Honor keystone policy file when creating client

When creating the keystone client for an admin the user is checked for the specific role of "admin" to determine if they are authorized to use the admin URL. This patch changes this logic so that the policy file is honored instead of a specific role. Closes-Bug: #1336418 Change-Id: I600334dff17a5564f97cbcce67ff6d3619142961
2014-11-06 07:30:38 -06:00 · 2014-11-06 07:30:38 -06:00 · 45ae78ce85
parent 9f904e3935
commit 45ae78ce85
1 changed files with 2 additions and 1 deletions
--- a/openstack_dashboard/api/keystone.py
+++ b/openstack_dashboard/api/keystone.py
@ -34,6 +34,7 @@ from horizon import messages
 from horizon.utils import functions as utils

 from openstack_dashboard.api import base
+from openstack_dashboard import policy


 LOG = logging.getLogger(__name__)
@ -143,7 +144,7 @@ def keystoneclient(request, admin=False):
    """
    user = request.user
    if admin:
-        if not user.is_superuser:
+        if not policy.check(("identity", "admin_required"), request):
            raise exceptions.NotAuthorized
        endpoint_type = 'adminURL'
    else: