Remove Authorization Code from functions and put it in a Decorator

Registered by Ziad Sawalha on 2012-01-03

In order to continue cleaning up the Keystone code, we need to move the authorization checks for ADMIN and SERVICE ADMIN roles out of all the function calls in logic/service.py and reimplement as a decorator and/or middleware.

Potentially implement a context object to hold call data like other projects do.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Medium
Drafter:
Ziad Sawalha
Direction:
Needs approval
Assignee:
Ed Leafe
Definition:
Drafting
Series goal:
Accepted for essex
Implementation:
Implemented
Milestone target:
milestone icon 2012.1
Started by
Ed Leafe on 2012-01-05
Completed by
Joe Savak on 2012-01-16

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/keystone-internal-authorization,n,z

Addressed by: https://review.openstack.org/2851
    Implemented decorators to admin and service_admin checks BP: keystone-internal-authorization

Addressed by: https://review.openstack.org/2937
    Created skeleton for the context middleware.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.