openstack
/
nova
Code Issues Proposed changes

Remove final use of _ENFORCER.enforce 

_ENFORCER.enforce checks policy but does not require that the policy has
been registered beforehand. _ENFORCER.authorize does require that the
policy is registered. By not using enforce we can be sure that all used
policies are registered and will therefore show up in sample file
generation.

Change-Id: I9e986e2c42e8341b910cf8c3a10042fa24c8c8d8
Partially-Implements: bp policy-in-code
This commit is contained in:
Andrew Laski 2016-07-01 14:10:22 -04:00
parent f8f83b4751
commit 7ee75f638a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nova/policy.py
View File

@ -129,7 +129,7 @@ def check_is_admin(context):
# the target is user-self
credentials = context.to_dict()
target = credentials
return _ENFORCER.enforce('context_is_admin', target, credentials)
return _ENFORCER.authorize('context_is_admin', target, credentials)
@policy.register('is_admin')