+ ##
+ # verify_cancreate_credential
+ #
+ # Verify that a user can retrieve a particular type of credential. For
+ # slices, the user must be on the researcher list. For SA and MA the user
+ # must be on the pi and operator lists respectively.
+
+ def verify_cancreate_credential(self, src_cred, record):
+ type = record.get_type()
+ cred_object_hrn = src_cred.get_gid_object().get_hrn()
+ if type=="slice":
+ researchers = record.get_geni_info().get("researcher", [])
+ if not (cred_object_hrn in researchers):
+ raise PermissionError(cred_object_hrn + " is not in researcher list for " + record.get_name())
+ elif type == "sa":
+ pis = record.get_geni_info().get("pi", [])
+ if not (cred_object_hrn in pis):
+ raise PermissionError(cred_object_hrn + " is not in pi list for " + record.get_name())
+ elif type == "ma":
+ operators = record.get_geni_info().get("operator", [])
+ if not (cred_object_hrn in operators):
+ raise PermissionError(cred_object_hrn + " is not in operator list for " + record.get_name())
+