openstack/deb-horizon
Code Issues Proposed changes

Policy check needs to check for None in target

Browse Source 
For objects that don't have a project_id attached to them, the
property can be set to None, which does not get overridden in
the policy engine where it being not set currently does.  This
adds a check for user_id and project_id being None and setting them
if they are.

Change-Id: I7aeb6d3830a19a7191de9944f8de90ee12dbf127
Closes-bug: #1274053
This commit is contained in:
David Lyle 2014-02-03 13:09:04 -07:00
parent 6b73dc6e3b
commit ae82f1d83c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openstack_dashboard/policy.py
View File

@ -108,10 +108,10 @@ def check(actions, request, target={}):
# don't want to block all actions because the operator did not fully
# understand the implication of editing the policy file. Additionally,
# the service APIs will correct us if we are too permissive.
if 'project_id' not in target:
if target.get('project_id') is None:
target['project_id'] = user.project_id
# same for user_id
if 'user_id' not in target:
if target.get('user_id') is None:
target['user_id'] = user.id
credentials = _user_to_credentials(request, user)