from sfa.util.sfatime import utcparse
from sfa.trust.certificate import Keypair
from sfa.trust.credential_legacy import CredentialLegacy
-from sfa.trust.rights import Right, Rights
+from sfa.trust.rights import Right, Rights, determine_rights
from sfa.trust.gid import GID
from sfa.util.xrn import urn_to_hrn
# Convert * into the default privileges for the credential's type
# Each inherits the delegatability from the * above
_ , type = urn_to_hrn(self.gidObject.get_urn())
- rl = rlist.determine_rights(type, self.gidObject.get_urn())
+ rl = determine_rights(type, self.gidObject.get_urn())
for r in rl.rights:
r.delegate = deleg
rlist.add(r)
return False
return True
-
-
- ##
- # Determine the rights that an object should have. The rights are entirely
- # dependent on the type of the object. For example, users automatically
- # get "refresh", "resolve", and "info".
- #
- # @param type the type of the object (user | sa | ma | slice | node)
- # @param name human readable name of the object (not used at this time)
- #
- # @return Rights object containing rights
-
- def determine_rights(self, type, name):
- rl = Rights()
-
- # rights seem to be somewhat redundant with the type of the credential.
- # For example, a "sa" credential implies the authority right, because
- # a sa credential cannot be issued to a user who is not an owner of
- # the authority
-
- if type == "user":
- rl.add("refresh")
- rl.add("resolve")
- rl.add("info")
- elif type in ["sa", "authority+sa"]:
- rl.add("authority")
- rl.add("sa")
- elif type in ["ma", "authority+ma", "cm", "authority+cm", "sm", "authority+sm"]:
- rl.add("authority")
- rl.add("ma")
- elif type == "authority":
- rl.add("authority")
- rl.add("sa")
- rl.add("ma")
- elif type == "slice":
- rl.add("refresh")
- rl.add("embed")
- rl.add("bind")
- rl.add("control")
- rl.add("info")
- elif type == "component":
- rl.add("operator")
-
- return rl