diff options
author | Adam Young <ayoung@redhat.com> | 2013-03-08 21:19:25 -0500 |
---|---|---|
committer | Adam Young <ayoung@redhat.com> | 2013-03-15 15:21:36 -0400 |
commit | eb4dd4afbffaa15be0af70a317da7034ae28dfd6 (patch) | |
tree | 89f3b2b71b34b3627fe1d7893ad51578032f5afd /etc | |
parent | a79a7c1ddb6c7e3f71cc9791b318bdefbc1abeb8 (diff) | |
download | keystone-eb4dd4afbffaa15be0af70a317da7034ae28dfd6.tar.gz keystone-eb4dd4afbffaa15be0af70a317da7034ae28dfd6.tar.xz keystone-eb4dd4afbffaa15be0af70a317da7034ae28dfd6.zip |
extracting user and trust ids into normalized fields
These fields are used for queries, and may need to be indexed
Also moves the delete token for... functions into the base class
for controllers.
Removed the token API revoke token call as that needed access to other
APIs. Logic was moved into the controller.
Bug 1152801
Change-Id: I59c360fe5aef905dfa30cb55ee54ff1fbe64dc58
Diffstat (limited to 'etc')
-rw-r--r-- | etc/policy.json | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/etc/policy.json b/etc/policy.json index 89365e5e..17da8eac 100644 --- a/etc/policy.json +++ b/etc/policy.json @@ -25,8 +25,7 @@ "identity:get_project": [["rule:admin_required"]], "identity:list_projects": [["rule:admin_required"]], - "identity:list_user_projects": [["rule:admin_required"], - ["user_id:%(user_id)s"]], + "identity:list_user_projects": [["rule:admin_or_owner"]], "identity:create_project": [["rule:admin_or_owner"]], "identity:update_project": [["rule:admin_required"]], "identity:delete_project": [["rule:admin_required"]], @@ -34,7 +33,7 @@ "identity:get_user": [["rule:admin_required"]], "identity:list_users": [["rule:admin_required"]], "identity:create_user": [["rule:admin_required"]], - "identity:update_user": [["rule:admin_required"]], + "identity:update_user": [["rule:admin_or_owner"]], "identity:delete_user": [["rule:admin_required"]], "identity:get_group": [["rule:admin_required"]], |