From bcc307ae5beb021a9275a90ffcbaf4e858649937 Mon Sep 17 00:00:00 2001
From: zhangxiaohan <zmj1981123@163.com>
Date: Tue, 21 Aug 2018 09:37:44 +0800
Subject: [PATCH] The admin role judge exception caused the policy to fail

1. What is the problem?

Caused the policy to fail When use 'admin' role to create pod,
Error response is "Unauthorized to create pods".

2. What is the solution to the problem?
In context, the 'HTTP_X_ROLE' maybe include mutilple role, so use
'admin' in environ.get('HTTP_X_ROLE') to judge rather than equality.

Change-Id: If0a765603e56e0325a31f7a3e0202f52fd1cbe38
---
 tricircle/api/controllers/root.py | 2 +-
 tricircle/common/context.py       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tricircle/api/controllers/root.py b/tricircle/api/controllers/root.py
index 7a3382bf..e3b227ce 100644
--- a/tricircle/api/controllers/root.py
+++ b/tricircle/api/controllers/root.py
@@ -119,7 +119,7 @@ def _extract_context_from_environ(environ):
         context_paras[key] = environ.get(context_paras[key])
     role = environ.get('HTTP_X_ROLE')
     # TODO(zhiyuan): replace with policy check
-    context_paras['is_admin'] = role == 'admin'
+    context_paras['is_admin'] = 'admin' in role.split(',') if role else False
     return t_context.Context(**context_paras)
 
 
diff --git a/tricircle/common/context.py b/tricircle/common/context.py
index 8cf372cf..962395fb 100644
--- a/tricircle/common/context.py
+++ b/tricircle/common/context.py
@@ -55,7 +55,7 @@ def extract_context_from_environ():
         context_paras[key] = environ.get(context_paras[key])
     role = environ.get('HTTP_X_ROLE')
 
-    context_paras['is_admin'] = role == 'admin'
+    context_paras['is_admin'] = 'admin' in role.split(',') if role else False
     return Context(**context_paras)