Reduce plugin accesses from policy engine

Bug 1179745 This patch introduces a new type of check whose aim is to fetch the parent resource's owner only when a rule that explicitly needs it needs to be checked. Change-Id: I1ff429eb3f92b35bcb9b4c4e01b65f8c0a595f48
2013-05-16 11:01:49 +02:00 · 2013-05-16 11:01:49 +02:00 · c26a6a8f00
parent 5cb19343d4
commit c26a6a8f00
1 changed files with 1 additions and 1 deletions
--- a/etc/policy.json
+++ b/etc/policy.json
@ -1,7 +1,7 @@
 {
    "context_is_admin":  "role:admin",
    "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s",
-    "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network_tenant_id)s",
+    "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s",
    "admin_only": "rule:context_is_admin",
    "regular_user": "",
    "shared": "field:networks:shared=True",