Use to_policy_values for enforcing policy

oslo_context's to_policy_values provides a standard list of parameters that policy should be able to be enforced upon. The combination of this and from_environ lets oslo.context handle adding new values to policy enforcement. Closes-Bug: #1602081 Change-Id: I8f70580e7209412800aa7b948602b003392ef238
2016-07-11 11:25:46 +10:00 · 2016-07-11 11:25:46 +10:00 · bc5a2d9741
parent 109241db58
commit bc5a2d9741
2 changed files with 10 additions and 1 deletions
--- a/cinder/context.py
+++ b/cinder/context.py
@ -145,6 +145,13 @@ class RequestContext(context.RequestContext):
                   user_domain=values.get('user_domain'),
                   project_domain=values.get('project_domain'))

+    def to_policy_values(self):
+        policy = super(RequestContext, self).to_policy_values()
+
+        policy['is_admin'] = self.is_admin
+
+        return policy
+
    def elevated(self, read_deleted=None, overwrite=False):
        """Return a version of this context with admin flag set."""
        context = self.deepcopy()
--- a/cinder/policy.py
+++ b/cinder/policy.py
@ -64,7 +64,9 @@ def enforce(context, action, target):
    """
    init()

-    return _ENFORCER.enforce(action, target, context.to_dict(),
+    return _ENFORCER.enforce(action,
+                             target,
+                             context.to_policy_values(),
                             do_raise=True,
                             exc=exception.PolicyNotAuthorized,
                             action=action)