Without the change, the method fetched all assignments for a project
or domain, regardless of who has the assignment, user or group. This
led to situation when federated user without groups could scope a token
with other user's rules.
Return empty list of assignments if no groups were passed.
Closes-Bug: 1677723
Change-Id: I65f5be915bef2f979e70b043bde27064e970349d
(cherry picked from commit 2139639eeabc8f6941f4461fc87d609cde3118c2)
Reviewed: https:/ /review. openstack. org/459732 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=955fd6ca375 8e217d9d9848085 2e0014dc11e988
Committed: https:/
Submitter: Jenkins
Branch: stable/ocata
commit 955fd6ca3758e21 7d9d98480852e00 14dc11e988
Author: Boris Bobrov <email address hidden>
Date: Tue Apr 25 14:36:12 2017 +0000
Do not fetch group assignments without groups
Without the change, the method fetched all assignments for a project
or domain, regardless of who has the assignment, user or group. This
led to situation when federated user without groups could scope a token
with other user's rules.
Return empty list of assignments if no groups were passed.
Closes-Bug: 1677723 979e70b043bde27 064e970349d 941f4461fc87d60 9cde3118c2)
Change-Id: I65f5be915bef2f
(cherry picked from commit 2139639eeabc8f6