From: Tony Mack <tmack@paris.CS.Princeton.EDU>
Date: Tue, 16 Aug 2011 18:20:10 +0000 (-0400)
Subject: should check permissions in method class not manager class
X-Git-Tag: sfa-1.0-31~5
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=c66bcf7cee7cfc370144182b35ca9884bf4ca3a0;p=sfa.git

should check permissions in method class not manager class
---

diff --git a/sfa/managers/registry_manager_pl.py b/sfa/managers/registry_manager_pl.py
index 8bec1f60..9c748201 100644
--- a/sfa/managers/registry_manager_pl.py
+++ b/sfa/managers/registry_manager_pl.py
@@ -174,6 +174,9 @@ def list(api, xrn, origin_hrn=None):
     return records
 
 
+def create_gid(api, xrn, cert):
+    pass
+
 def register(api, record):
 
     hrn, type = record['hrn'], record['type']
@@ -288,7 +291,6 @@ def update(api, record_dict):
     type = new_record['type']
     hrn = new_record['hrn']
     urn = hrn_to_urn(hrn,type)
-    api.auth.verify_object_permission(hrn)
     table = SfaTable()
     # make sure the record exists
     records = table.findObjects({'type': type, 'hrn': hrn})
diff --git a/sfa/methods/Update.py b/sfa/methods/Update.py
index d36ea367..3624fc95 100644
--- a/sfa/methods/Update.py
+++ b/sfa/methods/Update.py
@@ -31,6 +31,11 @@ class Update(Method):
     def call(self, record_dict, creds):
         # validate the cred
         valid_creds = self.api.auth.checkCredentials(creds, "update")
+        
+        # verify permissions 
+        api.auth.verify_object_permission(record.get('hrn', ''))
+    
+        # log
         origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
         self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, None, self.name))