Wrap v3 API with RBAC (bug 1023943)

Change-Id: Ie77be83054ea88bb0860260e1750196ac5ded650

1 files changed, 5 insertions, 6 deletions

diff --git a/keystone/policy/core.py b/keystone/policy/core.py
index 36b982c8..2e5676fc 100644
--- a/keystone/policy/core.py
+++ b/keystone/policy/core.py
@@ -105,9 +105,8 @@ class Driver(object):
 
 
 class PolicyControllerV3(controller.V3Controller):
+    @controller.protected
     def create_policy(self, context, policy):
-        self.assert_admin(context)
-
         ref = self._assign_unique_id(self._normalize_dict(policy))
         self._require_attribute(ref, 'blob')
         self._require_attribute(ref, 'type')
@@ -115,22 +114,22 @@ class PolicyControllerV3(controller.V3Controller):
         ref = self.policy_api.create_policy(context, ref['id'], ref)
         return {'policy': ref}
 
+    @controller.protected
     def list_policies(self, context):
-        self.assert_admin(context)
         refs = self.policy_api.list_policies(context)
         refs = self._filter_by_attribute(context, refs, 'type')
         return {'policies': self._paginate(context, refs)}
 
+    @controller.protected
     def get_policy(self, context, policy_id):
-        self.assert_admin(context)
         ref = self.policy_api.get_policy(context, policy_id)
         return {'policy': ref}
 
+    @controller.protected
     def update_policy(self, context, policy_id, policy):
-        self.assert_admin(context)
         ref = self.policy_api.update_policy(context, policy_id, policy)
         return {'policy': ref}
 
+    @controller.protected
     def delete_policy(self, context, policy_id):
-        self.assert_admin(context)
         return self.policy_api.delete_policy(context, policy_id)