From dcac4bc6c7be9832704e37cca7ce815e083974f5 Mon Sep 17 00:00:00 2001
From: Ed Leafe <ed@leafe.com>
Date: Thu, 4 Aug 2011 20:55:56 +0000
Subject: Added admin-only decorator

---
 nova/api/openstack/contrib/admin_only.py | 30 ++++++++++++++++++++++++++++++
 nova/api/openstack/contrib/hosts.py      | 14 ++++++--------
 2 files changed, 36 insertions(+), 8 deletions(-)
 create mode 100644 nova/api/openstack/contrib/admin_only.py

diff --git a/nova/api/openstack/contrib/admin_only.py b/nova/api/openstack/contrib/admin_only.py
new file mode 100644
index 000000000..e821c9e1f
--- /dev/null
+++ b/nova/api/openstack/contrib/admin_only.py
@@ -0,0 +1,30 @@
+# Copyright (c) 2011 Openstack, LLC.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""Decorator for limiting extensions that should be admin-only."""
+
+from functools import wraps
+from nova import flags
+FLAGS = flags.FLAGS
+
+
+def admin_only(fnc):
+    @wraps(fnc)
+    def _wrapped(self, *args, **kwargs):
+        if FLAGS.allow_admin_api:
+            return fnc(self, *args, **kwargs)
+        return []
+    _wrapped.func_name = fnc.func_name
+    return _wrapped
diff --git a/nova/api/openstack/contrib/hosts.py b/nova/api/openstack/contrib/hosts.py
index 09adbe2f4..cdf8760d5 100644
--- a/nova/api/openstack/contrib/hosts.py
+++ b/nova/api/openstack/contrib/hosts.py
@@ -24,6 +24,7 @@ from nova import log as logging
 from nova.api.openstack import common
 from nova.api.openstack import extensions
 from nova.api.openstack import faults
+from nova.api.openstack.contrib import admin_only
 from nova.scheduler import api as scheduler_api
 
 
@@ -134,13 +135,10 @@ class Hosts(extensions.ExtensionDescriptor):
     def get_updated(self):
         return "2011-06-29T00:00:00+00:00"
 
+    @admin_only.admin_only
     def get_resources(self):
-        resources = []
-        # If we are not in an admin env, don't add the resource. Regular users
-        # shouldn't have access to the host.
-        if FLAGS.allow_admin_api:
-            resources = [extensions.ResourceExtension('os-hosts',
-                    HostController(), collection_actions={'update': 'PUT'},
-                    member_actions={"startup": "GET", "shutdown": "GET",
-                            "reboot": "GET"})]
+    resources = [extensions.ResourceExtension('os-hosts',
+                HostController(), collection_actions={'update': 'PUT'},
+                member_actions={"startup": "GET", "shutdown": "GET",
+                        "reboot": "GET"})]
         return resources
-- 
cgit