential(subject = gid_object.get_subject())
new_cred.set_gid_caller(self.api.auth.client_gid)
+ new_cred.set_gid_origin_caller(origin_caller_gid_object)
new_cred.set_gid_object(gid_object)
new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
new_cred.set_pubkey(gid_object.get_pubkey())
new_cred.set_gid_object(gid_object)
new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
new_cred.set_pubkey(gid_object.get_pubkey())