Merge "Use the context's is_admin property"
This commit is contained in:
commit
91432a1cfb
|
@ -123,7 +123,7 @@ def protected(callback=None):
|
||||||
def wrapper(f):
|
def wrapper(f):
|
||||||
@functools.wraps(f)
|
@functools.wraps(f)
|
||||||
def inner(self, request, *args, **kwargs):
|
def inner(self, request, *args, **kwargs):
|
||||||
if request.context_dict.get('is_admin', False):
|
if request.context.is_admin:
|
||||||
LOG.warning(_LW('RBAC: Bypassing authorization'))
|
LOG.warning(_LW('RBAC: Bypassing authorization'))
|
||||||
elif callback is not None:
|
elif callback is not None:
|
||||||
prep_info = {'f_name': f.__name__,
|
prep_info = {'f_name': f.__name__,
|
||||||
|
@ -205,7 +205,7 @@ def filterprotected(*filters, **callback):
|
||||||
def _filterprotected(f):
|
def _filterprotected(f):
|
||||||
@functools.wraps(f)
|
@functools.wraps(f)
|
||||||
def wrapper(self, request, **kwargs):
|
def wrapper(self, request, **kwargs):
|
||||||
if not request.context_dict['is_admin']:
|
if not request.context.is_admin:
|
||||||
# The target dict for the policy check will include:
|
# The target dict for the policy check will include:
|
||||||
#
|
#
|
||||||
# - Any query filter parameters
|
# - Any query filter parameters
|
||||||
|
|
|
@ -286,7 +286,7 @@ class Application(BaseApplication):
|
||||||
does not have the admin role
|
does not have the admin role
|
||||||
|
|
||||||
"""
|
"""
|
||||||
if not request.context_dict['is_admin']:
|
if not request.context.is_admin:
|
||||||
user_token_ref = utils.get_token_ref(request.context_dict)
|
user_token_ref = utils.get_token_ref(request.context_dict)
|
||||||
|
|
||||||
validate_token_bind(request.context_dict, user_token_ref)
|
validate_token_bind(request.context_dict, user_token_ref)
|
||||||
|
|
|
@ -41,6 +41,7 @@ from sqlalchemy import exc
|
||||||
import testtools
|
import testtools
|
||||||
from testtools import testcase
|
from testtools import testcase
|
||||||
|
|
||||||
|
from keystone.common import context
|
||||||
from keystone.common import dependency
|
from keystone.common import dependency
|
||||||
from keystone.common import request
|
from keystone.common import request
|
||||||
from keystone.common import sql
|
from keystone.common import sql
|
||||||
|
@ -588,15 +589,15 @@ class TestCase(BaseTestCase):
|
||||||
return ksfixtures.Policy(dirs.etc('policy.json'), self.config_fixture)
|
return ksfixtures.Policy(dirs.etc('policy.json'), self.config_fixture)
|
||||||
|
|
||||||
def make_request(self, path='/', **kwargs):
|
def make_request(self, path='/', **kwargs):
|
||||||
context = {}
|
is_admin = kwargs.pop('is_admin', False)
|
||||||
|
environ = kwargs.setdefault('environ', {})
|
||||||
|
|
||||||
try:
|
if not environ.get(context.REQUEST_CONTEXT_ENV):
|
||||||
context['is_admin'] = kwargs.pop('is_admin')
|
environ[context.REQUEST_CONTEXT_ENV] = context.RequestContext(
|
||||||
except KeyError:
|
is_admin=is_admin)
|
||||||
pass
|
|
||||||
|
|
||||||
req = request.Request.blank(path=path, **kwargs)
|
req = request.Request.blank(path=path, **kwargs)
|
||||||
req.context_dict.update(context)
|
req.context_dict['is_admin'] = is_admin
|
||||||
|
|
||||||
return req
|
return req
|
||||||
|
|
||||||
|
|
|
@ -34,8 +34,9 @@ def _trustor_trustee_only(trust, user_id):
|
||||||
raise exception.Forbidden()
|
raise exception.Forbidden()
|
||||||
|
|
||||||
|
|
||||||
def _admin_trustor_only(context, trust, user_id):
|
def _admin_trustor_only(request, trust, user_id):
|
||||||
if user_id != trust.get('trustor_user_id') and not context['is_admin']:
|
if (user_id != trust.get('trustor_user_id') and
|
||||||
|
not request.context.is_admin):
|
||||||
raise exception.Forbidden()
|
raise exception.Forbidden()
|
||||||
|
|
||||||
|
|
||||||
|
@ -246,7 +247,7 @@ class TrustV3(controller.V3Controller):
|
||||||
def delete_trust(self, request, trust_id):
|
def delete_trust(self, request, trust_id):
|
||||||
trust = self.trust_api.get_trust(trust_id)
|
trust = self.trust_api.get_trust(trust_id)
|
||||||
user_id = self._get_user_id(request.context_dict)
|
user_id = self._get_user_id(request.context_dict)
|
||||||
_admin_trustor_only(request.context_dict, trust, user_id)
|
_admin_trustor_only(request, trust, user_id)
|
||||||
initiator = notifications._get_request_audit_info(request.context_dict)
|
initiator = notifications._get_request_audit_info(request.context_dict)
|
||||||
self.trust_api.delete_trust(trust_id, initiator)
|
self.trust_api.delete_trust(trust_id, initiator)
|
||||||
|
|
||||||
|
|
|
@ -76,14 +76,14 @@ class UserController(identity.controllers.User):
|
||||||
|
|
||||||
update_dict = {'password': user['password'], 'id': user_id}
|
update_dict = {'password': user['password'], 'id': user_id}
|
||||||
|
|
||||||
old_admin = request.context_dict.pop('is_admin', False)
|
old_admin = request.context.is_admin
|
||||||
request.context_dict['is_admin'] = True
|
request.context.is_admin = True
|
||||||
|
|
||||||
super(UserController, self).set_user_password(request,
|
super(UserController, self).set_user_password(request,
|
||||||
user_id,
|
user_id,
|
||||||
update_dict)
|
update_dict)
|
||||||
|
|
||||||
request.context_dict['is_admin'] = old_admin
|
request.context.is_admin = old_admin
|
||||||
|
|
||||||
# Issue a new token based upon the original token data. This will
|
# Issue a new token based upon the original token data. This will
|
||||||
# always be a V2.0 token.
|
# always be a V2.0 token.
|
||||||
|
|
Loading…
Reference in New Issue