def __init__(self, context, image, enforcer=None): """Image API policy module. :param context: The RequestContext :param image: The ImageProxy object in question, or a dict of image properties if no image is yet created or needed for authorization context. :param enforcer: The policy.Enforcer object to use for enforcement operations. If not provided (or None), the default enforcer will be selected. """ self._image = image if not self.is_created: # NOTE(danms): If we are being called with a dict of image # properties then we are testing policies that involve # creating an image or other image-related resources but # without a specific image for context. The target is a # dict of proposed image properties, similar to the # dict-like interface the ImageTarget provides over # a real Image object, with specific keys. target = {'project_id': image.get('owner', context.project_id), 'owner': image.get('owner', context.project_id), 'visibility': image.get('visibility', 'private')} else: target = policy.ImageTarget(image) super(ImageAPIPolicy, self).__init__(context, target, enforcer)
def _build_target(self): target = { "project_id": self._context.project_id } if self._image: target = policy.ImageTarget(self._image) return target
def _get_v2_image_metadata(self, request, image_id): """ Retrieves image and for v2 api and creates adapter like object to access image core or custom properties on request. """ db_api = glance.db.get_api() image_repo = glance.db.ImageRepo(request.context, db_api) try: image = image_repo.get(image_id) # Storing image object in request as it is required in # _process_v2_request call. request.environ['api.cache.image'] = image return policy.ImageTarget(image) except exception.NotFound as e: raise webob.exc.HTTPNotFound(explanation=e.msg, request=request)