Don't raise 'NotAuthorized' inside when soft authorization

Using try/except block when performing soft authorization is less efficient and will lead to lots of confusing error messages, pass 'fatal' parameter directly to inner authorize function. Change-Id: I0bdf23e371ff8469080982553cb1ffd8a64c9e2d Closes-Bug: #1736854
2017-12-07 17:29:59 +08:00
parent af06ceb2c5
commit e805dcad93
4 changed files with 9 additions and 19 deletions
--- a/cinder/context.py
+++ b/cinder/context.py
@@ -160,7 +160,7 @@ class RequestContext(context.RequestContext):
        :param: target_obj: dictionary representing the object which will be
            used to update target.
        :param fatal: if False, will return False when an
-            exception.NotAuthorized occurs.
+            exception.PolicyNotAuthorized occurs.

        :raises cinder.exception.NotAuthorized: if verification fails and fatal
            is True.
@@ -177,12 +177,9 @@ class RequestContext(context.RequestContext):
                target_obj.obj_to_primitive()['versioned_object.data'] or {})
        else:
            target.update(target_obj or {})
-        try:
-            return policy.authorize(self, action, target)
-        except exception.NotAuthorized:
-            if fatal:
-                raise
-            return False
+
+        return policy.authorize(self, action, target, do_raise=fatal,
+                                exc=exception.PolicyNotAuthorized)

    def to_policy_values(self):
        policy = super(RequestContext, self).to_policy_values()