From 83df968cfb050bdb6bac981dfcc2d0b1c3dd80db Mon Sep 17 00:00:00 2001
From: Michael Gundlach <michael.gundlach@rackspace.com>
Date: Wed, 1 Sep 2010 12:42:06 -0400
Subject: Delete rbac.py, moving @rbac decorator knowledge into
 api.ec2.Authorizer WSGI middleware.

---
 nova/auth/rbac.py | 69 -------------------------------------------------------
 1 file changed, 69 deletions(-)
 delete mode 100644 nova/auth/rbac.py

(limited to 'nova/auth')

diff --git a/nova/auth/rbac.py b/nova/auth/rbac.py
deleted file mode 100644
index d157f44b3..000000000
--- a/nova/auth/rbac.py
+++ /dev/null
@@ -1,69 +0,0 @@
-# vim: tabstop=4 shiftwidth=4 softtabstop=4
-
-# Copyright 2010 United States Government as represented by the
-# Administrator of the National Aeronautics and Space Administration.
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-"""Role-based access control decorators to use fpr wrapping other
-methods with."""
-
-from nova import exception
-
-
-def allow(*roles):
-    """Allow the given roles access the wrapped function."""
-
-    def wrap(func): # pylint: disable-msg=C0111
-
-        def wrapped_func(self, context, *args,
-                         **kwargs): # pylint: disable-msg=C0111
-            if context.user.is_superuser():
-                return func(self, context, *args, **kwargs)
-            for role in roles:
-                if __matches_role(context, role):
-                    return func(self, context, *args, **kwargs)
-            raise exception.NotAuthorized()
-
-        return wrapped_func
-
-    return wrap
-
-
-def deny(*roles):
-    """Deny the given roles access the wrapped function."""
-
-    def wrap(func): # pylint: disable-msg=C0111
-
-        def wrapped_func(self, context, *args,
-                         **kwargs): # pylint: disable-msg=C0111
-            if context.user.is_superuser():
-                return func(self, context, *args, **kwargs)
-            for role in roles:
-                if __matches_role(context, role):
-                    raise exception.NotAuthorized()
-            return func(self, context, *args, **kwargs)
-
-        return wrapped_func
-
-    return wrap
-
-
-def __matches_role(context, role):
-    """Check if a role is allowed."""
-    if role == 'all':
-        return True
-    if role == 'none':
-        return False
-    return context.project.has_role(context.user.id, role)
-- 
cgit