Pass the actual target in os-flavor-manage policy
Currently if target is not passed in context.can(), it use defauls target which is context.user_id, context.project_id. These defaults target are not useful as it pass the context's user_id and project_id only which means we tell oslo policy to verify the context data with context data. This commit pass the actual target for os-flavor-manage policies which is empty dict because policy rule is system scoped rather than project, so the token scope check deals with the required target checking. Partial implement blueprint policy-defaults-refresh Change-Id: I5ce8ca083a857ca3c236f53085605185b4cb86e4
This commit is contained in:
parent
35979b3ce0
commit
e4dbf1564a
|
@ -36,7 +36,7 @@ class FlavorManageController(wsgi.Controller):
|
|||
@wsgi.action("delete")
|
||||
def _delete(self, req, id):
|
||||
context = req.environ['nova.context']
|
||||
context.can(fm_policies.POLICY_ROOT % 'delete')
|
||||
context.can(fm_policies.POLICY_ROOT % 'delete', target={})
|
||||
|
||||
flavor = objects.Flavor(context=context, flavorid=id)
|
||||
try:
|
||||
|
@ -54,7 +54,7 @@ class FlavorManageController(wsgi.Controller):
|
|||
flavors_view.FLAVOR_DESCRIPTION_MICROVERSION)
|
||||
def _create(self, req, body):
|
||||
context = req.environ['nova.context']
|
||||
context.can(fm_policies.POLICY_ROOT % 'create')
|
||||
context.can(fm_policies.POLICY_ROOT % 'create', target={})
|
||||
|
||||
vals = body['flavor']
|
||||
|
||||
|
@ -108,7 +108,7 @@ class FlavorManageController(wsgi.Controller):
|
|||
def _update(self, req, id, body):
|
||||
# Validate the policy.
|
||||
context = req.environ['nova.context']
|
||||
context.can(fm_policies.POLICY_ROOT % 'update')
|
||||
context.can(fm_policies.POLICY_ROOT % 'update', target={})
|
||||
|
||||
# Get the flavor and update the description.
|
||||
try:
|
||||
|
|
Loading…
Reference in New Issue