'urn':xrn.get_urn(),
'peers':peers})
- def GetCredential(self, api, xrn, type, is_self=False):
+ def GetCredential(self, api, xrn, type, caller_xrn=None):
# convert xrn to hrn
if type:
hrn = urn_to_hrn(xrn)[0]
raise AccountNotEnabled(": PlanetLab account %s is not enabled. Please contact your site PI" %(record.email))
# get the callers gid
- # if this is a self cred the record's gid is the caller's gid
- if is_self:
+ # if caller_xrn is not specified assume the caller is the record
+ # object itself.
+ if not caller_xrn:
caller_hrn = hrn
caller_gid = record.get_gid_object()
else:
- caller_gid = api.auth.client_cred.get_gid_caller()
- caller_hrn = caller_gid.get_hrn()
-
+ caller_hrn, caller_type = urn_to_hrn(caller_xrn)
+ caller_record = dbsession.query(RegRecord).filter_by(hrn=caller_hrn).first()
+ if caller_type:
+ caller_record = caller_record.filter_by(type=caller_type)
+ if not caller_record:
+ raise RecordNotFound("Unable to associated caller (hrn=%s, type=%s) with credential for (hrn: %s, type: %s)"%(caller_hrn, caller_type, hrn, type))
+ caller_gid = GID(string=caller_record.gid)
+
object_hrn = record.get_gid_object().get_hrn()
rights = api.auth.determine_user_rights(caller_hrn, record.__dict__)
# make sure caller has rights to this object
class RegistryManager(RegistryManager):
- def GetCredential(self, api, xrn, type, is_self=False):
+ def GetCredential(self, api, xrn, type, caller_xrn = None):
# convert xrn to hrn
if type:
hrn = urn_to_hrn(xrn)[0]
auth_hrn = hrn
auth_info = api.auth.get_auth_info(auth_hrn)
# get record info
- record=dbsession.query(RegRecord).filter_by(type=type,hrn=hrn).first()
+ record=dbsession.query(RegRecord).filter_by(hrn=hrn).first()
+ if type:
+ record = record.filter_by(type=type)
if not record:
raise RecordNotFound("hrn=%s, type=%s"%(hrn,type))
raise AccountNotEnabled(": PlanetLab account %s is not enabled. Please contact your site PI" %(record.email))
# get the callers gid
- # if this is a self cred the record's gid is the caller's gid
- if is_self:
+ # if caller_xrn is not specified assume the caller is the record
+ # object itself.
+ if not caller_xrn:
caller_hrn = hrn
caller_gid = record.get_gid_object()
else:
- caller_gid = api.auth.client_cred.get_gid_caller()
- caller_hrn = caller_gid.get_hrn()
+ caller_hrn, caller_type = urn_to_hrn(caller_xrn)
+ caller_record = dbsession.query(RegRecord).filter_by(hrn=caller_hrn).first()
+ if caller_type:
+ caller_record = caller_record.filter_by(type=caller_type)
+ if not caller_record:
+ raise RecordNotFound("Unable to associated caller (hrn=%s, type=%s) with credential for (hrn: %s, type: %s)"%(caller_hrn, caller_type, hrn, type))
+ caller_gid = GID(string=caller_record.gid)
object_hrn = record.get_gid_object().get_hrn()
rights = api.auth.determine_user_rights(caller_hrn, record.__dict__)
origin_hrn = Credential(string=valid_creds[0]).get_gid_caller().get_hrn()
self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, origin_hrn, hrn, self.name))
- return self.api.manager.GetCredential(self.api, xrn, type)
+ return self.api.manager.GetCredential(self.api, xrn, self.api.auth.client_gid.get_urn())
self.api.logger.debug("ConnectionKeyGIDMismatch, %s filename: %s"%(name,obj.filename))
raise ConnectionKeyGIDMismatch(gid.get_subject())
- return self.api.manager.GetCredential(self.api, xrn, type, is_self=True)
+ return self.api.manager.GetCredential(self.api, xrn, type)