def wrapper(*args, **kwargs):
if is_admin_context(args[0]):
return f(*args, **kwargs)
elif is_project_admin_context(args[0]):
return f(*args, **kwargs)
else:
raise exceptions.AdminRequired()
def wrapper(*args, **kwargs):
# NOTE(thomasem): Standard order of arguments for generic resources
# methods is (context, resources, ...), so args[0] is always
# context and args[1] is always resources.
context = args[0]
resources = args[1]
permissions = {
CRUD.CREATE: {
'projects': is_project_admin_context(context),
},
CRUD.READ: {
'projects': is_project_admin_context(context),
},
CRUD.UPDATE: {
'projects': is_project_admin_context(context),
},
CRUD.DELETE: {
'projects': is_project_admin_context(context),
}
}
# NOTE(thomasem): Default to True unless otherwise specified in
# permissions dict.
if permissions[action].get(resources, True):
return fn(*args, **kwargs)
else:
raise exceptions.AdminRequired()
def test_users_get_no_admin_fails(self, mock_user):
mock_user.side_effect = exceptions.AdminRequired()
resp = self.get('v1/users')
self.assertEqual(resp.status_code, 401)
def wrapper(*args, **kwargs):
if not is_admin_context(args[0]):
raise exceptions.AdminRequired()
return f(*args, **kwargs)
