Use authorize instead of enforce in policy

the policy module was doing a manual check to see if the specific rule
was actually part of the rules that the enforcer is using. oslo.policy
already has a function that does just this, which is 'authorize'. That
will check the registered rules and raise an exception if that's not
fulfilled.

Change-Id: I9f04f8b8770b15ac24f9f1cd57a58c7e98b24d48
This commit is contained in:
Juan Antonio Osorio Robles 2018-10-11 08:56:44 +03:00
parent fe62f2ec7f
commit f27064ffb9

View File

@ -57,9 +57,10 @@ def _check_rule(context, rule):
init() init()
# the target is user-self # the target is user-self
credentials = context.to_policy_values() credentials = context.to_policy_values()
if rule not in _ROLE_ENFORCER.rules: try:
return _ROLE_ENFORCER.authorize(rule, credentials, credentials)
except policy.PolicyNotRegistered:
return False return False
return _ROLE_ENFORCER.enforce(rule, credentials, credentials)
def check_is_admin(context): def check_is_admin(context):