Browse Source

Add context.elevated() helper for getting admin privileges

This adds an elevated() method to glance.context.RequestContext similar
to what Nova and other projects use. When doing something as admin on
behalf of a user, this results in a whole context, including information
about the user and the request, but with is_admin==True.

Change-Id: I5499946425b1c32476c57241b4b14b601daa841f
(cherry picked from commit c59ed1bce8)
changes/13/748013/2
Dan Smith 2 months ago
parent
commit
5998933acf
2 changed files with 43 additions and 0 deletions
  1. +14
    -0
      glance/context.py
  2. +29
    -0
      glance/tests/unit/test_context.py

+ 14
- 0
glance/context.py View File

@@ -13,6 +13,8 @@
# License for the specific language governing permissions and limitations
# under the License.

import copy

from oslo_context import context

from glance.api import policy
@@ -72,6 +74,18 @@ class RequestContext(context.RequestContext):
"""Admins can see deleted by default"""
return self.show_deleted or self.is_admin

def elevated(self):
"""Return a copy of this context with admin flag set."""

context = copy.copy(self)
context.roles = copy.deepcopy(self.roles)
if 'admin' not in context.roles:
context.roles.append('admin')

context.is_admin = True

return context


def get_admin_context(show_deleted=False):
"""Create an administrator context."""


+ 29
- 0
glance/tests/unit/test_context.py View File

@@ -171,3 +171,32 @@ class TestContext(utils.BaseTestCase):
project_domain_id="project-domain")
self.assertEqual('user tenant domain user-domain project-domain',
ctx.to_dict()["user_identity"])

def test_elevated(self):
"""Make sure we get a whole admin-capable context from elevated()."""
ctx = context.RequestContext(service_catalog=['foo'],
user_id='dan',
project_id='openstack',
roles=['member'])
admin = ctx.elevated()
self.assertEqual('dan', admin.user_id)
self.assertEqual('openstack', admin.project_id)
self.assertEqual(sorted(['member', 'admin']),
sorted(admin.roles))
self.assertEqual(['foo'], admin.service_catalog)
self.assertTrue(admin.is_admin)

def test_elevated_again(self):
"""Make sure a second elevation looks the same."""
ctx = context.RequestContext(service_catalog=['foo'],
user_id='dan',
project_id='openstack',
roles=['member'])
admin = ctx.elevated()
admin = admin.elevated()
self.assertEqual('dan', admin.user_id)
self.assertEqual('openstack', admin.project_id)
self.assertEqual(sorted(['member', 'admin']),
sorted(admin.roles))
self.assertEqual(['foo'], admin.service_catalog)
self.assertTrue(admin.is_admin)

Loading…
Cancel
Save