From d0f142d1e803715fa7ad79a6975463ed5ec56f85 Mon Sep 17 00:00:00 2001 From: Lingxian Kong Date: Mon, 7 Aug 2017 12:24:32 +1200 Subject: [PATCH] Fix getting context info when doing policy check Use 'to_policy_values' method to get context information for policy checking to avoid exception when using older version of oslo.context, e.g. in oslo.context==2.2.0, the property 'user_id' doesn't exist in RequestContext. Change-Id: I736d008365e28a2826646c1677f739a0a7fbb518 --- distil/api/acl.py | 7 ++++--- distil/context.py | 17 ----------------- 2 files changed, 4 insertions(+), 20 deletions(-) diff --git a/distil/api/acl.py b/distil/api/acl.py index 64c8faf..3042062 100644 --- a/distil/api/acl.py +++ b/distil/api/acl.py @@ -43,13 +43,14 @@ def enforce(rule): def handler(*args, **kwargs): ctx = context.ctx() ctx.is_admin = check_is_admin(ctx) + ctx_dict = ctx.to_policy_values() target = { - 'project_id': ctx.project_id, - 'user_id': ctx.user_id, + 'project_id': ctx_dict['project_id'], + 'user_id': ctx_dict['user_id'], } - ENFORCER.enforce(rule, target, ctx.to_policy_values(), + ENFORCER.enforce(rule, target, ctx_dict, do_raise=True, exc=exceptions.Forbidden) return func(*args, **kwargs) diff --git a/distil/context.py b/distil/context.py index d03f948..02918cc 100644 --- a/distil/context.py +++ b/distil/context.py @@ -46,23 +46,6 @@ class RequestContext(context.RequestContext): context._request_store.context = self -def make_context(*args, **kwargs): - return RequestContext(*args, **kwargs) - - -def make_admin_context(show_deleted=False, all_tenants=False): - """Create an administrator context. - - :param show_deleted: if True, will show deleted items when query db - """ - context = RequestContext(user_id=None, - project=None, - is_admin=True, - show_deleted=show_deleted, - all_tenants=all_tenants) - return context - - _CTX_STORE = threading.local() _CTX_KEY = 'current_ctx'