Merge "Move user policies to DocumentedRuleDefault"
This commit is contained in:
commit
b2cc115a48
|
@ -15,30 +15,60 @@ from oslo_policy import policy
|
|||
from keystone.common.policies import base
|
||||
|
||||
user_policies = [
|
||||
policy.RuleDefault(
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'get_user',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||
description='Show user details.',
|
||||
operations=[{'path': '/v3/users/{user_id}',
|
||||
'method': 'GET'},
|
||||
{'path': '/v3/users/{user_id}',
|
||||
'method': 'HEAD'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_users',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='List users.',
|
||||
operations=[{'path': '/v3/users',
|
||||
'method': 'GET'},
|
||||
{'path': '/v3/users',
|
||||
'method': 'HEAD'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_projects_for_user',
|
||||
check_str=''),
|
||||
policy.RuleDefault(
|
||||
check_str='',
|
||||
description=('List all projects a user has access to via role '
|
||||
'assignments.'),
|
||||
operations=[{'path': ' /v3/auth/projects',
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'list_domains_for_user',
|
||||
check_str=''),
|
||||
policy.RuleDefault(
|
||||
check_str='',
|
||||
description=('List all domains a user has access to via role '
|
||||
'assignments.'),
|
||||
operations=[{'path': '/v3/auth/domains',
|
||||
'method': 'GET'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'create_user',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Create a user.',
|
||||
operations=[{'path': '/v3/users',
|
||||
'method': 'POST'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'update_user',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Update a user, including administrative password resets.',
|
||||
operations=[{'path': '/v3/users/{user_id}',
|
||||
'method': 'PATCH'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'delete_user',
|
||||
check_str=base.RULE_ADMIN_REQUIRED),
|
||||
policy.RuleDefault(
|
||||
check_str=base.RULE_ADMIN_REQUIRED,
|
||||
description='Delete a user.',
|
||||
operations=[{'path': '/v3/users/{user_id}',
|
||||
'method': 'DELETE'}]),
|
||||
policy.DocumentedRuleDefault(
|
||||
name=base.IDENTITY % 'change_password',
|
||||
check_str=base.RULE_ADMIN_OR_OWNER),
|
||||
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||
description='Self-service password change.',
|
||||
operations=[{'path': '/v3/users/{user_id}/password',
|
||||
'method': 'POST'}])
|
||||
]
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue