diff options
Diffstat (limited to 'keystone-moon/keystone/policy/backends')
-rw-r--r-- | keystone-moon/keystone/policy/backends/rules.py | 24 | ||||
-rw-r--r-- | keystone-moon/keystone/policy/backends/sql.py | 26 |
2 files changed, 21 insertions, 29 deletions
diff --git a/keystone-moon/keystone/policy/backends/rules.py b/keystone-moon/keystone/policy/backends/rules.py index a4150575..5a13287d 100644 --- a/keystone-moon/keystone/policy/backends/rules.py +++ b/keystone-moon/keystone/policy/backends/rules.py @@ -44,18 +44,18 @@ def init(): def enforce(credentials, action, target, do_raise=True): """Verifies that the action is valid on the target in this context. - :param credentials: user credentials - :param action: string representing the action to be checked, which - should be colon separated for clarity. - :param target: dictionary representing the object of the action - for object creation this should be a dictionary - representing the location of the object e.g. - {'project_id': object.project_id} - :raises: `exception.Forbidden` if verification fails. - - Actions should be colon separated for clarity. For example: - - * identity:list_users + :param credentials: user credentials + :param action: string representing the action to be checked, which should + be colon separated for clarity. + :param target: dictionary representing the object of the action for object + creation this should be a dictionary representing the + location of the object e.g. {'project_id': + object.project_id} + :raises keystone.exception.Forbidden: If verification fails. + + Actions should be colon separated for clarity. For example: + + * identity:list_users """ init() diff --git a/keystone-moon/keystone/policy/backends/sql.py b/keystone-moon/keystone/policy/backends/sql.py index b2cccd01..94763f0d 100644 --- a/keystone-moon/keystone/policy/backends/sql.py +++ b/keystone-moon/keystone/policy/backends/sql.py @@ -30,19 +30,16 @@ class Policy(rules.Policy): @sql.handle_conflicts(conflict_type='policy') def create_policy(self, policy_id, policy): - session = sql.get_session() - - with session.begin(): + with sql.session_for_write() as session: ref = PolicyModel.from_dict(policy) session.add(ref) - return ref.to_dict() + return ref.to_dict() def list_policies(self): - session = sql.get_session() - - refs = session.query(PolicyModel).all() - return [ref.to_dict() for ref in refs] + with sql.session_for_read() as session: + refs = session.query(PolicyModel).all() + return [ref.to_dict() for ref in refs] def _get_policy(self, session, policy_id): """Private method to get a policy model object (NOT a dictionary).""" @@ -52,15 +49,12 @@ class Policy(rules.Policy): return ref def get_policy(self, policy_id): - session = sql.get_session() - - return self._get_policy(session, policy_id).to_dict() + with sql.session_for_read() as session: + return self._get_policy(session, policy_id).to_dict() @sql.handle_conflicts(conflict_type='policy') def update_policy(self, policy_id, policy): - session = sql.get_session() - - with session.begin(): + with sql.session_for_write() as session: ref = self._get_policy(session, policy_id) old_dict = ref.to_dict() old_dict.update(policy) @@ -72,8 +66,6 @@ class Policy(rules.Policy): return ref.to_dict() def delete_policy(self, policy_id): - session = sql.get_session() - - with session.begin(): + with sql.session_for_write() as session: ref = self._get_policy(session, policy_id) session.delete(ref) |