diff options
| author | Todd Willey <todd@ansolabs.com> | 2011-06-06 17:25:55 +0000 |
|---|---|---|
| committer | Tarmac <> | 2011-06-06 17:25:55 +0000 |
| commit | ec3d5be6196d6d5a9c279fb53a9805afff45c54d (patch) | |
| tree | f35517b0602f14e8a8cf2bbdd7400096efd5f2e7 | |
| parent | 54731d1b357ae7527f91b01d17664528aa48c61b (diff) | |
| parent | 267178748e712098af4e55872029c5883af9a51c (diff) | |
Changed the error raise to not be AdminRequired when admin is not, in fact, required.
Cleaned up some documentation while I was there.
| -rw-r--r-- | nova/db/sqlalchemy/api.py | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py index 56739e9db..6dbf53a6c 100644 --- a/nova/db/sqlalchemy/api.py +++ b/nova/db/sqlalchemy/api.py @@ -60,9 +60,7 @@ def is_user_context(context): def authorize_project_context(context, project_id): - """Ensures that the request context has permission to access the - given project. - """ + """Ensures a request has permission to access the given project.""" if is_user_context(context): if not context.project: raise exception.NotAuthorized() @@ -71,9 +69,7 @@ def authorize_project_context(context, project_id): def authorize_user_context(context, user_id): - """Ensures that the request context has permission to access the - given user. - """ + """Ensures a request has permission to access the given user.""" if is_user_context(context): if not context.user: raise exception.NotAuthorized() @@ -89,9 +85,12 @@ def can_read_deleted(context): def require_admin_context(f): - """Decorator used to indicate that the method requires an - administrator context. + """Decorator to require admin request context. + + The first argument to the wrapped function must be the context. + """ + def wrapper(*args, **kwargs): if not is_admin_context(args[0]): raise exception.AdminRequired() @@ -100,12 +99,19 @@ def require_admin_context(f): def require_context(f): - """Decorator used to indicate that the method requires either - an administrator or normal user context. + """Decorator to require *any* user or admin context. + + This does no authorization for user or project access matching, see + :py:func:`authorize_project_context` and + :py:func:`authorize_user_context`. + + The first argument to the wrapped function must be the context. + """ + def wrapper(*args, **kwargs): if not is_admin_context(args[0]) and not is_user_context(args[0]): - raise exception.AdminRequired() + raise exception.NotAuthorized() return f(*args, **kwargs) return wrapper |