diff options
| author | unicell <unicell@gmail.com> | 2012-08-18 14:23:01 +0800 |
|---|---|---|
| committer | unicell <unicell@gmail.com> | 2012-08-19 00:31:23 +0800 |
| commit | c6be78deb6a3a7cbf092efdfb54f561ce689605f (patch) | |
| tree | faec33ed92d186a6e927d0dd1201b922a6dce0b2 /nova/context.py | |
| parent | a10be151ad9f62bb916498c8dae42e4b54dfc779 (diff) | |
| download | nova-c6be78deb6a3a7cbf092efdfb54f561ce689605f.tar.gz nova-c6be78deb6a3a7cbf092efdfb54f561ce689605f.tar.xz nova-c6be78deb6a3a7cbf092efdfb54f561ce689605f.zip | |
Remove hard-coded 'admin' role checking and use policy instead
bug 1037786
This change removed hard-coded 'admin' role checking, and use policy check to
decide is_admin at the time of context construction. And also set
default admin role to 'admin', in policy template, to keep backward
compatibility.
Change-Id: I56b45bfdfba1b8e1391bde7fec3d4cf26c66324c
Diffstat (limited to 'nova/context.py')
| -rw-r--r-- | nova/context.py | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/nova/context.py b/nova/context.py index 66697b567..b6fd105eb 100644 --- a/nova/context.py +++ b/nova/context.py @@ -24,6 +24,7 @@ import copy from nova.openstack.common import local from nova.openstack.common import log as logging from nova.openstack.common import timeutils +from nova import policy from nova import utils @@ -66,9 +67,7 @@ class RequestContext(object): self.roles = roles or [] self.is_admin = is_admin if self.is_admin is None: - self.is_admin = 'admin' in [x.lower() for x in self.roles] - elif self.is_admin and 'admin' not in self.roles: - self.roles.append('admin') + self.is_admin = policy.check_admin_role(self.roles) self.read_deleted = read_deleted self.remote_address = remote_address if not timestamp: |