diff --git a/openstack_auth/backend.py b/openstack_auth/backend.py index c630fb0a..111e8123 100644 --- a/openstack_auth/backend.py +++ b/openstack_auth/backend.py @@ -223,8 +223,8 @@ class KeystoneBackend(object): return set() # TODO(gabrielhurley): Integrate policy-driven RBAC # when supported by Keystone. - role_perms = set(["openstack.roles.%s" % role['name'].lower() - for role in user.roles]) + role_perms = {"openstack.roles.%s" % role['name'].lower() + for role in user.roles} services = [] for service in user.service_catalog: @@ -236,8 +236,8 @@ class KeystoneBackend(object): in service.get('endpoints', [])] if user.services_region in service_regions: services.append(service_type.lower()) - service_perms = set(["openstack.services.%s" % service - for service in services]) + service_perms = {"openstack.services.%s" % service + for service in services} return role_perms | service_perms def has_perm(self, user, perm, obj=None): diff --git a/openstack_auth/user.py b/openstack_auth/user.py index fa30fe68..46138822 100644 --- a/openstack_auth/user.py +++ b/openstack_auth/user.py @@ -298,12 +298,12 @@ class User(models.AbstractBaseUser, models.AnonymousUser): Returns ``True`` or ``False``. """ - admin_roles = [role.lower() for role in getattr( + admin_roles = {role.lower() for role in getattr( settings, 'OPENSTACK_KEYSTONE_ADMIN_ROLES', - ['admin'])] - user_roles = [role['name'].lower() for role in self.roles] - return True if set(admin_roles).intersection(user_roles) else False + ['admin'])} + user_roles = {role['name'].lower() for role in self.roles} + return not admin_roles.isdisjoint(user_roles) @property def authorized_tenants(self):