Add request.environ[reseller_request] = True if request is coming from an user in .reseller_admin group

swauth/middleware.py

@@ -210,6 +210,8 @@ def __call__(self, env, start_response):
                     '%s,%s' % (user, 's3' if s3 else token)
                 env['swift.authorize'] = self.authorize
                 env['swift.clean_acl'] = clean_acl
+                if '.reseller_admin' in groups:
+                    env['reseller_request'] = True
             else:
                 # Unauthorized token
                 if self.reseller_prefix and token and \

test_swauth/unit/test_middleware.py

@@ -471,6 +471,15 @@ def test_authorize_acl_referrer_access(self):
         req.acl = '.r:.example.com,.rlistings'
         self.assertEquals(self.test_auth.authorize(req), None)
 
+    def test_detect_reseller_request(self):
+        req = self._make_request('/v1/AUTH_admin', 
+                                 headers={'X-Auth-Token': 'AUTH_t'})
+        cache_key = 'AUTH_/auth/AUTH_t'
+        cache_entry = (time()+3600, '.reseller_admin')
+        req.environ['swift.cache'].set(cache_key, cache_entry)
+        resp = req.get_response(self.test_auth)
+        self.assertTrue(req.environ.get('reseller_request'))
+
     def test_account_put_permissions(self):
         req = Request.blank('/v1/AUTH_new', environ={'REQUEST_METHOD': 'PUT'})
         req.remote_user = 'act:usr,act'