def _is_visible(self, context, attr_name, data): action = "%s:%s" % (self._plugin_handlers[self.SHOW], attr_name) # Optimistically init authz_check to True authz_check = True try: attr = (attributes.RESOURCE_ATTRIBUTE_MAP[self._collection].get( attr_name)) if attr and attr.get('enforce_policy'): authz_check = policy.check_if_exists(context, action, data) except KeyError: # The extension was not configured for adding its resources # to the global resource attribute map. Policy check should # not be performed LOG.debug( _("The resource %(resource)s was not found in the " "RESOURCE_ATTRIBUTE_MAP; unable to perform authZ " "check for attribute %(attr)s"), { 'resource': self._collection, 'attr': attr_name }) except exceptions.PolicyRuleNotFound: # Just ignore the exception. Do not even log it, as this will add # a lot of unnecessary info in the log (and take time as well to # write info to the logger) pass attr_val = self._attr_info.get(attr_name) return attr_val and attr_val['is_visible'] and authz_check
def _is_visible(self, context, attr_name, data): action = "%s:%s" % (self._plugin_handlers[self.SHOW], attr_name) # Optimistically init authz_check to True authz_check = True try: attr = (attributes.RESOURCE_ATTRIBUTE_MAP [self._collection].get(attr_name)) if attr and attr.get('enforce_policy'): authz_check = policy.check_if_exists( context, action, data) except KeyError: # The extension was not configured for adding its resources # to the global resource attribute map. Policy check should # not be performed LOG.debug(_("The resource %(resource)s was not found in the " "RESOURCE_ATTRIBUTE_MAP; unable to perform authZ " "check for attribute %(attr)s"), {'resource': self._collection, 'attr': attr_name}) except exceptions.PolicyRuleNotFound: LOG.debug(_("Policy rule:%(action)s not found. Assuming no " "authZ check is defined for %(attr)s"), {'action': action, 'attr': attr_name}) attr_val = self._attr_info.get(attr_name) return attr_val and attr_val['is_visible'] and authz_check
def _is_visible(self, context, attr_name, data): action = "%s:%s" % (self._plugin_handlers[self.SHOW], attr_name) # Optimistically init authz_check to True authz_check = True try: attr = attributes.RESOURCE_ATTRIBUTE_MAP[self._collection].get(attr_name) if attr and attr.get("enforce_policy"): authz_check = policy.check_if_exists(context, action, data) except KeyError: # The extension was not configured for adding its resources # to the global resource attribute map. Policy check should # not be performed LOG.debug( _( "The resource %(resource)s was not found in the " "RESOURCE_ATTRIBUTE_MAP; unable to perform authZ " "check for attribute %(attr)s" ), {"resource": self._collection, "attr": attr_name}, ) except exceptions.PolicyRuleNotFound: # Just ignore the exception. Do not even log it, as this will add # a lot of unnecessary info in the log (and take time as well to # write info to the logger) pass attr_val = self._attr_info.get(attr_name) return attr_val and attr_val["is_visible"] and authz_check