Merge "Move auth_token middleware from admin user to an RBAC policy"

author: Jenkins <jenkins@review.openstack.org> 2013-05-30 05:05:48 +0000
committer: Gerrit Code Review <review@openstack.org> 2013-05-30 05:05:48 +0000
commit: 6d33805d0fe7fd7bd75765ee4167eb64fbdd324b (patch)
tree: 109952b6569d4aa3e7db02af3eb60f7de2516713 /keystone/token
parent: d67e31b70ca648c8ca0a3cb76f421b3be257d4c5 (diff)
parent: 3c3f5dc8973a28fcded50bdb65b7cd77cd772cc6 (diff)
download: keystone-6d33805d0fe7fd7bd75765ee4167eb64fbdd324b.tar.gz
keystone-6d33805d0fe7fd7bd75765ee4167eb64fbdd324b.tar.xz
keystone-6d33805d0fe7fd7bd75765ee4167eb64fbdd324b.zip
1 files changed, 3 insertions, 5 deletions
diff --git a/keystone/token/controllers.py b/keystone/token/controllers.py
index a7fcbb2c..2d429742 100644
--- a/keystone/token/controllers.py
+++ b/keystone/token/controllers.py
@@ -457,8 +457,6 @@ class Auth(controller.V2Controller):
         Optionally, limited to a token owned by a specific tenant.
 
         """
-        # TODO(termie): this stuff should probably be moved to middleware
-        self.assert_admin(context)
         data = self.token_api.get_token(context=context,
                                         token_id=token_id)
         if belongs_to:
@@ -510,7 +508,7 @@ class Auth(controller.V2Controller):
                 if project_ref['domain_id'] != DEFAULT_DOMAIN_ID:
                     raise exception.Unauthorized(msg)
 
-    # admin only
+    @controller.protected
     def validate_token_head(self, context, token_id):
         """Check that a token is valid.
 
@@ -524,7 +522,7 @@ class Auth(controller.V2Controller):
         assert token_ref
         self._assert_default_domain(context, token_ref)
 
-    # admin only
+    @controller.protected
     def validate_token(self, context, token_id):
         """Check that a token is valid.
 
@@ -562,8 +560,8 @@ class Auth(controller.V2Controller):
         self.assert_admin(context)
         self.token_api.delete_token(context=context, token_id=token_id)
 
+    @controller.protected
     def revocation_list(self, context, auth=None):
-        self.assert_admin(context)
         tokens = self.token_api.list_revoked_tokens(context)
 
         for t in tokens:
author	Jenkins <jenkins@review.openstack.org>	2013-05-30 05:05:48 +0000
committer	Gerrit Code Review <review@openstack.org>	2013-05-30 05:05:48 +0000
commit	6d33805d0fe7fd7bd75765ee4167eb64fbdd324b (patch)
tree	109952b6569d4aa3e7db02af3eb60f7de2516713 /keystone/token
parent	d67e31b70ca648c8ca0a3cb76f421b3be257d4c5 (diff)
parent	3c3f5dc8973a28fcded50bdb65b7cd77cd772cc6 (diff)
download	keystone-6d33805d0fe7fd7bd75765ee4167eb64fbdd324b.tar.gz keystone-6d33805d0fe7fd7bd75765ee4167eb64fbdd324b.tar.xz keystone-6d33805d0fe7fd7bd75765ee4167eb64fbdd324b.zip