summaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/contrib
diff options
context:
space:
mode:
authorRuan HE <ruan.he@orange.com>2015-07-27 16:26:23 +0000
committerGerrit Code Review <gerrit@172.30.200.206>2015-07-27 16:26:23 +0000
commit9674fded2949f57057603e68e8079800d0effe14 (patch)
tree8766eae928d9011ee0393502916bd9553dde6fcc /keystone-moon/keystone/contrib
parent9c4b77f8563e4781631ad29d1cf41626e665fc09 (diff)
parenta37d21fd1c5176b445d6e0159521c66d11759e4f (diff)
Merge "Add more log in authz function. (untested)"
Diffstat (limited to 'keystone-moon/keystone/contrib')
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py9
1 files changed, 5 insertions, 4 deletions
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index f69da788..322c53fb 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -437,6 +437,7 @@ class IntraExtensionManager(manager.Manager):
"""
authz_buffer = self.__get_authz_buffer(intra_extension_id, subject_id, object_id, action_id)
decision_buffer = dict()
+ decision = False
meta_rule_dict = self.driver.get_sub_meta_rules_dict(intra_extension_id)
@@ -453,9 +454,10 @@ class IntraExtensionManager(manager.Manager):
self.driver.get_rules_dict(intra_extension_id, sub_meta_rule_id).values())
if meta_rule_dict['aggregation'] == 'all_true':
- return all_true(decision_buffer)
-
- return False
+ decision = all_true(decision_buffer)
+ if not decision:
+ raise AuthzException()
+ return decision
@enforce("read", "intra_extensions")
def get_intra_extensions_dict(self, user_id):
@@ -1567,7 +1569,6 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
super(IntraExtensionAuthzManager, self).__init__()
def authz(self, tenant_name, subject_name, object_name, action_name, genre="authz"):
- # TODO (dthom) add moon log
"""Check authorization for a particular action.
:return: True or False or raise an exception
"""