diff options
Diffstat (limited to 'nova/context.py')
-rw-r--r-- | nova/context.py | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/nova/context.py b/nova/context.py index 93271d07d7..ae0d9b51fd 100644 --- a/nova/context.py +++ b/nova/context.py @@ -47,7 +47,7 @@ class RequestContext(object): def __init__(self, user_id, project_id, is_admin=None, read_deleted="no", roles=None, remote_address=None, timestamp=None, request_id=None, auth_token=None, overwrite=True, - user_name=None, project_name=None, + quota_class=None, user_name=None, project_name=None, service_catalog=None, instance_lock_checked=False, **kwargs): """:param read_deleted: 'no' indicates deleted records are hidden, 'yes' indicates deleted records are visible, @@ -89,6 +89,10 @@ class RequestContext(object): self.instance_lock_checked = instance_lock_checked + # NOTE(markmc): this attribute is currently only used by the + # rs_limits turnstile pre-processor. + # See https://lists.launchpad.net/openstack/msg12200.html + self.quota_class = quota_class self.user_name = user_name self.project_name = project_name self.is_admin = is_admin @@ -125,6 +129,7 @@ class RequestContext(object): 'timestamp': timeutils.strtime(self.timestamp), 'request_id': self.request_id, 'auth_token': self.auth_token, + 'quota_class': self.quota_class, 'user_name': self.user_name, 'service_catalog': self.service_catalog, 'project_name': self.project_name, @@ -214,3 +219,12 @@ def authorize_user_context(context, user_id): raise exception.Forbidden() elif context.user_id != user_id: raise exception.Forbidden() + + +def authorize_quota_class_context(context, class_name): + """Ensures a request has permission to access the given quota class.""" + if is_user_context(context): + if not context.quota_class: + raise exception.Forbidden() + elif context.quota_class != class_name: + raise exception.Forbidden() |