Add a "force" option to context sudo.

Change-Id: I6da29e005616b51cb4e2b1ae388f648808610c70
2013-04-11 15:27:27 +01:00 · 2013-04-11 15:27:27 +01:00 · ca1c17e0bb
commit ca1c17e0bb
parent 9f5ba038f6
1 changed files with 9 additions and 6 deletions
--- a/moniker/context.py
+++ b/moniker/context.py
@ -37,12 +37,15 @@ class MonikerContext(context.RequestContext):
        self._original_tenant_id = None
        self.roles = roles

-    def sudo(self, tenant_id):
-        # We use exc=None here since the context is built early in the request
-        # lifecycle, outside of our ordinary error handling.
+    def sudo(self, tenant_id, force=False):
+        if force:
+            allowed_sudo = True
+        else:
+            # We use exc=None here since the context is built early in the
+            # request lifecycle, outside of our ordinary error handling.
            # For now, we silently ignore failed sudo requests.
-        allowed_sudo = policy.check('use_sudo', self, {'tenant_id': tenant_id},
-                                    exc=None)
+            target = {'tenant_id': tenant_id}
+            allowed_sudo = policy.check('use_sudo', self, target, exc=None)

        if allowed_sudo:
            LOG.warn('Accepted sudo from user_id %s for tenant_id %s'