From 2af028a85f5fcfdc15a38cec158de7b9cb7171b7 Mon Sep 17 00:00:00 2001
From: Tony Mack <tmack@cs.princeton.edu>
Date: Thu, 31 Dec 2009 17:27:25 +0000
Subject: [PATCH] added origin_hrn to accepted args

---
 sfa/methods/get_credential.py | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/sfa/methods/get_credential.py b/sfa/methods/get_credential.py
index 774c1f38..2ac75fea 100644
--- a/sfa/methods/get_credential.py
+++ b/sfa/methods/get_credential.py
@@ -20,6 +20,7 @@ class get_credential(Method):
     @param cred credential object specifying rights of the caller
     @param type type of object (user | slice | sa | ma | node)
     @param hrn human readable name of object
+    @param origin_hrn human readable name of calls origin 
 
     @return the string representation of a credential object  
     """
@@ -31,12 +32,13 @@ class get_credential(Method):
               Parameter(None, "No credential")),  
         Parameter(str, "Human readable name (hrn)"),
         Mixed(Parameter(str, "Request hash"),
-              Parameter(None, "Request hash not specified"))
+              Parameter(None, "Request hash not specified")),
+        Parameter(str, "Human readable name (hrn)"),
         ]
 
     returns = Parameter(str, "String representation of a credential object")
 
-    def call(self, cred, type, hrn, request_hash=None):
+    def call(self, cred, type, hrn, origin_hrn=None, request_hash=None):
 
         self.api.auth.authenticateCred(cred, [cred, type, hrn], request_hash)
         self.api.auth.check(cred, 'getcredential')
@@ -46,12 +48,26 @@ class get_credential(Method):
         # Is this a root or sub authority 
         if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN:
             auth_hrn = hrn
+
+        # get record info
         auth_info = self.api.auth.get_auth_info(auth_hrn)
         table = GeniTable()
         records = table.find({'type': type, 'hrn': hrn})
         if not records:
             raise RecordNotFound(hrn)
         record = records[0]
+        
+        # get the origin caller's gid (this is the caller's gid by default)    
+        if origin_hrn:
+            orgin_records = table.find({'hrn': origin_hrn})
+            if not origin_records:
+                raise RecordNotFound(origin_hrn)
+            origin_record = origin_records[0]
+            origin_caller_gid_object = GID(string = record['gid'])
+        else:
+            origin_caller_gid_object = self.api.auth.client_gid
+
+        
         # verify_cancreate_credential requires that the member lists
         # (researchers, pis, etc) be filled in
         self.api.fill_record_info(record)
@@ -68,6 +84,7 @@ class get_credential(Method):
 
         new_cred = Credential(subject = gid_object.get_subject())
         new_cred.set_gid_caller(self.api.auth.client_gid)
+        new_cred.set_gid_origin_caller(origin_caller_gid_object)
         new_cred.set_gid_object(gid_object)
         new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
         new_cred.set_pubkey(gid_object.get_pubkey())
-- 
2.43.0