Use to_policy_values for enforcing policy

oslo_context's to_policy_values provides a standard list of parameters that policy should be able to be enforced upon. Let oslo.context handle adding new values to policy enforcement. Related-Bug: #1602081 Change-Id: I8f70580e7209412800aa7b948602b003392ef238
2017-05-03 23:51:43 +08:00 · 2017-05-03 23:51:43 +08:00 · 93637a012e
parent d8d57d1ea0
commit 93637a012e
2 changed files with 10 additions and 1 deletions
--- a/karbor/context.py
+++ b/karbor/context.py
@ -143,6 +143,13 @@ class RequestContext(context.RequestContext):
        kwargs = {k: values[k] for k in values if k in allowed_keys}
        return cls(**kwargs)

+    def to_policy_values(self):
+        policy = super(RequestContext, self).to_policy_values()
+
+        policy['is_admin'] = self.is_admin
+
+        return policy
+
    def elevated(self, read_deleted=None, overwrite=False):
        """Return a version of this context with admin flag set."""
        context = self.deepcopy()
--- a/karbor/policy.py
+++ b/karbor/policy.py
@ -64,7 +64,9 @@ def enforce(context, action, target):
    """
    init()

-    return _ENFORCER.enforce(action, target, context.to_dict(),
+    return _ENFORCER.enforce(action,
+                             target,
+                             context.to_policy_values(),
                             do_raise=True,
                             exc=exception.PolicyNotAuthorized,
                             action=action)