Remove get_auth_context
The controller get_auth_context method simply fetches a dict from the environment. We can simply put this method on the request now. Change-Id: Icba3a0286e5af440108c27f41f54de64c922f29a
This commit is contained in:
parent
46b76a3d8e
commit
3a19aa518d
|
@ -602,9 +602,9 @@ class Auth(controller.V3Controller):
|
|||
|
||||
@controller.protected()
|
||||
def get_auth_projects(self, request):
|
||||
auth_context = self.get_auth_context(request.context_dict)
|
||||
user_id = request.auth_context.get('user_id')
|
||||
group_ids = request.auth_context.get('group_ids')
|
||||
|
||||
user_id = auth_context.get('user_id')
|
||||
user_refs = []
|
||||
if user_id:
|
||||
try:
|
||||
|
@ -613,7 +613,6 @@ class Auth(controller.V3Controller):
|
|||
# federated users have an id but they don't link to anything
|
||||
pass
|
||||
|
||||
group_ids = auth_context.get('group_ids')
|
||||
grp_refs = []
|
||||
if group_ids:
|
||||
grp_refs = self.assignment_api.list_projects_for_groups(group_ids)
|
||||
|
@ -624,9 +623,9 @@ class Auth(controller.V3Controller):
|
|||
|
||||
@controller.protected()
|
||||
def get_auth_domains(self, request):
|
||||
auth_context = self.get_auth_context(request.context_dict)
|
||||
user_id = request.auth_context.get('user_id')
|
||||
group_ids = request.auth_context.get('group_ids')
|
||||
|
||||
user_id = auth_context.get('user_id')
|
||||
user_refs = []
|
||||
if user_id:
|
||||
try:
|
||||
|
@ -635,7 +634,6 @@ class Auth(controller.V3Controller):
|
|||
# federated users have an id but they don't link to anything
|
||||
pass
|
||||
|
||||
group_ids = auth_context.get('group_ids')
|
||||
grp_refs = []
|
||||
if group_ids:
|
||||
grp_refs = self.assignment_api.list_domains_for_groups(group_ids)
|
||||
|
@ -646,9 +644,8 @@ class Auth(controller.V3Controller):
|
|||
|
||||
@controller.protected()
|
||||
def get_auth_catalog(self, request):
|
||||
auth_context = self.get_auth_context(request.context_dict)
|
||||
user_id = auth_context.get('user_id')
|
||||
project_id = auth_context.get('project_id')
|
||||
user_id = request.auth_context.get('user_id')
|
||||
project_id = request.auth_context.get('project_id')
|
||||
|
||||
if not project_id:
|
||||
raise exception.Forbidden(
|
||||
|
|
|
@ -450,12 +450,6 @@ class V3Controller(wsgi.Application):
|
|||
|
||||
return '%s/%s/%s' % (endpoint, 'v3', path.lstrip('/'))
|
||||
|
||||
def get_auth_context(self, context):
|
||||
# TODO(dolphm): this method of accessing the auth context is terrible,
|
||||
# but context needs to be refactored to always have reasonable values.
|
||||
env_context = context.get('environment', {})
|
||||
return env_context.get(authorization.AUTH_CONTEXT_ENV, {})
|
||||
|
||||
@classmethod
|
||||
def full_url(cls, context, path=None):
|
||||
url = cls.base_url(context, path)
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
import webob
|
||||
from webob.descriptors import environ_getter
|
||||
|
||||
from keystone.common import authorization
|
||||
import keystone.conf
|
||||
from keystone import exception
|
||||
from keystone.i18n import _
|
||||
|
@ -66,5 +67,9 @@ class Request(webob.Request):
|
|||
|
||||
return self._context_dict
|
||||
|
||||
@property
|
||||
def auth_context(self):
|
||||
return self.environ.get(authorization.AUTH_CONTEXT_ENV, {})
|
||||
|
||||
auth_type = environ_getter('AUTH_TYPE', None)
|
||||
remote_domain = environ_getter('REMOTE_DOMAIN', None)
|
||||
|
|
|
@ -19,7 +19,6 @@ from six.moves import urllib
|
|||
import webob
|
||||
|
||||
from keystone.auth import controllers as auth_controllers
|
||||
from keystone.common import authorization
|
||||
from keystone.common import controller
|
||||
from keystone.common import dependency
|
||||
from keystone.common import utils as k_utils
|
||||
|
@ -437,11 +436,10 @@ class DomainV3(controller.V3Controller):
|
|||
:returns: list of accessible domains
|
||||
|
||||
"""
|
||||
auth_context = request.environ[authorization.AUTH_CONTEXT_ENV]
|
||||
domains = self.assignment_api.list_domains_for_groups(
|
||||
auth_context['group_ids'])
|
||||
request.auth_context['group_ids'])
|
||||
domains = domains + self.assignment_api.list_domains_for_user(
|
||||
auth_context['user_id'])
|
||||
request.auth_context['user_id'])
|
||||
# remove duplicates
|
||||
domains = [dict(t) for t in set([tuple(d.items()) for d in domains])]
|
||||
return DomainV3.wrap_collection(request.context_dict, domains)
|
||||
|
@ -464,11 +462,10 @@ class ProjectAssignmentV3(controller.V3Controller):
|
|||
:returns: list of accessible projects
|
||||
|
||||
"""
|
||||
auth_context = request.environ[authorization.AUTH_CONTEXT_ENV]
|
||||
projects = self.assignment_api.list_projects_for_groups(
|
||||
auth_context['group_ids'])
|
||||
request.auth_context['group_ids'])
|
||||
projects = projects + self.assignment_api.list_projects_for_user(
|
||||
auth_context['user_id'])
|
||||
request.auth_context['user_id'])
|
||||
# remove duplicates
|
||||
projects = [dict(t) for t in set([tuple(d.items()) for d in projects])]
|
||||
return ProjectAssignmentV3.wrap_collection(request.context_dict,
|
||||
|
|
|
@ -121,9 +121,7 @@ class AccessTokenCrudV3(controller.V3Controller):
|
|||
|
||||
@controller.protected()
|
||||
def list_access_tokens(self, request, user_id):
|
||||
env = request.context_dict.get('environment', {})
|
||||
auth_context = env.get('KEYSTONE_AUTH_CONTEXT', {})
|
||||
if auth_context.get('is_delegated_auth'):
|
||||
if request.auth_context.get('is_delegated_auth'):
|
||||
raise exception.Forbidden(
|
||||
_('Cannot list request tokens'
|
||||
' with a token issued via delegation.'))
|
||||
|
@ -356,9 +354,7 @@ class OAuthControllerV3(controller.V3Controller):
|
|||
there is not another easy way to make sure the user knows which roles
|
||||
are being requested before authorizing.
|
||||
"""
|
||||
env = request.context_dict.get('environment', {})
|
||||
auth_context = env.get('KEYSTONE_AUTH_CONTEXT', {})
|
||||
if auth_context.get('is_delegated_auth'):
|
||||
if request.auth_context.get('is_delegated_auth'):
|
||||
raise exception.Forbidden(
|
||||
_('Cannot authorize a request token'
|
||||
' with a token issued via delegation.'))
|
||||
|
|
|
@ -295,7 +295,7 @@ class ProjectV3(controller.V3Controller):
|
|||
'params at the same time.')
|
||||
raise exception.ValidationError(msg)
|
||||
|
||||
user_id = self.get_auth_context(context).get('user_id')
|
||||
user_id = request.auth_context.get('user_id')
|
||||
|
||||
if parents_as_list:
|
||||
parents = self.resource_api.list_project_parents(
|
||||
|
|
|
@ -119,13 +119,10 @@ class TrustV3(controller.V3Controller):
|
|||
The user creating the trust must be the trustor.
|
||||
|
||||
"""
|
||||
env = request.context_dict.get('environment', {})
|
||||
auth_context = env.get('KEYSTONE_AUTH_CONTEXT', {})
|
||||
|
||||
# Check if delegated via trust
|
||||
if auth_context.get('is_delegated_auth'):
|
||||
if request.auth_context.get('is_delegated_auth'):
|
||||
# Redelegation case
|
||||
src_trust_id = auth_context['trust_id']
|
||||
src_trust_id = request.auth_context['trust_id']
|
||||
if not src_trust_id:
|
||||
raise exception.Forbidden(
|
||||
_('Redelegation allowed for delegated by trust only'))
|
||||
|
|
Loading…
Reference in New Issue