From 267178748e712098af4e55872029c5883af9a51c Mon Sep 17 00:00:00 2001
From: Todd Willey <todd@ansolabs.com>
Date: Mon, 6 Jun 2011 12:42:27 -0400
Subject: Change to a more generic error and update documentation.

---
 nova/db/sqlalchemy/api.py | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py
index 56739e9db..6dbf53a6c 100644
--- a/nova/db/sqlalchemy/api.py
+++ b/nova/db/sqlalchemy/api.py
@@ -60,9 +60,7 @@ def is_user_context(context):
 
 
 def authorize_project_context(context, project_id):
-    """Ensures that the request context has permission to access the
-       given project.
-    """
+    """Ensures a request has permission to access the given project."""
     if is_user_context(context):
         if not context.project:
             raise exception.NotAuthorized()
@@ -71,9 +69,7 @@ def authorize_project_context(context, project_id):
 
 
 def authorize_user_context(context, user_id):
-    """Ensures that the request context has permission to access the
-       given user.
-    """
+    """Ensures a request has permission to access the given user."""
     if is_user_context(context):
         if not context.user:
             raise exception.NotAuthorized()
@@ -89,9 +85,12 @@ def can_read_deleted(context):
 
 
 def require_admin_context(f):
-    """Decorator used to indicate that the method requires an
-       administrator context.
+    """Decorator to require admin request context.
+
+    The first argument to the wrapped function must be the context.
+
     """
+
     def wrapper(*args, **kwargs):
         if not is_admin_context(args[0]):
             raise exception.AdminRequired()
@@ -100,12 +99,19 @@ def require_admin_context(f):
 
 
 def require_context(f):
-    """Decorator used to indicate that the method requires either
-       an administrator or normal user context.
+    """Decorator to require *any* user or admin context.
+
+    This does no authorization for user or project access matching, see
+    :py:func:`authorize_project_context` and
+    :py:func:`authorize_user_context`.
+
+    The first argument to the wrapped function must be the context.
+
     """
+
     def wrapper(*args, **kwargs):
         if not is_admin_context(args[0]) and not is_user_context(args[0]):
-            raise exception.AdminRequired()
+            raise exception.NotAuthorized()
         return f(*args, **kwargs)
     return wrapper
 
-- 
cgit