Pass the actual target in os-flavor-manage policy

Currently if target is not passed in context.can(),
it use defauls target which is context.user_id, context.project_id.
These defaults target are not useful as it pass the
context's user_id and project_id only which means we tell
oslo policy to verify the context data with context data.

This commit pass the actual target for os-flavor-manage policies
which is empty dict because policy rule is system scoped rather
than project, so the token scope check deals with the required
target checking.

Partial implement blueprint policy-defaults-refresh

Change-Id: I5ce8ca083a857ca3c236f53085605185b4cb86e4

nova/api/openstack/compute/flavor_manage.py

@@ -36,7 +36,7 @@ class FlavorManageController(wsgi.Controller):
     @wsgi.action("delete")
     def _delete(self, req, id):
         context = req.environ['nova.context']
-        context.can(fm_policies.POLICY_ROOT % 'delete')
+        context.can(fm_policies.POLICY_ROOT % 'delete', target={})
 
         flavor = objects.Flavor(context=context, flavorid=id)
         try:
@@ -54,7 +54,7 @@ class FlavorManageController(wsgi.Controller):
                        flavors_view.FLAVOR_DESCRIPTION_MICROVERSION)
     def _create(self, req, body):
         context = req.environ['nova.context']
-        context.can(fm_policies.POLICY_ROOT % 'create')
+        context.can(fm_policies.POLICY_ROOT % 'create', target={})
 
         vals = body['flavor']
 
@@ -108,7 +108,7 @@ class FlavorManageController(wsgi.Controller):
     def _update(self, req, id, body):
         # Validate the policy.
         context = req.environ['nova.context']
-        context.can(fm_policies.POLICY_ROOT % 'update')
+        context.can(fm_policies.POLICY_ROOT % 'update', target={})
 
         # Get the flavor and update the description.
         try: