Honor keystone policy file when creating client
When creating the keystone client for an admin the user is checked for the specific role of "admin" to determine if they are authorized to use the admin URL. This patch changes this logic so that the policy file is honored instead of a specific role. Closes-Bug: #1336418 Change-Id: I600334dff17a5564f97cbcce67ff6d3619142961
This commit is contained in:
parent
9f904e3935
commit
45ae78ce85
|
@ -34,6 +34,7 @@ from horizon import messages
|
|||
from horizon.utils import functions as utils
|
||||
|
||||
from openstack_dashboard.api import base
|
||||
from openstack_dashboard import policy
|
||||
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
@ -143,7 +144,7 @@ def keystoneclient(request, admin=False):
|
|||
"""
|
||||
user = request.user
|
||||
if admin:
|
||||
if not user.is_superuser:
|
||||
if not policy.check(("identity", "admin_required"), request):
|
||||
raise exceptions.NotAuthorized
|
||||
endpoint_type = 'adminURL'
|
||||
else:
|
||||
|
|
Loading…
Reference in New Issue