+
+ def determine_user_rights(self, src_cred, record):
+ """
+ Given a user credential and a record, determine what set of rights the
+ user should have to that record.
+
+ This is intended to replace determine_rights() and
+ verify_cancreate_credential()
+ """
+
+ type = record.get_type()
+ cred_object_hrn = src_cred.get_gid_object().get_hrn()
+
+ rl = RightList()
+
+ if type=="slice":
+ researchers = record.get_geni_info().get("researcher", [])
+ if (cred_object_hrn in researchers):
+ rl.add("refresh")
+ rl.add("embed")
+ rl.add("bind")
+ rl.add("control")
+ rl.add("info")
+
+ elif type == "authority":
+ pis = record.get_geni_info().get("pi", [])
+ operators = record.get_geni_info().get("operator", [])
+ if (cred_object_hrn in pis):
+ rl.add("sa")
+ if (cred_object_hrn in operators):
+ rl.add("ma")
+ if (cred_object_hrn in pis) or (cred_object_hrn in operators):
+ rl.add("authority")
+
+ elif type == "user":
+ rl.add("refresh")
+ rl.add("resolve")
+ rl.add("info")
+
+ return rl
+