Correctly pull input data for enforcement
Pull the actual input data into the enforcement target dict instead of the view_args (the view args are something like 'trust_id', the input data would be user-supplied json). Change-Id: I9d7b1117d4decfd31647d6418f02302917ca1cbd Partial-Bug: #1776504
This commit is contained in:
parent
9e57fafbc8
commit
5ea59f5220
|
@ -331,7 +331,8 @@ class RBACEnforcer(object):
|
|||
# Pull the data from the view args (path based params) to generate
|
||||
# appropriate input/target attributes, we take an explicit copy here
|
||||
# to ensure we're not somehow corrupting
|
||||
policy_dict.update(flask.request.view_args or {})
|
||||
json_input = flask.request.get_json(force=True, silent=True) or {}
|
||||
policy_dict.update(json_input.copy())
|
||||
|
||||
# Generate the filter_attr dataset.
|
||||
policy_dict.update(cls._extract_filter_values(filters))
|
||||
|
|
Loading…
Reference in New Issue