diff options
Diffstat (limited to 'glance/api/v2/policy.py')
-rw-r--r-- | glance/api/v2/policy.py | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/glance/api/v2/policy.py b/glance/api/v2/policy.py index 8ad404647..bce036cb5 100644 --- a/glance/api/v2/policy.py +++ b/glance/api/v2/policy.py @@ -225,7 +225,8 @@ class ImageAPIPolicy(APIPolicyBase): self._enforce('delete_image_location') # TODO(danms): Remove this legacy fallback when secure RBAC # replaces the legacy policy. - if not CONF.enforce_secure_rbac: + if not (CONF.oslo_policy.enforce_new_defaults or + CONF.oslo_policy.enforce_scope): check_is_image_mutable(self._context, self._image) def get_image_location(self): @@ -247,7 +248,8 @@ class ImageAPIPolicy(APIPolicyBase): raise if 'visibility' in self._target: self._enforce_visibility(self._target['visibility']) - if not CONF.enforce_secure_rbac: + if not (CONF.oslo_policy.enforce_new_defaults or + CONF.oslo_policy.enforce_scope): check_admin_or_same_owner(self._context, self._target) def get_image(self): @@ -260,14 +262,16 @@ class ImageAPIPolicy(APIPolicyBase): self._enforce('delete_image') # TODO(danms): Remove this legacy fallback when secure RBAC # replaces the legacy policy. - if not CONF.enforce_secure_rbac: + if not (CONF.oslo_policy.enforce_new_defaults or + CONF.oslo_policy.enforce_scope): check_is_image_mutable(self._context, self._image) def upload_image(self): self._enforce('upload_image') # TODO(danms): Remove this legacy fallback when secure RBAC # replaces the legacy policy. - if not CONF.enforce_secure_rbac: + if not (CONF.oslo_policy.enforce_new_defaults or + CONF.oslo_policy.enforce_scope): check_is_image_mutable(self._context, self._image) def download_image(self): @@ -277,21 +281,24 @@ class ImageAPIPolicy(APIPolicyBase): self._enforce('modify_image') # TODO(danms): Remove this legacy fallback when secure RBAC # replaces the legacy policy. - if not CONF.enforce_secure_rbac: + if not (CONF.oslo_policy.enforce_new_defaults or + CONF.oslo_policy.enforce_scope): check_is_image_mutable(self._context, self._image) def deactivate_image(self): self._enforce('deactivate') # TODO(danms): Remove this legacy fallback when secure RBAC # replaces the legacy policy. - if not CONF.enforce_secure_rbac: + if not (CONF.oslo_policy.enforce_new_defaults or + CONF.oslo_policy.enforce_scope): check_is_image_mutable(self._context, self._image) def reactivate_image(self): self._enforce('reactivate') # TODO(danms): Remove this legacy fallback when secure RBAC # replaces the legacy policy. - if not CONF.enforce_secure_rbac: + if not (CONF.oslo_policy.enforce_new_defaults or + CONF.oslo_policy.enforce_scope): check_is_image_mutable(self._context, self._image) def copy_image(self): |