Pass the actual target in quota class policy

Currently if target is not passed in context.can(),
it use defauls target which is context.user_id, context.project_id.
These defaults target are not useful as it pass the
context's user_id and project_id only which means we tell
oslo policy to verify the context data with context data.

This commit pass the actual target for quota class policies
which is empty dict because policy rule is system scoped rather
than project, so the token scope check deals with the required
target checking.

Partial implement blueprint policy-defaults-refresh

Change-Id: I37a78180cfc67515e5a6485b91d541ec269904f5

1 files changed, 2 insertions, 2 deletions

diff --git a/nova/api/openstack/compute/quota_classes.py b/nova/api/openstack/compute/quota_classes.py
index 6ad7f43af7..0077ff9158 100644
--- a/nova/api/openstack/compute/quota_classes.py
+++ b/nova/api/openstack/compute/quota_classes.py
@@ -93,7 +93,7 @@ class QuotaClassSetsController(wsgi.Controller):
     def _show(self, req, id, filtered_quotas=None,
               exclude_server_groups=False):
         context = req.environ['nova.context']
-        context.can(qcs_policies.POLICY_ROOT % 'show', {'quota_class': id})
+        context.can(qcs_policies.POLICY_ROOT % 'show', target={})
         values = QUOTAS.get_class_quotas(context, id)
         return self._format_quota_set(id, values, filtered_quotas,
                                       exclude_server_groups)
@@ -119,7 +119,7 @@ class QuotaClassSetsController(wsgi.Controller):
     def _update(self, req, id, body, filtered_quotas=None,
                 exclude_server_groups=False):
         context = req.environ['nova.context']
-        context.can(qcs_policies.POLICY_ROOT % 'update', {'quota_class': id})
+        context.can(qcs_policies.POLICY_ROOT % 'update', target={})
         try:
             utils.check_string_length(id, 'quota_class_name',
                                       min_length=1, max_length=255)