From: Josh Karlin <jkarlin@bbn.com>
Date: Wed, 26 May 2010 15:53:37 +0000 (+0000)
Subject: Updated privileges for geni calls
X-Git-Tag: geni-apiv1-totrunk~5
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=49aa3b61e021d34149fdb45c080b3eea0123921b;p=sfa.git

Updated privileges for geni calls
---

diff --git a/sfa/methods/ListResources.py b/sfa/methods/ListResources.py
index 6f8611d5..b0173812 100644
--- a/sfa/methods/ListResources.py
+++ b/sfa/methods/ListResources.py
@@ -30,7 +30,7 @@ class ListResources(Method):
             xrn = options['geni_slice_urn']
             hrn, _ = urn_to_hrn(xrn)        
             
-        ValidCreds = self.api.auth.checkCredentials(creds, 'listresources', hrn)
+        ValidCreds = self.api.auth.checkCredentials(creds, '', hrn)
         origin_hrn = Credential(string=ValidCreds[0]).get_gid_caller().get_hrn()
             
                     
diff --git a/sfa/trust/rights.py b/sfa/trust/rights.py
index cb34f31e..59324e8d 100644
--- a/sfa/trust/rights.py
+++ b/sfa/trust/rights.py
@@ -15,19 +15,22 @@
 ##
 # privilege_table is a list of priviliges and what operations are allowed
 # per privilege.
+# Note that "*" is a privilege granted by ProtoGENI slice authorities, and we
+# give it access to the GENI AM calls
 
-privilege_table = {"authority": ["register", "remove", "update", "resolve", "list", "listresources", "getcredential", "*"],
+privilege_table = {"authority": ["register", "remove", "update", "resolve", "list", "getcredential", "*"],
                    "refresh": ["remove", "update"],
-                   "resolve": ["resolve", "list", "listresources", "getcredential", "getversion"],
+                   "resolve": ["resolve", "list", "getcredential"],
                    "sa": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "deleteslice", "deletesliver", "updateslice",
                           "getsliceresources", "getticket", "loanresources", "stopslice", "startslice", "renewsliver",
                           "deleteslice", "deletesliver", "resetslice", "listslices", "listnodes", "getpolicy", "sliverstatus"],
                    "embed": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "renewsliver", "deleteslice", "deletesliver", "updateslice", "sliverstatus", "getsliceresources", "shutdown"],
                    "bind": ["getticket", "loanresources", "redeemticket"],
                    "control": ["updateslice", "createslice", "createsliver", "renewsliver", "sliverstatus", "stopslice", "startslice", "deleteslice", "deletesliver", "resetslice", "getsliceresources", "getgids"],
-                   "info": ["listslices", "listnodes", "getpolicy","listresources"],
+                   "info": ["listslices", "listnodes", "getpolicy"],
                    "ma": ["setbootstate", "getbootstate", "reboot", "getgids", "gettrustedcerts"],
-                   "operator": ["gettrustedcerts", "getgids"]}
+                   "operator": ["gettrustedcerts", "getgids"],                   
+                   "*": ["createsliver", "deletesliver", "sliverstatus", "renewsliver", "shutdown"]}