From 5438d3b5a219d7c8fa67e66e538d325a61617155 Mon Sep 17 00:00:00 2001
From: Dolph Mathews <dolph.mathews@gmail.com>
Date: Thu, 23 Aug 2012 07:39:20 -0500
Subject: [PATCH] Require authz to update user's tenant (bug 1040626)

Change-Id: I82f80b84af2bc4db00b3dcb87a2ec338816a82e9
---
 keystone/identity/core.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/keystone/identity/core.py b/keystone/identity/core.py
index a0704f1216..db3ce31eae 100644
--- a/keystone/identity/core.py
+++ b/keystone/identity/core.py
@@ -436,6 +436,7 @@ def set_user_password(self, context, user_id, user):
 
     def update_user_tenant(self, context, user_id, user):
         """Update the default tenant."""
+        self.assert_admin(context)
         # ensure that we're a member of that tenant
         tenant_id = user.get('tenantId')
         self.identity_api.add_user_to_tenant(context, tenant_id, user_id)