Merge "Policy Enforcer, pass entire context dict"

This commit is contained in:
Jenkins 2014-07-29 10:10:17 +00:00 committed by Gerrit Code Review
commit 1a2747c5e3
2 changed files with 10 additions and 5 deletions

View File

@ -59,11 +59,7 @@ class Enforcer(object):
:returns: A non-False value if access is allowed.
"""
do_raise = False if not exc else True
credentials = {
'roles': context.roles,
'user': context.username,
'tenant': context.tenant,
}
credentials = context.to_dict()
return self.enforcer.enforce(rule, target, credentials,
do_raise, exc=exc, *args, **kwargs)

View File

@ -188,3 +188,12 @@ class TestPolicyEnforcer(HeatTestCase):
ctx = utils.dummy_context(roles=['admin'])
self.assertTrue(enforcer.check_is_admin(ctx))
def test_enforce_creds(self):
enforcer = policy.Enforcer()
ctx = utils.dummy_context(roles=['admin'])
self.m.StubOutWithMock(base_policy.Enforcer, 'enforce')
base_policy.Enforcer.enforce('context_is_admin', {}, ctx.to_dict(),
False, exc=None).AndReturn(True)
self.m.ReplayAll()
self.assertTrue(enforcer.check_is_admin(ctx))