Use authorize instead of enforce in policy

the policy module was doing a manual check to see if the specific rule was actually part of the rules that the enforcer is using. oslo.policy already has a function that does just this, which is 'authorize'. That will check the registered rules and raise an exception if that's not fulfilled. Change-Id: I9f04f8b8770b15ac24f9f1cd57a58c7e98b24d48
2018-10-11 08:56:44 +03:00 · 2018-10-11 08:56:44 +03:00 · f27064ffb9
commit f27064ffb9
parent fe62f2ec7f
1 changed files with 3 additions and 2 deletions
--- a/neutron_lib/_policy.py
+++ b/neutron_lib/_policy.py
@ -57,9 +57,10 @@ def _check_rule(context, rule):
    init()
    # the target is user-self
    credentials = context.to_policy_values()
-    if rule not in _ROLE_ENFORCER.rules:
+    try:
+        return _ROLE_ENFORCER.authorize(rule, credentials, credentials)
+    except policy.PolicyNotRegistered:
        return False
-    return _ROLE_ENFORCER.enforce(rule, credentials, credentials)


 def check_is_admin(context):