From c2e91d1eb26e884450ddc4b43c3a708919de67c0 Mon Sep 17 00:00:00 2001
From: Tony Mack <tmack@cs.princeton.edu>
Date: Thu, 29 Oct 2009 18:19:47 +0000
Subject: [PATCH] reorganized

---
 sfa/methods/get_self_credential.py | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/sfa/methods/get_self_credential.py b/sfa/methods/get_self_credential.py
index b5840230..b4f3b6fa 100644
--- a/sfa/methods/get_self_credential.py
+++ b/sfa/methods/get_self_credential.py
@@ -67,22 +67,21 @@ class get_self_credential(Method):
             raise RecordNotFound(hrn)
         record = records[0]
         
-        # get the right of this record    
-        rights = self.api.auth.determine_user_rights(None, record)
-        if rights.is_empty():
-            raise PermissionError(gid.get_hrn() + " has no rights to " + record.get_name())
-       
         # authenticate the gid
-        if request_hash:
-            gid = record.get_gid_object()
-            gid_str = gid.save_to_string(save_parents=True)
-            self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash)
+        gid = record.get_gid_object()
+        gid_str = gid.save_to_string(save_parents=True)
+        self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash)
         
-        # authenticate the certificate
+        # authenticate the certificate against the gid in the db
         certificate = Certificate(string=cert)
         if not certificate.is_pubkey(gid.get_pubkey()):
             raise ConnectionKeyGIDMismatch(gid.get_subject())
 
+        # get the right of this record    
+        rights = self.api.auth.determine_user_rights(None, record)
+        if rights.is_empty():
+            raise PermissionError(gid.get_hrn() + " has no rights to " + record.get_name())
+
         # create the credential
         gid = record.get_gid_object()
         cred = Credential(subject = gid.get_subject())
-- 
2.43.0