From ec74e6b27d2095b9ff8d5dd7b499fb58dadd127c Mon Sep 17 00:00:00 2001 From: Tony Mack Date: Mon, 26 Oct 2009 14:16:42 +0000 Subject: [PATCH] only allow authority creds if oject_hrn in pi list --- sfa/trust/auth.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py index f3609b3f..57583e46 100644 --- a/sfa/trust/auth.py +++ b/sfa/trust/auth.py @@ -240,11 +240,10 @@ class Auth: elif type == "authority": pis = record.get("pi", []) operators = record.get("operator", []) - rl.add("authority,sa,ma") if (cred_object_hrn in pis): - rl.add("sa") + rl.add("authority,sa") if (cred_object_hrn in operators): - rl.add("ma") + rl.add("authority,ma") elif type == "user": rl.add("refresh") -- 2.45.2