Clean up API policy decorators
The decorators for unregistered policies were needed only during the migration to policy in code. Remove the unused ones and simplify those remaining. Change-Id: Ic53fcc62db46863c6a2b00cbc7e32250a7d6e16f
This commit is contained in:
parent
6f8837d84e
commit
04c2a13d02
|
@ -18,17 +18,6 @@ from heat.common.i18n import _
|
|||
from heat.common import identifier
|
||||
|
||||
|
||||
def policy_enforce(handler):
|
||||
"""Decorator that enforces policies.
|
||||
|
||||
Checks the path matches the request context and enforce policy defined in
|
||||
policy.json or in policies.
|
||||
|
||||
This is a handler method decorator.
|
||||
"""
|
||||
return _policy_enforce(handler)
|
||||
|
||||
|
||||
def registered_policy_enforce(handler):
|
||||
"""Decorator that enforces policies.
|
||||
|
||||
|
@ -37,10 +26,6 @@ def registered_policy_enforce(handler):
|
|||
|
||||
This is a handler method decorator.
|
||||
"""
|
||||
return _policy_enforce(handler, is_registered_policy=True)
|
||||
|
||||
|
||||
def _policy_enforce(handler, is_registered_policy=False):
|
||||
@six.wraps(handler)
|
||||
def handle_stack_method(controller, req, tenant_id, **kwargs):
|
||||
if req.context.tenant_id != tenant_id and not req.context.is_admin:
|
||||
|
@ -49,7 +34,7 @@ def _policy_enforce(handler, is_registered_policy=False):
|
|||
context=req.context,
|
||||
action=handler.__name__,
|
||||
scope=controller.REQUEST_SCOPE,
|
||||
is_registered_policy=is_registered_policy)
|
||||
is_registered_policy=True)
|
||||
if not allowed:
|
||||
raise exc.HTTPForbidden()
|
||||
return handler(controller, req, **kwargs)
|
||||
|
@ -57,26 +42,16 @@ def _policy_enforce(handler, is_registered_policy=False):
|
|||
return handle_stack_method
|
||||
|
||||
|
||||
def identified_stack(handler):
|
||||
"""Decorator that passes a stack identifier instead of path components.
|
||||
|
||||
This is a handler method decorator.
|
||||
"""
|
||||
|
||||
return _identified_stack(handler)
|
||||
|
||||
|
||||
def registered_identified_stack(handler):
|
||||
"""Decorator that passes a stack identifier instead of path components.
|
||||
|
||||
This is a handler method decorator.
|
||||
This is a handler method decorator. Policy is enforced using a registered
|
||||
policy name.
|
||||
"""
|
||||
|
||||
return _identified_stack(handler, is_registered_policy=True)
|
||||
return registered_policy_enforce(_identified_stack(handler))
|
||||
|
||||
|
||||
def _identified_stack(handler, is_registered_policy=False):
|
||||
|
||||
def _identified_stack(handler):
|
||||
@six.wraps(handler)
|
||||
def handle_stack_method(controller, req, stack_name, stack_id, **kwargs):
|
||||
stack_identity = identifier.HeatIdentifier(req.context.tenant_id,
|
||||
|
@ -84,8 +59,7 @@ def _identified_stack(handler, is_registered_policy=False):
|
|||
stack_id)
|
||||
return handler(controller, req, dict(stack_identity), **kwargs)
|
||||
|
||||
return _policy_enforce(handle_stack_method,
|
||||
is_registered_policy=is_registered_policy)
|
||||
return handle_stack_method
|
||||
|
||||
|
||||
def make_url(req, identity):
|
||||
|
|
|
@ -93,7 +93,7 @@ class TestPolicyEnforce(common.HeatTestCase):
|
|||
class DummyController(object):
|
||||
REQUEST_SCOPE = 'test'
|
||||
|
||||
@util.policy_enforce
|
||||
@util.registered_policy_enforce
|
||||
def an_action(self, req):
|
||||
return 'woot'
|
||||
|
||||
|
|
Loading…
Reference in New Issue