diff options
author | Chris Behrens <cbehrens@codestud.com> | 2013-02-19 00:20:39 +0000 |
---|---|---|
committer | Chris Behrens <cbehrens@codestud.com> | 2013-02-20 20:39:01 +0000 |
commit | 6915ba0d7f737445b634fc5db67a8c7345d8b6d7 (patch) | |
tree | 138a2b43735544b9e9df452481b05a86efdc418c /nova/context.py | |
parent | cd9447f87290219003abebeae2cec1d2d7dbe544 (diff) | |
download | nova-6915ba0d7f737445b634fc5db67a8c7345d8b6d7.tar.gz |
Move some context checking code from sqlalchemy
Move some context related code from sqlalchemy into nova/context.py
where it can be used outside of sqlalchemy.
Change-Id: I6522a072132e27b42561435cb4fd671a2ece4867
Diffstat (limited to 'nova/context.py')
-rw-r--r-- | nova/context.py | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/nova/context.py b/nova/context.py index 60fd5b4c0c..831a91b11d 100644 --- a/nova/context.py +++ b/nova/context.py @@ -22,6 +22,7 @@ import copy import uuid +from nova import exception from nova.openstack.common import local from nova.openstack.common import log as logging from nova.openstack.common import timeutils @@ -166,3 +167,55 @@ def get_admin_context(read_deleted="no"): is_admin=True, read_deleted=read_deleted, overwrite=False) + + +def is_user_context(context): + """Indicates if the request context is a normal user.""" + if not context: + return False + if context.is_admin: + return False + if not context.user_id or not context.project_id: + return False + return True + + +def require_admin_context(ctxt): + """Raise exception.AdminRequired() if context is an admin context.""" + if not ctxt.is_admin: + raise exception.AdminRequired() + + +def require_context(ctxt): + """Raise exception.NotAuthorized() if context is not a user or an + admin context. + """ + if not ctxt.is_admin and not is_user_context(ctxt): + raise exception.NotAuthorized() + + +def authorize_project_context(context, project_id): + """Ensures a request has permission to access the given project.""" + if is_user_context(context): + if not context.project_id: + raise exception.NotAuthorized() + elif context.project_id != project_id: + raise exception.NotAuthorized() + + +def authorize_user_context(context, user_id): + """Ensures a request has permission to access the given user.""" + if is_user_context(context): + if not context.user_id: + raise exception.NotAuthorized() + elif context.user_id != user_id: + raise exception.NotAuthorized() + + +def authorize_quota_class_context(context, class_name): + """Ensures a request has permission to access the given quota class.""" + if is_user_context(context): + if not context.quota_class: + raise exception.NotAuthorized() + elif context.quota_class != class_name: + raise exception.NotAuthorized() |