reorganized

diff --git a/sfa/methods/get_self_credential.py b/sfa/methods/get_self_credential.py
index b584023..b4f3b6f 100644 (file)
--- a/sfa/methods/get_self_credential.py
+++ b/sfa/methods/get_self_credential.py
@@ -67,22 +67,21 @@ class get_self_credential(Method):
             raise RecordNotFound(hrn)
         record = records[0]
         
-        # get the right of this record    
-        rights = self.api.auth.determine_user_rights(None, record)
-        if rights.is_empty():
-            raise PermissionError(gid.get_hrn() + " has no rights to " + record.get_name())
-       
         # authenticate the gid
-        if request_hash:
-            gid = record.get_gid_object()
-            gid_str = gid.save_to_string(save_parents=True)
-            self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash)
+        gid = record.get_gid_object()
+        gid_str = gid.save_to_string(save_parents=True)
+        self.api.auth.authenticateGid(gid_str, [cert, type, hrn], request_hash)
         
-        # authenticate the certificate
+        # authenticate the certificate against the gid in the db
         certificate = Certificate(string=cert)
         if not certificate.is_pubkey(gid.get_pubkey()):
             raise ConnectionKeyGIDMismatch(gid.get_subject())
 
+        # get the right of this record    
+        rights = self.api.auth.determine_user_rights(None, record)
+        if rights.is_empty():
+            raise PermissionError(gid.get_hrn() + " has no rights to " + record.get_name())
+
         # create the credential
         gid = record.get_gid_object()
         cred = Credential(subject = gid.get_subject())