Merge "Use to_policy_values for policy credentials"

2016-09-21 18:19:04 +00:00 · 2016-09-21 18:19:04 +00:00 · fc762522f0
parent 4cc5ef121f 304bc201c0
commit fc762522f0
2 changed files with 7 additions and 2 deletions
--- a/nova/context.py
+++ b/nova/context.py
@ -277,6 +277,11 @@ class RequestContext(context.RequestContext):
                raise
            return False

+    def to_policy_values(self):
+        policy = super(RequestContext, self).to_policy_values()
+        policy['is_admin'] = self.is_admin
+        return policy
+
    def __str__(self):
        return "<Context %s>" % self.to_dict()

--- a/nova/policy.py
+++ b/nova/policy.py
@ -152,7 +152,7 @@ def authorize(context, action, target, do_raise=True, exc=None):
           do_raise is False.
    """
    init()
-    credentials = context.to_dict()
+    credentials = context.to_policy_values()
    if not exc:
        exc = exception.PolicyNotAuthorized
    try:
@ -177,7 +177,7 @@ def check_is_admin(context):

    init()
    # the target is user-self
-    credentials = context.to_dict()
+    credentials = context.to_policy_values()
    target = credentials
    return _ENFORCER.authorize('context_is_admin', target, credentials)