From 304b09e73c0bd3711503f7fc5f03d2604f3df7a0 Mon Sep 17 00:00:00 2001
From: ericpeterson-l <ericpeterson@hp.com>
Date: Wed, 14 Aug 2013 11:12:58 -0600
Subject: [PATCH] Adding check for service roles to match users region
 selection

Change-Id: Ic84ba02f3245800156011b015c757333678eaa40
Fixes: bug #1212358
---
 openstack_auth/backend.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/openstack_auth/backend.py b/openstack_auth/backend.py
index da41cdb..1245152 100644
--- a/openstack_auth/backend.py
+++ b/openstack_auth/backend.py
@@ -192,7 +192,10 @@ class KeystoneBackend(object):
         role_perms = set(["openstack.roles.%s" % role['name'].lower()
                           for role in user.roles])
         service_perms = set(["openstack.services.%s" % service['type'].lower()
-                             for service in user.service_catalog])
+                             for service in user.service_catalog
+                             if user.services_region in
+                             [endpoint.get('region', None) for endpoint
+                              in service.get('endpoints', [])]])
         return role_perms | service_perms
 
     def has_perm(self, user, perm, obj=None):