-"""
-Create a new plauth object that the Aggregate Manager can use to execute
-plshell commands as the authenticated user.
-"""
-def __get_user_plauth(api, registry, credential, creds, operation, hrn):
- plauth = None
-
- user_creds = api.auth.checkCredentials(creds, operation, hrn)
- user_cred_obj = Credential(string=user_creds[0])
-
- # If user cred has a parent then the caller is the parent's cred.
- # This is true for delegated creds.
- if user_cred_obj.parent:
- user_hrn = user_cred_obj.parent.get_gid_caller().get_hrn()
- else:
- user_hrn = user_cred_obj.get_gid_caller().get_hrn()
-
- user_record = registry.Resolve(user_hrn, [credential])[0]
- email = user_record['email']
-
- person = api.plshell.GetPersons(api.plauth, email)
- if person:
- person_id = person[0]['person_id']
- # Get the user's session if one exists, create one otherwise
- session = api.plshell.GetSessions(api.plauth, {'person_id': person_id})
- if not session:
- session = api.plshell.AddSession(api.plauth, person_id)
- else:
- session = session[0]['session_id']
-
- # Create new authentication token
- plauth = {'Username':email, 'AuthMethod':'session', 'session':session}
-
- return plauth
-