diff options
author | Jenkins <jenkins@review.openstack.org> | 2013-02-21 15:55:49 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2013-02-21 15:55:49 +0000 |
commit | 15f083800401aeb45b8746561e5cf3977bff29f3 (patch) | |
tree | 5c1d467c7c49418974943b4efdb537eb6f55d806 /keystone/identity | |
parent | c67649ab64c32a491bead7e82d71708b0cda3702 (diff) | |
parent | 43adc12790c2ca0fee170c51c79ce5f5721f5e5d (diff) | |
download | keystone-15f083800401aeb45b8746561e5cf3977bff29f3.tar.gz keystone-15f083800401aeb45b8746561e5cf3977bff29f3.tar.xz keystone-15f083800401aeb45b8746561e5cf3977bff29f3.zip |
Merge "domain-scoping"
Diffstat (limited to 'keystone/identity')
-rw-r--r-- | keystone/identity/backends/sql.py | 26 | ||||
-rw-r--r-- | keystone/identity/core.py | 10 |
2 files changed, 36 insertions, 0 deletions
diff --git a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py index 374d6b7a..67442d47 100644 --- a/keystone/identity/backends/sql.py +++ b/keystone/identity/backends/sql.py @@ -416,6 +416,24 @@ class Identity(sql.Base, identity.Driver): except exception.MetadataNotFound: pass + def _get_user_group_domain_roles(self, metadata_ref, user_id, domain_id): + group_refs = self.list_groups_for_user(user_id=user_id) + for x in group_refs: + try: + metadata_ref.update( + self.get_metadata(group_id=x['id'], + domain_id=domain_id)) + except exception.MetadataNotFound: + # no group grant, skip + pass + + def _get_user_domain_roles(self, metadata_ref, user_id, domain_id): + try: + metadata_ref.update(self.get_metadata(user_id, + domain_id=domain_id)) + except exception.MetadataNotFound: + pass + def get_roles_for_user_and_project(self, user_id, tenant_id): self.get_user(user_id) self.get_project(tenant_id) @@ -424,6 +442,14 @@ class Identity(sql.Base, identity.Driver): self._get_user_group_project_roles(metadata_ref, user_id, tenant_id) return list(set(metadata_ref.get('roles', []))) + def get_roles_for_user_and_domain(self, user_id, domain_id): + self.get_user(user_id) + self.get_domain(domain_id) + metadata_ref = {} + self._get_user_domain_roles(metadata_ref, user_id, domain_id) + self._get_user_group_domain_roles(metadata_ref, user_id, domain_id) + return list(set(metadata_ref.get('roles', []))) + def add_role_to_user_and_project(self, user_id, tenant_id, role_id): self.get_user(user_id) self.get_project(tenant_id) diff --git a/keystone/identity/core.py b/keystone/identity/core.py index 7d8c991f..775bbdbd 100644 --- a/keystone/identity/core.py +++ b/keystone/identity/core.py @@ -153,6 +153,16 @@ class Driver(object): """ raise exception.NotImplemented() + def get_roles_for_user_and_domain(self, user_id, domain_id): + """Get the roles associated with a user within given domain. + + :returns: a list of role ids. + :raises: keystone.exception.UserNotFound, + keystone.exception.ProjectNotFound + + """ + raise exception.NotImplemented() + def add_role_to_user_and_project(self, user_id, tenant_id, role_id): """Add a role to a user within given tenant. |