determine_user_rights needs to give auth credentials the auth right

author Tony Mack <tmack@cs.princeton.edu>

Tue, 2 Jun 2009 20:45:06 +0000 (20:45 +0000)

committer Tony Mack <tmack@cs.princeton.edu>

Tue, 2 Jun 2009 20:45:06 +0000 (20:45 +0000)
author Tony Mack <tmack@cs.princeton.edu>
Tue, 2 Jun 2009 20:45:06 +0000 (20:45 +0000)
committer Tony Mack <tmack@cs.princeton.edu>
Tue, 2 Jun 2009 20:45:06 +0000 (20:45 +0000)
diff --git a/geni/util/auth.py b/geni/util/auth.py

index 9f98963..0204122 100644 (file)
--- a/geni/util/auth.py
+++ b/geni/util/auth.py
@@ -179,12 +179,11 @@ class Auth:
          elif type == "authority":
              pis = record.get_geni_info().get("pi", [])
              operators = record.get_geni_info().get("operator", [])
+            rl.add("authority")
              if (cred_object_hrn in pis):
                  rl.add("sa")
              if (cred_object_hrn in operators):
                  rl.add("ma")
-            if (cred_object_hrn in pis) or (cred_object_hrn in operators):
-                rl.add("authority")
  
          elif type == "user":
              rl.add("refresh")
author	Tony Mack <tmack@cs.princeton.edu>
	Tue, 2 Jun 2009 20:45:06 +0000 (20:45 +0000)
committer	Tony Mack <tmack@cs.princeton.edu>
	Tue, 2 Jun 2009 20:45:06 +0000 (20:45 +0000)