Use to_policy_values for enforcing policy

oslo_context's to_policy_values provides a standard list of parameters
that policy should be able to be enforced upon. The combination of this
and from_environ lets oslo.context handle adding new values to policy
enforcement.

Closes-Bug: #1602081
Change-Id: I8f70580e7209412800aa7b948602b003392ef238
This commit is contained in:
Jamie Lennox 2016-07-11 11:25:46 +10:00 committed by ayoung
parent 109241db58
commit bc5a2d9741
2 changed files with 10 additions and 1 deletions

View File

@ -145,6 +145,13 @@ class RequestContext(context.RequestContext):
user_domain=values.get('user_domain'), user_domain=values.get('user_domain'),
project_domain=values.get('project_domain')) project_domain=values.get('project_domain'))
def to_policy_values(self):
policy = super(RequestContext, self).to_policy_values()
policy['is_admin'] = self.is_admin
return policy
def elevated(self, read_deleted=None, overwrite=False): def elevated(self, read_deleted=None, overwrite=False):
"""Return a version of this context with admin flag set.""" """Return a version of this context with admin flag set."""
context = self.deepcopy() context = self.deepcopy()

View File

@ -64,7 +64,9 @@ def enforce(context, action, target):
""" """
init() init()
return _ENFORCER.enforce(action, target, context.to_dict(), return _ENFORCER.enforce(action,
target,
context.to_policy_values(),
do_raise=True, do_raise=True,
exc=exception.PolicyNotAuthorized, exc=exception.PolicyNotAuthorized,
action=action) action=action)