Merge "Use to_policy_values for policy credentials"

2017-10-05 18:30:39 +00:00
parent 8fa8843dbc 3c6d246d88
commit 6e50011b34
2 changed files with 7 additions and 2 deletions
--- a/zun/common/context.py
+++ b/zun/common/context.py
@@ -88,6 +88,11 @@ class RequestContext(context.RequestContext):
                      'all_tenants': self.all_tenants})
        return value

+    def to_policy_values(self):
+        policy = super(RequestContext, self).to_policy_values()
+        policy['is_admin'] = self.is_admin
+        return policy
+
    @classmethod
    def from_dict(cls, values):
        return cls(**values)
--- a/zun/common/policy.py
+++ b/zun/common/policy.py
@@ -86,7 +86,7 @@ def enforce(context, rule=None, target=None,
                 expression.
    """
    enforcer = init()
-    credentials = context.to_dict()
+    credentials = context.to_policy_values()
    if not exc:
        exc = exception.PolicyNotAuthorized
    if target is None:
@@ -142,5 +142,5 @@ def check_is_admin(context):
    """
    init()
    target = {}
-    credentials = context.to_dict()
+    credentials = context.to_policy_values()
    return _ENFORCER.enforce('context_is_admin', target, credentials)