Fixes role checking for admin check

Change-Id: I6afe52033996b56aa38033017e0ce2f37c471592
2012-02-08 23:37:31 +00:00 · 2012-02-08 23:37:31 +00:00 · 79faa28f03
parent d049c19227
commit 79faa28f03
3 changed files with 8 additions and 39 deletions
--- a/keystone/common/wsgi.py
+++ b/keystone/common/wsgi.py
@ -207,6 +207,9 @@ class Application(BaseApplication):
            creds = user_token_ref['metadata'].copy()
            creds['user_id'] = user_token_ref['user'].get('id')
            creds['tenant_id'] = user_token_ref['tenant'].get('id')
+            # NOTE(vish): this is pretty inefficient
+            creds['roles'] = [self.identity_api.get_role(context, role)['name']
+                              for role in creds.get('roles', [])]
            # Accept either is_admin or the admin role
            assert self.policy_api.can_haz(context,
                                           ('is_admin:1', 'roles:admin'),
--- a/keystone/middleware/core.py
+++ b/keystone/middleware/core.py
@ -1,7 +1,8 @@
 # vim: tabstop=4 shiftwidth=4 softtabstop=4

 import json
-import webob
+
+import webob.exc

 from keystone import config
 from keystone.common import wsgi
@ -109,40 +110,3 @@ class JsonBodyMiddleware(wsgi.Middleware):
            params[k] = v

        request.environ[PARAMS_ENV] = params
-
-
-class Debug(wsgi.Middleware):
-    """
-    Middleware that produces stream debugging traces to the console (stdout)
-    for HTTP requests and responses flowing through it.
-    """
-
-    @webob.dec.wsgify
-    def __call__(self, req):
-        print ('*' * 40) + ' REQUEST ENVIRON'
-        for key, value in req.environ.items():
-            print key, '=', value
-        print
-        resp = req.get_response(self.application)
-
-        print ('*' * 40) + ' RESPONSE HEADERS'
-        for (key, value) in resp.headers.iteritems():
-            print key, '=', value
-        print
-
-        resp.app_iter = self.print_generator(resp.app_iter)
-
-        return resp
-
-    @staticmethod
-    def print_generator(app_iter):
-        """
-        Iterator that prints the contents of a wrapper string iterator
-        when iterated.
-        """
-        print ('*' * 40) + ' BODY'
-        for part in app_iter:
-            sys.stdout.write(part)
-            sys.stdout.flush()
-            yield part
-        print
--- a/keystone/policy/backends/simple.py
+++ b/keystone/policy/backends/simple.py
@ -17,5 +17,7 @@ class SimpleMatch(object):
        for requirement in target:
            key, match = requirement.split(':', 1)
            check = credentials.get(key)
-            if check == match:
+            if check is None or isinstance(check, basestring):
+                check = [check]
+            if match in check:
                return True