From dec7138b35234db846d96dc6ce3b5a402c474a1d Mon Sep 17 00:00:00 2001 From: Tony Mack Date: Tue, 16 Aug 2011 14:53:22 -0400 Subject: [PATCH] should verify permission in method class not manager class --- sfa/managers/registry_manager_pl.py | 7 +++++-- sfa/methods/Register.py | 10 +++++----- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/sfa/managers/registry_manager_pl.py b/sfa/managers/registry_manager_pl.py index 9c748201..e20be089 100644 --- a/sfa/managers/registry_manager_pl.py +++ b/sfa/managers/registry_manager_pl.py @@ -175,8 +175,12 @@ def list(api, xrn, origin_hrn=None): def create_gid(api, xrn, cert): - pass + # get the authority + authority = Xrn(xrn=xrn).get_authority_hrn() + auth_info = api.auth.get_auth_info(authority) + + def register(api, record): hrn, type = record['hrn'], record['type'] @@ -195,7 +199,6 @@ def register(api, record): record['authority'] = get_authority(record['hrn']) type = record['type'] hrn = record['hrn'] - api.auth.verify_object_permission(hrn) auth_info = api.auth.get_auth_info(record['authority']) pub_key = None # make sure record has a gid diff --git a/sfa/methods/Register.py b/sfa/methods/Register.py index 1233fa82..7d53fe80 100644 --- a/sfa/methods/Register.py +++ b/sfa/methods/Register.py @@ -34,15 +34,15 @@ class Register(Method): returns = Parameter(int, "String representation of gid object") def call(self, record, creds): - + # validate cred valid_creds = self.api.auth.checkCredentials(creds, 'register') + + # verify permissions + hrn = record.get('hrn', '') + api.auth.verify_object_permission(hrn) #log the call origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn() - - hrn = None - if 'hrn' in record: - hrn = record['hrn'] self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name)) manager = self.api.get_interface_manager() -- 2.43.0