Merge "Use the context's is_admin property"

changes/35/318435/69
Jenkins 6 years ago committed by Gerrit Code Review
commit 91432a1cfb
  1. 4
      keystone/common/controller.py
  2. 2
      keystone/common/wsgi.py
  3. 13
      keystone/tests/unit/core.py
  4. 7
      keystone/trust/controllers.py
  5. 6
      keystone/v2_crud/user_crud.py

@ -123,7 +123,7 @@ def protected(callback=None):
def wrapper(f):
@functools.wraps(f)
def inner(self, request, *args, **kwargs):
if request.context_dict.get('is_admin', False):
if request.context.is_admin:
LOG.warning(_LW('RBAC: Bypassing authorization'))
elif callback is not None:
prep_info = {'f_name': f.__name__,
@ -205,7 +205,7 @@ def filterprotected(*filters, **callback):
def _filterprotected(f):
@functools.wraps(f)
def wrapper(self, request, **kwargs):
if not request.context_dict['is_admin']:
if not request.context.is_admin:
# The target dict for the policy check will include:
#
# - Any query filter parameters

@ -286,7 +286,7 @@ class Application(BaseApplication):
does not have the admin role
"""
if not request.context_dict['is_admin']:
if not request.context.is_admin:
user_token_ref = utils.get_token_ref(request.context_dict)
validate_token_bind(request.context_dict, user_token_ref)

@ -41,6 +41,7 @@ from sqlalchemy import exc
import testtools
from testtools import testcase
from keystone.common import context
from keystone.common import dependency
from keystone.common import request
from keystone.common import sql
@ -588,15 +589,15 @@ class TestCase(BaseTestCase):
return ksfixtures.Policy(dirs.etc('policy.json'), self.config_fixture)
def make_request(self, path='/', **kwargs):
context = {}
is_admin = kwargs.pop('is_admin', False)
environ = kwargs.setdefault('environ', {})
try:
context['is_admin'] = kwargs.pop('is_admin')
except KeyError:
pass
if not environ.get(context.REQUEST_CONTEXT_ENV):
environ[context.REQUEST_CONTEXT_ENV] = context.RequestContext(
is_admin=is_admin)
req = request.Request.blank(path=path, **kwargs)
req.context_dict.update(context)
req.context_dict['is_admin'] = is_admin
return req

@ -34,8 +34,9 @@ def _trustor_trustee_only(trust, user_id):
raise exception.Forbidden()
def _admin_trustor_only(context, trust, user_id):
if user_id != trust.get('trustor_user_id') and not context['is_admin']:
def _admin_trustor_only(request, trust, user_id):
if (user_id != trust.get('trustor_user_id') and
not request.context.is_admin):
raise exception.Forbidden()
@ -246,7 +247,7 @@ class TrustV3(controller.V3Controller):
def delete_trust(self, request, trust_id):
trust = self.trust_api.get_trust(trust_id)
user_id = self._get_user_id(request.context_dict)
_admin_trustor_only(request.context_dict, trust, user_id)
_admin_trustor_only(request, trust, user_id)
initiator = notifications._get_request_audit_info(request.context_dict)
self.trust_api.delete_trust(trust_id, initiator)

@ -76,14 +76,14 @@ class UserController(identity.controllers.User):
update_dict = {'password': user['password'], 'id': user_id}
old_admin = request.context_dict.pop('is_admin', False)
request.context_dict['is_admin'] = True
old_admin = request.context.is_admin
request.context.is_admin = True
super(UserController, self).set_user_password(request,
user_id,
update_dict)
request.context_dict['is_admin'] = old_admin
request.context.is_admin = old_admin
# Issue a new token based upon the original token data. This will
# always be a V2.0 token.

Loading…
Cancel
Save