From ae82f1d83ccedb04da53f550dfe45615b19004fa Mon Sep 17 00:00:00 2001 From: David Lyle Date: Mon, 3 Feb 2014 13:09:04 -0700 Subject: [PATCH] Policy check needs to check for None in target For objects that don't have a project_id attached to them, the property can be set to None, which does not get overridden in the policy engine where it being not set currently does. This adds a check for user_id and project_id being None and setting them if they are. Change-Id: I7aeb6d3830a19a7191de9944f8de90ee12dbf127 Closes-bug: #1274053 --- openstack_dashboard/policy.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openstack_dashboard/policy.py b/openstack_dashboard/policy.py index e8c5d67976..18361ad625 100644 --- a/openstack_dashboard/policy.py +++ b/openstack_dashboard/policy.py @@ -108,10 +108,10 @@ def check(actions, request, target={}): # don't want to block all actions because the operator did not fully # understand the implication of editing the policy file. Additionally, # the service APIs will correct us if we are too permissive. - if 'project_id' not in target: + if target.get('project_id') is None: target['project_id'] = user.project_id # same for user_id - if 'user_id' not in target: + if target.get('user_id') is None: target['user_id'] = user.id credentials = _user_to_credentials(request, user)