Merge "Fix target used in nova.policy.check_is_admin"
This commit is contained in:
commit
1d1b0d5736
|
@ -251,8 +251,7 @@ class RequestContext(context.RequestContext):
|
|||
authorized and False if not authorized and fatal is False.
|
||||
"""
|
||||
if target is None:
|
||||
target = {'project_id': self.project_id,
|
||||
'user_id': self.user_id}
|
||||
target = self.default_target()
|
||||
|
||||
try:
|
||||
return policy.authorize(self, action, target)
|
||||
|
@ -261,6 +260,9 @@ class RequestContext(context.RequestContext):
|
|||
raise
|
||||
return False
|
||||
|
||||
def default_target(self):
|
||||
return {'project_id': self.project_id, 'user_id': self.user_id}
|
||||
|
||||
def to_policy_values(self):
|
||||
policy = super(RequestContext, self).to_policy_values()
|
||||
policy['is_admin'] = self.is_admin
|
||||
|
|
|
@ -176,7 +176,7 @@ def check_is_admin(context):
|
|||
init()
|
||||
# the target is user-self
|
||||
credentials = context.to_policy_values()
|
||||
target = credentials
|
||||
target = context.default_target()
|
||||
return _ENFORCER.authorize('context_is_admin', target, credentials)
|
||||
|
||||
|
||||
|
|
|
@ -243,6 +243,17 @@ class IsAdminCheckTestCase(test.NoDBTestCase):
|
|||
self.assertTrue(check('target', dict(is_admin=False),
|
||||
policy._ENFORCER))
|
||||
|
||||
def test_check_is_admin(self):
|
||||
ctxt = context.RequestContext(
|
||||
user_id='fake-user', project_id='fake-project')
|
||||
with mock.patch('oslo_policy.policy.Enforcer.authorize') as mock_auth:
|
||||
result = policy.check_is_admin(ctxt)
|
||||
self.assertEqual(mock_auth.return_value, result)
|
||||
mock_auth.assert_called_once_with(
|
||||
'context_is_admin',
|
||||
{'user_id': 'fake-user', 'project_id': 'fake-project'},
|
||||
ctxt.to_policy_values())
|
||||
|
||||
|
||||
class AdminRolePolicyTestCase(test.NoDBTestCase):
|
||||
def setUp(self):
|
||||
|
|
Loading…
Reference in New Issue