On Thu, Nov 21, 2013 at 12:37 PM, Sylvain Bauza <sylvain.ba...@bull.net>wrote:
> Hi Yuriy, Dolph et al. > > I'm implementing a climate.policy.check_is_admin(ctx) which will look at > policy.json entry 'context_is_admin' for knowing which roles do have > elevated rights for Climate. > > This check must be called when creating a context for knowing if we can > allow extra rights. The is_admin flag is pretty handsome because it can be > triggered upon that check. > > If we say that one is bad, how should we manage that ? > > -Sylvain > There should be no need for is_admin and some special policy rule like "context_is_admin". Every action that might require granular access control (for controllers it should be every action at all, I guess) should call enforce() from openstack.common.policy to check appropriate rule in policy.json. Rules for actions that require user to be admin should contain a reference to some basic rule like "admin_required" in Keystone (see https://github.com/openstack/keystone/blob/master/etc/policy.json). We should not check from code if the user is an admin. We should always ask openstack.common.policy if the user have access to the action. -- Kind regards, Yuriy.
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
