summaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone
diff options
context:
space:
mode:
authorRuan HE <ruan.he@orange.com>2015-07-27 16:27:08 +0000
committerGerrit Code Review <gerrit@172.30.200.206>2015-07-27 16:27:08 +0000
commit77a542ffc98330cd907e0a541cbf0a8673905122 (patch)
tree64a34f784e22d9df182c48d7ab1d49495abdf4fc /keystone-moon/keystone
parent9674fded2949f57057603e68e8079800d0effe14 (diff)
parentef8c330cd984684c91a569aebfdc4c8bc192d826 (diff)
Merge "Add, del, set subjects in both IntraAuthzExtension, IntraAdminExtension. (untested)"
Diffstat (limited to 'keystone-moon/keystone')
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py70
1 files changed, 58 insertions, 12 deletions
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index 322c53fb..6f4ba4f2 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -1607,16 +1607,39 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
return super(IntraExtensionAuthzManager, self).authz(intra_extension_id, subject_id, object_id, action_id)
def add_subject_dict(self, user_id, intra_extension_id, subject_dict):
- # TODO: sync with intra_admin_extension subjects table, need double check in both authz and admin
- return
+ subject = super(IntraExtensionAuthzManager, self).set_subject_dict(user_id, intra_extension_id, subject_dict)
+ tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID)
+ for tenant_id in tenants_dict:
+ if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
+ self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_admin_extension_id"], subject['id'], subject_dict)
+ break
+ if tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id:
+ self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_authz_extension_id"], subject['id'], subject_dict)
+ break
+ return subject
def del_subject(self, user_id, intra_extension_id, subject_id):
- # TODO: sync with intra_admin_extension subjects table, need double check in both authz and admin
- pass
+ super(IntraExtensionAuthzManager, self).del_subject(user_id, intra_extension_id, subject_id)
+ tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID)
+ for tenant_id in tenants_dict:
+ if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
+ self.driver.del_subject(tenants_dict[tenant_id]["intra_admin_extension_id"], subject_id)
+ break
+ if tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id:
+ self.driver.del_subject(tenants_dict[tenant_id]["intra_authz_extension_id"], subject_id)
+ break
def set_subject_dict(self, user_id, intra_extension_id, subject_id, subject_dict):
- # TODO: sync with intra_admin_extension subjects table, need double check in both authz and admin
- return
+ subject = super(IntraExtensionAuthzManager, self).set_subject_dict(user_id, intra_extension_id, subject_dict)
+ tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID)
+ for tenant_id in tenants_dict:
+ if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
+ self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_admin_extension_id"], subject['id'], subject_dict)
+ break
+ if tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id:
+ self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_authz_extension_id"], subject['id'], subject_dict)
+ break
+ return subject
# TODO: for other no heritaged functions, add raise AuthzException()
@@ -1629,16 +1652,39 @@ class IntraExtensionAdminManager(IntraExtensionManager):
super(IntraExtensionAdminManager, self).__init__()
def add_subject_dict(self, user_id, intra_extension_id, subject_dict):
- # TODO: sync with intra_authz_extension subjects table, need double check in both authz and admin
- return
+ subject = super(IntraExtensionAdminManager, self).set_subject_dict(user_id, intra_extension_id, subject_dict)
+ tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID)
+ for tenant_id in tenants_dict:
+ if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
+ self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_admin_extension_id"], subject['id'], subject_dict)
+ break
+ if tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id:
+ self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_authz_extension_id"], subject['id'], subject_dict)
+ break
+ return subject
def del_subject(self, user_id, intra_extension_id, subject_id):
- # TODO: sync with intra_authz_extension subjects table, need double check in both authz and admin
- pass
+ super(IntraExtensionAdminManager, self).del_subject(user_id, intra_extension_id, subject_id)
+ tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID)
+ for tenant_id in tenants_dict:
+ if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
+ self.driver.del_subject(tenants_dict[tenant_id]["intra_admin_extension_id"], subject_id)
+ break
+ if tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id:
+ self.driver.del_subject(tenants_dict[tenant_id]["intra_authz_extension_id"], subject_id)
+ break
def set_subject_dict(self, user_id, intra_extension_id, subject_id, subject_dict):
- # TODO: sync with intra_authz_extension subjects table, need double check in both authz and admin
- return
+ subject = super(IntraExtensionAdminManager, self).set_subject_dict(user_id, intra_extension_id, subject_dict)
+ tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID)
+ for tenant_id in tenants_dict:
+ if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id:
+ self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_admin_extension_id"], subject['id'], subject_dict)
+ break
+ if tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id:
+ self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_authz_extension_id"], subject['id'], subject_dict)
+ break
+ return subject
def add_object_dict(self, user_id, intra_extension_id, object_name):
raise ObjectsWriteNoAuthorized()