From 69cca9d43487b57e00012b570006406d60359245 Mon Sep 17 00:00:00 2001
From: Tony Mack <tmack@cs.princeton.edu>
Date: Thu, 31 Dec 2009 18:33:44 +0000
Subject: [PATCH] removing origin_hrn from get_credential() call.

---
 sfa/methods/get_credential.py | 22 ++--------------------
 sfa/plc/api.py                | 25 +++++++------------------
 2 files changed, 9 insertions(+), 38 deletions(-)

diff --git a/sfa/methods/get_credential.py b/sfa/methods/get_credential.py
index 742514c5..5d3003a0 100644
--- a/sfa/methods/get_credential.py
+++ b/sfa/methods/get_credential.py
@@ -20,7 +20,6 @@ class get_credential(Method):
     @param cred credential object specifying rights of the caller
     @param type type of object (user | slice | sa | ma | node)
     @param hrn human readable name of object
-    @param origin_hrn human readable name of calls origin 
 
     @return the string representation of a credential object  
     """
@@ -32,13 +31,12 @@ class get_credential(Method):
               Parameter(None, "No credential")),  
         Parameter(str, "Human readable name (hrn)"),
         Mixed(Parameter(str, "Request hash"),
-              Parameter(None, "Request hash not specified")),
-        Parameter(str, "Human readable name (hrn)"),
+              Parameter(None, "Request hash not specified"))
         ]
 
     returns = Parameter(str, "String representation of a credential object")
 
-    def call(self, cred, type, hrn, origin_hrn=None, request_hash=None):
+    def call(self, cred, type, hrn, request_hash=None):
 
         self.api.auth.authenticateCred(cred, [cred, type, hrn], request_hash)
         self.api.auth.check(cred, 'getcredential')
@@ -57,17 +55,6 @@ class get_credential(Method):
             raise RecordNotFound(hrn)
         record = records[0]
         
-        # get the origin caller's gid (this is the caller's gid by default)    
-        if origin_hrn:
-            orgin_records = table.find({'hrn': origin_hrn})
-            if not origin_records:
-                raise RecordNotFound(origin_hrn)
-            origin_record = origin_records[0]
-            origin_caller_gid_object = GID(string = record['gid'])
-        else:
-            origin_caller_gid_object = self.api.auth.client_gid
-
-        
         # verify_cancreate_credential requires that the member lists
         # (researchers, pis, etc) be filled in
         self.api.fill_record_info(record)
@@ -79,15 +66,10 @@ class get_credential(Method):
         if rights.is_empty():
             raise PermissionError(object_hrn + " has no rights to " + record['name'])
         
-        # make sure origin caller is either the caller or a child of the caller
-        if not origin_hrn.startswith(caller_hrn):
-            raise PermissionError("origin caller (%s) is not a child of actual caller (%s)" % (origin_hrn, caller_hrn) 
-
         gid = record['gid']
         gid_object = GID(string=gid)
         new_cred = Credential(subject = gid_object.get_subject())
         new_cred.set_gid_caller(self.api.auth.client_gid)
-        new_cred.set_gid_origin_caller(origin_caller_gid_object)
         new_cred.set_gid_object(gid_object)
         new_cred.set_issuer(key=auth_info.get_pkey_object(), subject=auth_hrn)
         new_cred.set_pubkey(gid_object.get_pubkey())
diff --git a/sfa/plc/api.py b/sfa/plc/api.py
index ffcacfb5..7407f9a9 100644
--- a/sfa/plc/api.py
+++ b/sfa/plc/api.py
@@ -92,13 +92,13 @@ class GeniAPI(BaseAPI):
             return '4.2'
             
 
-    def getCredential(self, origin_hrn=None):
+    def getCredential(self):
         if self.interface in ['registry']:
-            return self.getCredentialFromLocalRegistry(origin_hrn)
+            return self.getCredentialFromLocalRegistry()
         else:
-            return self.getCredentialFromRegistry(origin_hrn)
+            return self.getCredentialFromRegistry()
     
-    def getCredentialFromRegistry(self, origin_hrn=None):
+    def getCredentialFromRegistry(self):
         """ 
         Get our credential from a remote registry using a geniclient connection
         """
@@ -119,15 +119,15 @@ class GeniAPI(BaseAPI):
             request_hash=self.key.compute_hash(arg_list)
             self_cred = registry.get_self_credential(cert_string, type, self.hrn, request_hash)
             # get credential
-            arg_list = [self_cred,type,self.hrn,origin_hrn]
+            arg_list = [self_cred,type,self.hrn]
             request_hash=self.key.compute_hash(arg_list)
-            cred = registry.get_credential(self_cred, type, self.hrn, origin_hrn, request_hash)
+            cred = registry.get_credential(self_cred, type, self.hrn, request_hash)
             
             # save cred to file
             Credential(string=cred).save_to_file(cred_filename, save_parents=True)
             return cred
 
-    def getCredentialFromLocalRegistry(self, origin_hrn=None):
+    def getCredentialFromLocalRegistry(self):
         """
         Get our current credential directly from the local registry.
         """
@@ -147,17 +147,6 @@ class GeniAPI(BaseAPI):
         record = records[0]
         type = record['type']
         object_gid = record.get_gid_object()
-        
-        # get the origin caller's gid (this is the caller's gid by default)
-        if origin_hrn:
-            orgin_records = table.find({'hrn': origin_hrn})
-            if not origin_records:
-                raise RecordNotFound(origin_hrn)
-            origin_record = origin_records[0]
-            origin_caller_gid_object = GID(string = record['gid'])
-        else:
-            origin_caller_gid_object = object_gid
-
         new_cred = Credential(subject = object_gid.get_subject())
         new_cred.set_gid_caller(object_gid)
         new_cred.set_gid_object(object_gid)
-- 
2.43.0