openstack
/
deb-keystone
Code Issues Proposed changes
deb-keystone/keystone/assignment
History
Boris Bobrov 955fd6ca37 Do not fetch group assignments without groups 
Without the change, the method fetched all assignments for a project
or domain, regardless of who has the assignment, user or group. This
led to situation when federated user without groups could scope a token
with other user's rules.

Return empty list of assignments if no groups were passed.

Closes-Bug: 1677723
Change-Id: I65f5be915bef2f979e70b043bde27064e970349d
(cherry picked from commit 2139639eea)
 		2017-04-25 14:36:12 +00:00
..
backends Removes unused default_assignment_driver method 2016-11-29 17:39:18 +00:00
role_backends Remove stable driver interfaces 2016-09-28 17:18:37 +00:00
__init__.py Remove exposure of routers at package level 2015-12-03 15:06:56 -03:00
controllers.py Domain included for role in list_role_assignment 2016-12-06 10:26:13 -06:00
core.py Do not fetch group assignments without groups 2017-04-25 14:36:12 +00:00
routers.py Remove CONF.os_inherit.enabled 2016-12-05 10:52:35 -08:00
schema.py Add schema validation to create role 2016-07-22 09:37:25 -05:00