diff options
Diffstat (limited to 'keystone/api')
-rw-r--r-- | keystone/api/trusts.py | 10 | ||||
-rw-r--r-- | keystone/api/users.py | 15 |
2 files changed, 6 insertions, 19 deletions
diff --git a/keystone/api/trusts.py b/keystone/api/trusts.py index 3c40d8c67..6c56fe1b0 100644 --- a/keystone/api/trusts.py +++ b/keystone/api/trusts.py @@ -228,11 +228,11 @@ class TrustResource(ks_flask.ResourceBase): # rule check_str is "" if isinstance(rules, op_checks.TrueCheck): LOG.warning( - "The policy check string for rule \"identity:list_trusts\" has been overridden" - "to \"always true\". In the next release, this will cause the" - "\"identity:list_trusts\" action to be fully permissive as hardcoded" - "enforcement will be removed. To correct this issue, either stop overriding the" - "\"identity:list_trusts\" rule in config to accept the defaults, or explicitly" + "The policy check string for rule \"identity:list_trusts\" has been overridden " + "to \"always true\". In the next release, this will cause the " + "\"identity:list_trusts\" action to be fully permissive as hardcoded " + "enforcement will be removed. To correct this issue, either stop overriding the " + "\"identity:list_trusts\" rule in config to accept the defaults, or explicitly " "set a rule that is not empty." ) if not flask.request.args: diff --git a/keystone/api/users.py b/keystone/api/users.py index 2e09f4b9a..b5938b17a 100644 --- a/keystone/api/users.py +++ b/keystone/api/users.py @@ -287,19 +287,6 @@ class UserGroupsResource(ks_flask.ResourceBase): get_member_from_driver = PROVIDERS.deferred_provider_lookup( api='identity_api', method='get_group') - @staticmethod - def _built_target_attr_enforcement(): - ref = None - if flask.request.view_args: - try: - ref = {'user': PROVIDERS.identity_api.get_user( - flask.request.view_args.get('user_id'))} - except ks_exception.NotFound: # nosec - # Defer existence in the event the user doesn't exist, we'll - # check this later anyway. - pass - return ref - def get(self, user_id): """Get groups for a user. @@ -308,7 +295,7 @@ class UserGroupsResource(ks_flask.ResourceBase): filters = ('name',) hints = self.build_driver_hints(filters) ENFORCER.enforce_call(action='identity:list_groups_for_user', - build_target=self._built_target_attr_enforcement, + build_target=_build_user_target_enforcement, filters=filters) refs = PROVIDERS.identity_api.list_groups_for_user(user_id=user_id, hints=hints) |