From bc5a2d9741dfea75b7be0448f7322bb1ef6f028c Mon Sep 17 00:00:00 2001 From: Jamie Lennox Date: Mon, 11 Jul 2016 11:25:46 +1000 Subject: [PATCH] Use to_policy_values for enforcing policy oslo_context's to_policy_values provides a standard list of parameters that policy should be able to be enforced upon. The combination of this and from_environ lets oslo.context handle adding new values to policy enforcement. Closes-Bug: #1602081 Change-Id: I8f70580e7209412800aa7b948602b003392ef238 --- cinder/context.py | 7 +++++++ cinder/policy.py | 4 +++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/cinder/context.py b/cinder/context.py index a7a6544638a..6d6274c8304 100644 --- a/cinder/context.py +++ b/cinder/context.py @@ -145,6 +145,13 @@ class RequestContext(context.RequestContext): user_domain=values.get('user_domain'), project_domain=values.get('project_domain')) + def to_policy_values(self): + policy = super(RequestContext, self).to_policy_values() + + policy['is_admin'] = self.is_admin + + return policy + def elevated(self, read_deleted=None, overwrite=False): """Return a version of this context with admin flag set.""" context = self.deepcopy() diff --git a/cinder/policy.py b/cinder/policy.py index a2a09792744..9a94d075ca1 100644 --- a/cinder/policy.py +++ b/cinder/policy.py @@ -64,7 +64,9 @@ def enforce(context, action, target): """ init() - return _ENFORCER.enforce(action, target, context.to_dict(), + return _ENFORCER.enforce(action, + target, + context.to_policy_values(), do_raise=True, exc=exception.PolicyNotAuthorized, action=action)