Merge "Use the context's is_admin property"
This commit is contained in:
commit
91432a1cfb
@ -123,7 +123,7 @@ def protected(callback=None):
|
||||
def wrapper(f):
|
||||
@functools.wraps(f)
|
||||
def inner(self, request, *args, **kwargs):
|
||||
if request.context_dict.get('is_admin', False):
|
||||
if request.context.is_admin:
|
||||
LOG.warning(_LW('RBAC: Bypassing authorization'))
|
||||
elif callback is not None:
|
||||
prep_info = {'f_name': f.__name__,
|
||||
@ -205,7 +205,7 @@ def filterprotected(*filters, **callback):
|
||||
def _filterprotected(f):
|
||||
@functools.wraps(f)
|
||||
def wrapper(self, request, **kwargs):
|
||||
if not request.context_dict['is_admin']:
|
||||
if not request.context.is_admin:
|
||||
# The target dict for the policy check will include:
|
||||
#
|
||||
# - Any query filter parameters
|
||||
|
@ -286,7 +286,7 @@ class Application(BaseApplication):
|
||||
does not have the admin role
|
||||
|
||||
"""
|
||||
if not request.context_dict['is_admin']:
|
||||
if not request.context.is_admin:
|
||||
user_token_ref = utils.get_token_ref(request.context_dict)
|
||||
|
||||
validate_token_bind(request.context_dict, user_token_ref)
|
||||
|
@ -41,6 +41,7 @@ from sqlalchemy import exc
|
||||
import testtools
|
||||
from testtools import testcase
|
||||
|
||||
from keystone.common import context
|
||||
from keystone.common import dependency
|
||||
from keystone.common import request
|
||||
from keystone.common import sql
|
||||
@ -588,15 +589,15 @@ class TestCase(BaseTestCase):
|
||||
return ksfixtures.Policy(dirs.etc('policy.json'), self.config_fixture)
|
||||
|
||||
def make_request(self, path='/', **kwargs):
|
||||
context = {}
|
||||
is_admin = kwargs.pop('is_admin', False)
|
||||
environ = kwargs.setdefault('environ', {})
|
||||
|
||||
try:
|
||||
context['is_admin'] = kwargs.pop('is_admin')
|
||||
except KeyError:
|
||||
pass
|
||||
if not environ.get(context.REQUEST_CONTEXT_ENV):
|
||||
environ[context.REQUEST_CONTEXT_ENV] = context.RequestContext(
|
||||
is_admin=is_admin)
|
||||
|
||||
req = request.Request.blank(path=path, **kwargs)
|
||||
req.context_dict.update(context)
|
||||
req.context_dict['is_admin'] = is_admin
|
||||
|
||||
return req
|
||||
|
||||
|
@ -34,8 +34,9 @@ def _trustor_trustee_only(trust, user_id):
|
||||
raise exception.Forbidden()
|
||||
|
||||
|
||||
def _admin_trustor_only(context, trust, user_id):
|
||||
if user_id != trust.get('trustor_user_id') and not context['is_admin']:
|
||||
def _admin_trustor_only(request, trust, user_id):
|
||||
if (user_id != trust.get('trustor_user_id') and
|
||||
not request.context.is_admin):
|
||||
raise exception.Forbidden()
|
||||
|
||||
|
||||
@ -246,7 +247,7 @@ class TrustV3(controller.V3Controller):
|
||||
def delete_trust(self, request, trust_id):
|
||||
trust = self.trust_api.get_trust(trust_id)
|
||||
user_id = self._get_user_id(request.context_dict)
|
||||
_admin_trustor_only(request.context_dict, trust, user_id)
|
||||
_admin_trustor_only(request, trust, user_id)
|
||||
initiator = notifications._get_request_audit_info(request.context_dict)
|
||||
self.trust_api.delete_trust(trust_id, initiator)
|
||||
|
||||
|
@ -76,14 +76,14 @@ class UserController(identity.controllers.User):
|
||||
|
||||
update_dict = {'password': user['password'], 'id': user_id}
|
||||
|
||||
old_admin = request.context_dict.pop('is_admin', False)
|
||||
request.context_dict['is_admin'] = True
|
||||
old_admin = request.context.is_admin
|
||||
request.context.is_admin = True
|
||||
|
||||
super(UserController, self).set_user_password(request,
|
||||
user_id,
|
||||
update_dict)
|
||||
|
||||
request.context_dict['is_admin'] = old_admin
|
||||
request.context.is_admin = old_admin
|
||||
|
||||
# Issue a new token based upon the original token data. This will
|
||||
# always be a V2.0 token.
|
||||
|
Loading…
Reference in New Issue
Block a user