diff --git a/src/api-lib/vnc_api.py b/src/api-lib/vnc_api.py index 755ea7c2f69..caf674289d9 100644 --- a/src/api-lib/vnc_api.py +++ b/src/api-lib/vnc_api.py @@ -912,6 +912,7 @@ def _request(self, op, url, data=None, retry_on_error=True, if user_token: headers = self._headers.copy() headers['X-AUTH-TOKEN'] = user_token + retry_after_authn = True try: if (op == rest.OP_GET): (status, content) = self._http_get( diff --git a/src/opserver/opserver.py b/src/opserver/opserver.py index 114ca283420..78227f7885a 100644 --- a/src/opserver/opserver.py +++ b/src/opserver/opserver.py @@ -441,6 +441,7 @@ def _impl(self, *f_args, **f_kwargs): headers = self._reject_auth_headers()) else: bottle.request.is_role_cloud_admin = is_cloud_admin + bottle.request.user_token = user_token bottle.request.user_token_info = user_token_info if only_cloud_admin and not is_cloud_admin: raise bottle.HTTPResponse(status = 401, @@ -470,6 +471,12 @@ def get_user_token_info(self, token_info): return None # end get_user_token_info + def get_user_token(self): + if self._args.auth_conf_info.get('aaa_auth_enabled') and \ + bottle.request.app == bottle.app(): + return bottle.request.user_token + # end get_user_token + """ returns the list of resources for which user has permissions returns None if user is cloud-admin or if mode is no-auth @@ -493,7 +500,7 @@ def get_resource_list(self, obj_type): if self._args.aaa_mode == AAA_MODE_RBAC and \ bottle.request.app == bottle.app(): res_list = self._vnc_api_client.get_resource_list(obj_type,\ - user_token) + self.get_user_token()) if res_list is None: return None user_accessible_resources = set()