From c26a6a8f00ebb1f332ef6ac7bf87e607077eae1f Mon Sep 17 00:00:00 2001 From: Salvatore Orlando Date: Thu, 16 May 2013 11:01:49 +0200 Subject: [PATCH] Reduce plugin accesses from policy engine Bug 1179745 This patch introduces a new type of check whose aim is to fetch the parent resource's owner only when a rule that explicitly needs it needs to be checked. Change-Id: I1ff429eb3f92b35bcb9b4c4e01b65f8c0a595f48 --- etc/policy.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/policy.json b/etc/policy.json index d62a724f..da10aff9 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -1,7 +1,7 @@ { "context_is_admin": "role:admin", "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s", - "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network_tenant_id)s", + "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s", "admin_only": "rule:context_is_admin", "regular_user": "", "shared": "field:networks:shared=True",