Use authorize instead of enforce in policy
the policy module was doing a manual check to see if the specific rule was actually part of the rules that the enforcer is using. oslo.policy already has a function that does just this, which is 'authorize'. That will check the registered rules and raise an exception if that's not fulfilled. Change-Id: I9f04f8b8770b15ac24f9f1cd57a58c7e98b24d48
This commit is contained in:
parent
fe62f2ec7f
commit
f27064ffb9
@ -57,9 +57,10 @@ def _check_rule(context, rule):
|
|||||||
init()
|
init()
|
||||||
# the target is user-self
|
# the target is user-self
|
||||||
credentials = context.to_policy_values()
|
credentials = context.to_policy_values()
|
||||||
if rule not in _ROLE_ENFORCER.rules:
|
try:
|
||||||
|
return _ROLE_ENFORCER.authorize(rule, credentials, credentials)
|
||||||
|
except policy.PolicyNotRegistered:
|
||||||
return False
|
return False
|
||||||
return _ROLE_ENFORCER.enforce(rule, credentials, credentials)
|
|
||||||
|
|
||||||
|
|
||||||
def check_is_admin(context):
|
def check_is_admin(context):
|
||||||
|
Loading…
Reference in New Issue
Block a user