Without the change, the method fetched all assignments for a project
or domain, regardless of who has the assignment, user or group. This
led to situation when federated user without groups could scope a token
with other user's rules.
Return empty list of assignments if no groups were passed.
Reviewed: https:/ /review. openstack. org/459705 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=2139639eeab c8f6941f4461fc8 7d609cde3118c2
Committed: https:/
Submitter: Jenkins
Branch: master
commit 2139639eeabc8f6 941f4461fc87d60 9cde3118c2
Author: Boris Bobrov <email address hidden>
Date: Tue Apr 25 13:57:16 2017 +0000
Do not fetch group assignments without groups
Without the change, the method fetched all assignments for a project
or domain, regardless of who has the assignment, user or group. This
led to situation when federated user without groups could scope a token
with other user's rules.
Return empty list of assignments if no groups were passed.
Closes-Bug: 1677723 979e70b043bde27 064e970349d
Change-Id: I65f5be915bef2f