If the context roles do not match the configured admin_role,
fall back to determining if admin via the "context_is_admin"
RBAC policy rule (for consistency with the approach used by
the other projects).
Note this requires that the "context_is_admin" rule *must*
be set in the policy.json if the out-of-the-box default rule
is used (as this default is so open, the net effect of omitting
the "context_is_admin" rule is for every request to acquire
admin status).
Reviewed: https:/ /review. openstack. org/28048 github. com/openstack/ glance/ commit/ cc938e25f3babd8 aa1299ae75cc5fa 2cf24a00a0
Committed: http://
Submitter: Jenkins
Branch: master
commit cc938e25f3babd8 aa1299ae75cc5fa 2cf24a00a0
Author: Eoghan Glynn <email address hidden>
Date: Wed May 1 15:41:53 2013 +0000
Use RBAC policy to determine if context is admin.
Fixes bug 1152716
If the context roles do not match the configured admin_role,
fall back to determining if admin via the "context_is_admin"
RBAC policy rule (for consistency with the approach used by
the other projects).
Note this requires that the "context_is_admin" rule *must*
be set in the policy.json if the out-of-the-box default rule
is used (as this default is so open, the net effect of omitting
the "context_is_admin" rule is for every request to acquire
admin status).
Change-Id: Ide2cf604b48f24 bd759ce2d65091f f546cd9d22e