Without the change, the method fetched all assignments for a project
or domain, regardless of who has the assignment, user or group. This
led to situation when federated user without groups could scope a token
with other user's rules.
Return empty list of assignments if no groups were passed.
Closes-Bug: 1677723
Change-Id: I65f5be915bef2f979e70b043bde27064e970349d
(cherry picked from commit 2139639eeabc8f6941f4461fc87d609cde3118c2)
Reviewed: https:/ /review. openstack. org/459713 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=05a129e5457 3b6cbda1ec095f4 526f2b9ba90a90
Committed: https:/
Submitter: Jenkins
Branch: stable/newton
commit 05a129e54573b6c bda1ec095f4526f 2b9ba90a90
Author: Boris Bobrov <email address hidden>
Date: Tue Apr 25 14:20:36 2017 +0000
Do not fetch group assignments without groups
Without the change, the method fetched all assignments for a project
or domain, regardless of who has the assignment, user or group. This
led to situation when federated user without groups could scope a token
with other user's rules.
Return empty list of assignments if no groups were passed.
Closes-Bug: 1677723 979e70b043bde27 064e970349d 941f4461fc87d60 9cde3118c2)
Change-Id: I65f5be915bef2f
(cherry picked from commit 2139639eeabc8f6