Prevent leaking target info into subsequent policy.check() calls

Due to mutable dictionary being used as the default `target` argument
value the first target calculated from scratch in POLICY_CHECK
function will be used for all subsequent calls to POLICY_CHECK with 2
arguments. The wrong `target` can either lead to a reduced set of
operations on an entity for a given user, or to enlarged one. Due to
independent policy checks at each service's side this doesn't pose a
serious security breach, but can lead to weird UX behaviour.

Change-Id: I744fac28de0fb7060b50c5db689e74631a628c88
Closes-Bug: #1396544
This commit is contained in:
Timur Sufiev 2014-11-26 13:11:27 +03:00
parent fd5e574cc5
commit dab964d781

View File

@ -61,7 +61,7 @@ def reset():
_ENFORCER = None
def check(actions, request, target={}):
def check(actions, request, target=None):
"""Check user permission.
Check if the user has permission to the action according
@ -98,6 +98,8 @@ def check(actions, request, target={}):
{'project_id': object.project_id}
:returns: boolean if the user has permission or not for the actions.
"""
if target is None:
target = {}
user = auth_utils.get_user(request)
# Several service policy engines default to a project id check for