From c6be78deb6a3a7cbf092efdfb54f561ce689605f Mon Sep 17 00:00:00 2001
From: unicell <unicell@gmail.com>
Date: Sat, 18 Aug 2012 14:23:01 +0800
Subject: Remove hard-coded 'admin' role checking and use policy instead

bug 1037786

This change removed hard-coded 'admin' role checking, and use policy check to
decide is_admin at the time of context construction. And also set
default admin role to 'admin', in policy template, to keep backward
compatibility.

Change-Id: I56b45bfdfba1b8e1391bde7fec3d4cf26c66324c
---
 nova/context.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'nova/context.py')

diff --git a/nova/context.py b/nova/context.py
index 66697b567..b6fd105eb 100644
--- a/nova/context.py
+++ b/nova/context.py
@@ -24,6 +24,7 @@ import copy
 from nova.openstack.common import local
 from nova.openstack.common import log as logging
 from nova.openstack.common import timeutils
+from nova import policy
 from nova import utils
 
 
@@ -66,9 +67,7 @@ class RequestContext(object):
         self.roles = roles or []
         self.is_admin = is_admin
         if self.is_admin is None:
-            self.is_admin = 'admin' in [x.lower() for x in self.roles]
-        elif self.is_admin and 'admin' not in self.roles:
-            self.roles.append('admin')
+            self.is_admin = policy.check_admin_role(self.roles)
         self.read_deleted = read_deleted
         self.remote_address = remote_address
         if not timestamp:
-- 
cgit