pass a record object (instead of dict) to determine_user_rights
Thierry Parmentelat [Mon, 7 May 2012 13:58:42 +0000 (15:58 +0200)]
sfa/managers/registry_manager.py
sfa/storage/model.py
sfa/trust/auth.py

index 518072b..87a2c9e 100644 (file)
@@ -79,7 +79,8 @@ class RegistryManager:
             caller_gid = GID(string=caller_record.gid)
  
         object_hrn = record.get_gid_object().get_hrn()
-        rights = api.auth.determine_user_rights(caller_hrn, record.__dict__)
+        # call the builtin authorization/credential generation engine
+        rights = api.auth.determine_user_rights(caller_hrn, record)
         # make sure caller has rights to this object
         if rights.is_empty():
             raise PermissionError("%s has no rights to %s (%s)" % \
index ad54cf9..448d80a 100644 (file)
@@ -114,6 +114,10 @@ class RegRecord (Base,AlchemyObj):
         result += ">"
         return result
 
+    # shortcut - former implem. was record-based
+    def get (self, field, default):
+        return getattr(self,field,default)
+
     @validates ('gid')
     def validate_gid (self, key, gid):
         if gid is None:                     return
index c2b4980..31ba051 100644 (file)
@@ -234,7 +234,7 @@ class Auth:
     
         raise PermissionError(name)
 
-    def determine_user_rights(self, caller_hrn, record):
+    def determine_user_rights(self, caller_hrn, reg_record):
         """
         Given a user credential and a record, determine what set of rights the
         user should have to that record.
@@ -244,40 +244,40 @@ class Auth:
         """
 
         rl = Rights()
-        type = record['type']
+        type = reg_record.type
 
 
-        if type=="slice":
-            researchers = record.get("researcher", [])
-            pis = record.get("PI", [])
+        if type=='slice':
+            researchers = reg_record.get('researcher',[])
+            pis = reg_record.get('PI',[])
             if (caller_hrn in researchers + pis):
-                rl.add("refresh")
-                rl.add("embed")
-                rl.add("bind")
-                rl.add("control")
-                rl.add("info")
-
-        elif type == "authority":
-            pis = record.get("PI", [])
-            operators = record.get("operator", [])
+                rl.add('refresh')
+                rl.add('embed')
+                rl.add('bind')
+                rl.add('control')
+                rl.add('info')
+
+        elif type == 'authority':
+            pis = reg_record.get('PI',[])
+            operators = reg_record.get('operator',[])
             if (caller_hrn == self.config.SFA_INTERFACE_HRN):
-                rl.add("authority")
-                rl.add("sa")
-                rl.add("ma")
+                rl.add('authority')
+                rl.add('sa')
+                rl.add('ma')
             if (caller_hrn in pis):
-                rl.add("authority")
-                rl.add("sa")
+                rl.add('authority')
+                rl.add('sa')
             if (caller_hrn in operators):
-                rl.add("authority")
-                rl.add("ma")
+                rl.add('authority')
+                rl.add('ma')
 
-        elif type == "user":
-            rl.add("refresh")
-            rl.add("resolve")
-            rl.add("info")
+        elif type == 'user':
+            rl.add('refresh')
+            rl.add('resolve')
+            rl.add('info')
 
-        elif type == "node":
-            rl.add("operator")
+        elif type == 'node':
+            rl.add('operator')
 
         return rl