openstack
/
keystone
Code Issues Proposed changes
keystone/keystone/assignment
History
Boris Bobrov 05a129e545 Do not fetch group assignments without groups 
Without the change, the method fetched all assignments for a project
or domain, regardless of who has the assignment, user or group. This
led to situation when federated user without groups could scope a token
with other user's rules.

Return empty list of assignments if no groups were passed.

Closes-Bug: 1677723
Change-Id: I65f5be915bef2f979e70b043bde27064e970349d
(cherry picked from commit 2139639eea)
 		2017-04-25 14:22:47 +00:00
..
V8_backends Replace keystone.common.config with keystone.conf package 2016-06-24 17:02:15 +00:00
V8_role_backends Move the assignment abstract base class out of core 2016-05-11 17:14:04 +00:00
backends Replace keystone.common.config with keystone.conf package 2016-06-24 17:02:15 +00:00
role_backends Remove unused LOG 2016-07-05 15:05:24 +08:00
__init__.py Remove exposure of routers at package level 2015-12-03 15:06:56 -03:00
controllers.py Add schema validation to create role 2016-07-22 09:37:25 -05:00
core.py Do not fetch group assignments without groups 2017-04-25 14:22:47 +00:00
routers.py Fix nits related to the new keystone.conf package 2016-06-24 20:12:14 +00:00
schema.py Add schema validation to create role 2016-07-22 09:37:25 -05:00