git://git.onelab.eu
/
sfa.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
1f6e764
)
fix rights when getting self credential
author
Scott Baker
<bakers@cs.arizona.edu>
Wed, 29 Apr 2009 01:10:28 +0000
(
01:10
+0000)
committer
Scott Baker
<bakers@cs.arizona.edu>
Wed, 29 Apr 2009 01:10:28 +0000
(
01:10
+0000)
geni/methods/get_credential.py
patch
|
blob
|
history
diff --git
a/geni/methods/get_credential.py
b/geni/methods/get_credential.py
index
aecd7e5
..
0bb698d
100644
(file)
--- a/
geni/methods/get_credential.py
+++ b/
geni/methods/get_credential.py
@@
-62,6
+62,7
@@
class get_credential(Method):
new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
new_cred.set_pubkey(object_gid.get_pubkey())
new_cred.set_privileges(rights)
new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
new_cred.set_pubkey(object_gid.get_pubkey())
new_cred.set_privileges(rights)
+ new_cred.set_delegate(True)
auth_kind = "authority,ma,sa"
new_cred.set_parent(self.api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
auth_kind = "authority,ma,sa"
new_cred.set_parent(self.api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
@@
-106,6
+107,10
@@
class get_credential(Method):
if not peer_cert.is_pubkey(gid.get_pubkey()):
raise ConnectionKeyGIDMismatch(gid.get_subject())
if not peer_cert.is_pubkey(gid.get_pubkey()):
raise ConnectionKeyGIDMismatch(gid.get_subject())
+ rights = self.api.auth.determine_user_rights(None, record)
+ if rights.is_empty():
+ raise PermissionError(self.api.auth.client_cred.get_gid_object().get_hrn() + " has no rights to " + record.get_name())
+
# create the credential
gid = record.get_gid_object()
cred = Credential(subject = gid.get_subject())
# create the credential
gid = record.get_gid_object()
cred = Credential(subject = gid.get_subject())
@@
-113,9
+118,8
@@
class get_credential(Method):
cred.set_gid_object(gid)
cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
cred.set_pubkey(gid.get_pubkey())
cred.set_gid_object(gid)
cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
cred.set_pubkey(gid.get_pubkey())
-
- rl = determine_rights(type, hrn)
- cred.set_privileges(rl)
+ cred.set_privileges(rights)
+ cred.set_delegate(True)
auth_kind = "authority,sa,ma"
cred.set_parent(self.api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))
auth_kind = "authority,sa,ma"
cred.set_parent(self.api.auth.hierarchy.get_auth_cred(auth_hrn, kind=auth_kind))