Policy: reuse common code

Reuse common code for the validation of an admin or a service user TrivialFix Change-Id: I0a088cc93ab63ddea64f54b1b6110efc43b0df6f
2016-12-07 01:47:18 -08:00 · 2016-12-07 01:47:18 -08:00 · f19d8a8f2a
commit f19d8a8f2a
parent 380702c79f
1 changed files with 11 additions and 12 deletions
--- a/neutron_lib/policy.py
+++ b/neutron_lib/policy.py
@ -66,6 +66,15 @@ def refresh(policy_file=None):
    init(policy_file=policy_file)


+def _check_rule(context, rule):
+    init()
+    # the target is user-self
+    credentials = context.to_policy_values()
+    if rule not in _ENFORCER.rules:
+        return False
+    return _ENFORCER.enforce(rule, credentials, credentials)
+
+
 def check_is_admin(context):
    """Verify context has admin rights according to the global policy settings.

@ -73,12 +82,7 @@ def check_is_admin(context):
    :returns: True if the context has admin rights (as per the global
    enforcer) and False otherwise.
    """
-    init()
-    # the target is user-self
-    credentials = context.to_policy_values()
-    if _ADMIN_CTX_POLICY not in _ENFORCER.rules:
-        return False
-    return _ENFORCER.enforce(_ADMIN_CTX_POLICY, credentials, credentials)
+    return _check_rule(context, _ADMIN_CTX_POLICY)


 def check_is_advsvc(context):
@ -88,9 +92,4 @@ def check_is_advsvc(context):
    :returns: True if the context has advsvc rights (as per the global
    enforcer) and False otherwise.
    """
-    init()
-    # the target is user-self
-    credentials = context.to_policy_values()
-    if _ADVSVC_CTX_POLICY not in _ENFORCER.rules:
-        return False
-    return _ENFORCER.enforce(_ADVSVC_CTX_POLICY, credentials, credentials)
+    return _check_rule(context, _ADVSVC_CTX_POLICY)