Merge "Clean up API policy decorators"
This commit is contained in:
Zuul
Gerrit Code Review
commit
1b9046631f
|
|
@ -19,17 +19,6 @@ from heat.common.i18n import _
|
|||
from heat.common import identifier
|
||||
|
||||
|
||||
def policy_enforce(handler):
|
||||
"""Decorator that enforces policies.
|
||||
|
||||
Checks the path matches the request context and enforce policy defined in
|
||||
policy.json or in policies.
|
||||
|
||||
This is a handler method decorator.
|
||||
"""
|
||||
return _policy_enforce(handler)
|
||||
|
||||
|
||||
def registered_policy_enforce(handler):
|
||||
"""Decorator that enforces policies.
|
||||
|
||||
|
|
@ -38,10 +27,6 @@ def registered_policy_enforce(handler):
|
|||
|
||||
This is a handler method decorator.
|
||||
"""
|
||||
return _policy_enforce(handler, is_registered_policy=True)
|
||||
|
||||
|
||||
def _policy_enforce(handler, is_registered_policy=False):
|
||||
@functools.wraps(handler)
|
||||
def handle_stack_method(controller, req, tenant_id, **kwargs):
|
||||
if req.context.tenant_id != tenant_id and not req.context.is_admin:
|
||||
|
|
@ -50,7 +35,7 @@ def _policy_enforce(handler, is_registered_policy=False):
|
|||
context=req.context,
|
||||
action=handler.__name__,
|
||||
scope=controller.REQUEST_SCOPE,
|
||||
is_registered_policy=is_registered_policy)
|
||||
is_registered_policy=True)
|
||||
if not allowed:
|
||||
raise exc.HTTPForbidden()
|
||||
return handler(controller, req, **kwargs)
|
||||
|
|
@ -58,26 +43,16 @@ def _policy_enforce(handler, is_registered_policy=False):
|
|||
return handle_stack_method
|
||||
|
||||
|
||||
def identified_stack(handler):
|
||||
"""Decorator that passes a stack identifier instead of path components.
|
||||
|
||||
This is a handler method decorator.
|
||||
"""
|
||||
|
||||
return _identified_stack(handler)
|
||||
|
||||
|
||||
def registered_identified_stack(handler):
|
||||
"""Decorator that passes a stack identifier instead of path components.
|
||||
|
||||
This is a handler method decorator.
|
||||
This is a handler method decorator. Policy is enforced using a registered
|
||||
policy name.
|
||||
"""
|
||||
|
||||
return _identified_stack(handler, is_registered_policy=True)
|
||||
return registered_policy_enforce(_identified_stack(handler))
|
||||
|
||||
|
||||
def _identified_stack(handler, is_registered_policy=False):
|
||||
|
||||
def _identified_stack(handler):
|
||||
@functools.wraps(handler)
|
||||
def handle_stack_method(controller, req, stack_name, stack_id, **kwargs):
|
||||
stack_identity = identifier.HeatIdentifier(req.context.tenant_id,
|
||||
|
|
@ -85,8 +60,7 @@ def _identified_stack(handler, is_registered_policy=False):
|
|||
stack_id)
|
||||
return handler(controller, req, dict(stack_identity), **kwargs)
|
||||
|
||||
return _policy_enforce(handle_stack_method,
|
||||
is_registered_policy=is_registered_policy)
|
||||
return handle_stack_method
|
||||
|
||||
|
||||
def make_url(req, identity):
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ class TestPolicyEnforce(common.HeatTestCase):
|
|||
class DummyController(object):
|
||||
REQUEST_SCOPE = 'test'
|
||||
|
||||
@util.policy_enforce
|
||||
@util.registered_policy_enforce
|
||||
def an_action(self, req):
|
||||
return 'woot'
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue