From: asteroide Date: Mon, 27 Jul 2015 14:58:49 +0000 (+0200) Subject: Add more log in authz function. (untested) X-Git-Tag: colorado.1.0~187^2 X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F81%2F1081%2F1;p=moon.git Add more log in authz function. (untested) Change-Id: Iae7323a1865bc61f72107e9e8521c6d1a237ccb6 --- diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index e7d606c6..daf6cd28 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -396,6 +396,7 @@ class IntraExtensionManager(manager.Manager): """ authz_buffer = self.__get_authz_buffer(intra_extension_id, subject_id, object_id, action_id) decision_buffer = dict() + decision = False meta_rule_dict = self.driver.get_sub_meta_rules_dict(intra_extension_id) @@ -412,9 +413,10 @@ class IntraExtensionManager(manager.Manager): self.driver.get_rules_dict(intra_extension_id, sub_meta_rule_id).values()) if meta_rule_dict['aggregation'] == 'all_true': - return all_true(decision_buffer) - - return False + decision = all_true(decision_buffer) + if not decision: + raise AuthzException() + return decision @enforce("read", "intra_extensions") def get_intra_extensions_dict(self, user_id): @@ -1499,7 +1501,6 @@ class IntraExtensionAuthzManager(IntraExtensionManager): super(IntraExtensionAuthzManager, self).__init__() def authz(self, tenant_name, subject_name, object_name, action_name, genre="authz"): - # TODO (dthom) add moon log """Check authorization for a particular action. :return: True or False or raise an exception """