diff options
| author | Wenhao Xu <xuwenhao2008@gmail.com> | 2013-02-07 17:18:12 +0800 |
|---|---|---|
| committer | Wenhao Xu <xuwenhao2008@gmail.com> | 2013-02-12 10:16:00 +0800 |
| commit | 1d07c12ecad0ace2caae7baecd9f0f669b62cc35 (patch) | |
| tree | ba1402953c7e1dccb2f8a8f53e153a79fa373a2d /nova/context.py | |
| parent | fe16fded3d4ecfe71d7d0d0d4adbbb8d3cc0da48 (diff) | |
| download | nova-1d07c12ecad0ace2caae7baecd9f0f669b62cc35.tar.gz nova-1d07c12ecad0ace2caae7baecd9f0f669b62cc35.tar.xz nova-1d07c12ecad0ace2caae7baecd9f0f669b62cc35.zip | |
Allow generic rules in context_is_admin rule in policy.
context_is_admin role is used by nova to check if
the current user is the admin. But it can only check
role rules. The fix allow generic rules in context_is_admin.
DocImpact
Fixes bug 1118142
Change-Id: Ib4823a67fe63d5356fc8c9280a2013b8855f5217
Diffstat (limited to 'nova/context.py')
| -rw-r--r-- | nova/context.py | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/nova/context.py b/nova/context.py index 8731e012d..60fd5b4c0 100644 --- a/nova/context.py +++ b/nova/context.py @@ -65,9 +65,6 @@ class RequestContext(object): self.user_id = user_id self.project_id = project_id self.roles = roles or [] - self.is_admin = is_admin - if self.is_admin is None: - self.is_admin = policy.check_is_admin(self.roles) self.read_deleted = read_deleted self.remote_address = remote_address if not timestamp: @@ -90,7 +87,9 @@ class RequestContext(object): self.quota_class = quota_class self.user_name = user_name self.project_name = project_name - + self.is_admin = is_admin + if self.is_admin is None: + self.is_admin = policy.check_is_admin(self) if overwrite or not hasattr(local.store, 'context'): self.update_store() |