Skip to content

Loading…

Add request.environ[reseller_request] = True if request is coming from an user in .reseller_admin group #50

Merged
merged 2 commits into from

2 participants

@cschwede

I added this to openstack/swift for tempauth & keystone already, this is the patch for swauth. It sets request.environ[reseller_request] = True if the request is coming from an user in .reseller_admin group which can be used by other middlewares. Currently the account_quota middleware makes use of this.

@gholt gholt merged commit ead78c7 into gholt:master
@gholt
Owner

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 8, 2013
  1. @cschwede
Commits on Apr 3, 2013
  1. @cschwede
Showing with 11 additions and 0 deletions.
  1. +2 −0 swauth/middleware.py
  2. +9 −0 test_swauth/unit/test_middleware.py
View
2 swauth/middleware.py
@@ -210,6 +210,8 @@ def __call__(self, env, start_response):
'%s,%s' % (user, 's3' if s3 else token)
env['swift.authorize'] = self.authorize
env['swift.clean_acl'] = clean_acl
+ if '.reseller_admin' in groups:
+ env['reseller_request'] = True
else:
# Unauthorized token
if self.reseller_prefix and token and \
View
9 test_swauth/unit/test_middleware.py
@@ -471,6 +471,15 @@ def test_authorize_acl_referrer_access(self):
req.acl = '.r:.example.com,.rlistings'
self.assertEquals(self.test_auth.authorize(req), None)
+ def test_detect_reseller_request(self):
+ req = self._make_request('/v1/AUTH_admin',
+ headers={'X-Auth-Token': 'AUTH_t'})
+ cache_key = 'AUTH_/auth/AUTH_t'
+ cache_entry = (time()+3600, '.reseller_admin')
+ req.environ['swift.cache'].set(cache_key, cache_entry)
+ resp = req.get_response(self.test_auth)
+ self.assertTrue(req.environ.get('reseller_request'))
+
def test_account_put_permissions(self):
req = Request.blank('/v1/AUTH_new', environ={'REQUEST_METHOD': 'PUT'})
req.remote_user = 'act:usr,act'
Something went wrong with that request. Please try again.