From c66bcf7cee7cfc370144182b35ca9884bf4ca3a0 Mon Sep 17 00:00:00 2001 From: Tony Mack Date: Tue, 16 Aug 2011 14:20:10 -0400 Subject: [PATCH] should check permissions in method class not manager class --- sfa/managers/registry_manager_pl.py | 4 +++- sfa/methods/Update.py | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/sfa/managers/registry_manager_pl.py b/sfa/managers/registry_manager_pl.py index 8bec1f60..9c748201 100644 --- a/sfa/managers/registry_manager_pl.py +++ b/sfa/managers/registry_manager_pl.py @@ -174,6 +174,9 @@ def list(api, xrn, origin_hrn=None): return records +def create_gid(api, xrn, cert): + pass + def register(api, record): hrn, type = record['hrn'], record['type'] @@ -288,7 +291,6 @@ def update(api, record_dict): type = new_record['type'] hrn = new_record['hrn'] urn = hrn_to_urn(hrn,type) - api.auth.verify_object_permission(hrn) table = SfaTable() # make sure the record exists records = table.findObjects({'type': type, 'hrn': hrn}) diff --git a/sfa/methods/Update.py b/sfa/methods/Update.py index d36ea367..3624fc95 100644 --- a/sfa/methods/Update.py +++ b/sfa/methods/Update.py @@ -31,6 +31,11 @@ class Update(Method): def call(self, record_dict, creds): # validate the cred valid_creds = self.api.auth.checkCredentials(creds, "update") + + # verify permissions + api.auth.verify_object_permission(record.get('hrn', '')) + + # log origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn() self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, None, self.name)) -- 2.47.0