Merge "Policy Enforcer, pass entire context dict"
This commit is contained in:
commit
1a2747c5e3
@ -59,11 +59,7 @@ class Enforcer(object):
|
||||
:returns: A non-False value if access is allowed.
|
||||
"""
|
||||
do_raise = False if not exc else True
|
||||
credentials = {
|
||||
'roles': context.roles,
|
||||
'user': context.username,
|
||||
'tenant': context.tenant,
|
||||
}
|
||||
credentials = context.to_dict()
|
||||
return self.enforcer.enforce(rule, target, credentials,
|
||||
do_raise, exc=exc, *args, **kwargs)
|
||||
|
||||
|
@ -188,3 +188,12 @@ class TestPolicyEnforcer(HeatTestCase):
|
||||
|
||||
ctx = utils.dummy_context(roles=['admin'])
|
||||
self.assertTrue(enforcer.check_is_admin(ctx))
|
||||
|
||||
def test_enforce_creds(self):
|
||||
enforcer = policy.Enforcer()
|
||||
ctx = utils.dummy_context(roles=['admin'])
|
||||
self.m.StubOutWithMock(base_policy.Enforcer, 'enforce')
|
||||
base_policy.Enforcer.enforce('context_is_admin', {}, ctx.to_dict(),
|
||||
False, exc=None).AndReturn(True)
|
||||
self.m.ReplayAll()
|
||||
self.assertTrue(enforcer.check_is_admin(ctx))
|
||||
|
Loading…
Reference in New Issue
Block a user