Fixes role checking for admin check
Change-Id: I6afe52033996b56aa38033017e0ce2f37c471592
This commit is contained in:
parent
d049c19227
commit
79faa28f03
|
@ -207,6 +207,9 @@ class Application(BaseApplication):
|
|||
creds = user_token_ref['metadata'].copy()
|
||||
creds['user_id'] = user_token_ref['user'].get('id')
|
||||
creds['tenant_id'] = user_token_ref['tenant'].get('id')
|
||||
# NOTE(vish): this is pretty inefficient
|
||||
creds['roles'] = [self.identity_api.get_role(context, role)['name']
|
||||
for role in creds.get('roles', [])]
|
||||
# Accept either is_admin or the admin role
|
||||
assert self.policy_api.can_haz(context,
|
||||
('is_admin:1', 'roles:admin'),
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
import json
|
||||
import webob
|
||||
|
||||
import webob.exc
|
||||
|
||||
from keystone import config
|
||||
from keystone.common import wsgi
|
||||
|
@ -109,40 +110,3 @@ class JsonBodyMiddleware(wsgi.Middleware):
|
|||
params[k] = v
|
||||
|
||||
request.environ[PARAMS_ENV] = params
|
||||
|
||||
|
||||
class Debug(wsgi.Middleware):
|
||||
"""
|
||||
Middleware that produces stream debugging traces to the console (stdout)
|
||||
for HTTP requests and responses flowing through it.
|
||||
"""
|
||||
|
||||
@webob.dec.wsgify
|
||||
def __call__(self, req):
|
||||
print ('*' * 40) + ' REQUEST ENVIRON'
|
||||
for key, value in req.environ.items():
|
||||
print key, '=', value
|
||||
print
|
||||
resp = req.get_response(self.application)
|
||||
|
||||
print ('*' * 40) + ' RESPONSE HEADERS'
|
||||
for (key, value) in resp.headers.iteritems():
|
||||
print key, '=', value
|
||||
print
|
||||
|
||||
resp.app_iter = self.print_generator(resp.app_iter)
|
||||
|
||||
return resp
|
||||
|
||||
@staticmethod
|
||||
def print_generator(app_iter):
|
||||
"""
|
||||
Iterator that prints the contents of a wrapper string iterator
|
||||
when iterated.
|
||||
"""
|
||||
print ('*' * 40) + ' BODY'
|
||||
for part in app_iter:
|
||||
sys.stdout.write(part)
|
||||
sys.stdout.flush()
|
||||
yield part
|
||||
print
|
||||
|
|
|
@ -17,5 +17,7 @@ class SimpleMatch(object):
|
|||
for requirement in target:
|
||||
key, match = requirement.split(':', 1)
|
||||
check = credentials.get(key)
|
||||
if check == match:
|
||||
if check is None or isinstance(check, basestring):
|
||||
check = [check]
|
||||
if match in check:
|
||||
return True
|
||||
|
|
Loading…
Reference in New Issue