Merge "Allow generic rules in context_is_admin rule in policy."

author: Jenkins <jenkins@review.openstack.org> 2013-02-12 13:31:27 +0000
committer: Gerrit Code Review <review@openstack.org> 2013-02-12 13:31:27 +0000
commit: 4df47629ec1421bee6395d9fe5b8b970cd78f2fe (patch)
tree: 9a741a6527a8082c3bf47e30dfa85083e01d6d44 /nova/policy.py
parent: 1e339172694240c120841b7e1d9ba0530cf07ac3 (diff)
parent: 1d07c12ecad0ace2caae7baecd9f0f669b62cc35 (diff)
download: nova-4df47629ec1421bee6395d9fe5b8b970cd78f2fe.tar.gz
nova-4df47629ec1421bee6395d9fe5b8b970cd78f2fe.tar.xz
nova-4df47629ec1421bee6395d9fe5b8b970cd78f2fe.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/nova/policy.py b/nova/policy.py
index 27e261eac..ac2f2e730 100644
--- a/nova/policy.py
+++ b/nova/policy.py
@@ -101,14 +101,15 @@ def enforce(context, action, target, do_raise=True):
     return policy.check(action, target, credentials, **extra)
 
 
-def check_is_admin(roles):
+def check_is_admin(context):
     """Whether or not roles contains 'admin' role according to policy setting.
 
     """
     init()
 
-    target = {}
-    credentials = {'roles': roles}
+    #the target is user-self
+    credentials = context.to_dict()
+    target = credentials
 
     return policy.check('context_is_admin', target, credentials)
author	Jenkins <jenkins@review.openstack.org>	2013-02-12 13:31:27 +0000
committer	Gerrit Code Review <review@openstack.org>	2013-02-12 13:31:27 +0000
commit	4df47629ec1421bee6395d9fe5b8b970cd78f2fe (patch)
tree	9a741a6527a8082c3bf47e30dfa85083e01d6d44 /nova/policy.py
parent	1e339172694240c120841b7e1d9ba0530cf07ac3 (diff)
parent	1d07c12ecad0ace2caae7baecd9f0f669b62cc35 (diff)
download	nova-4df47629ec1421bee6395d9fe5b8b970cd78f2fe.tar.gz nova-4df47629ec1421bee6395d9fe5b8b970cd78f2fe.tar.xz nova-4df47629ec1421bee6395d9fe5b8b970cd78f2fe.zip