def before_delete(self, resource): if resource.port == 0: # FIXME(dhellmann): This will apply if the user creates # any of their own aliases with a zero port. raise exceptions.PolicyNotAuthorized( action='modification of system port aliases.' ) return super(PortaliasResource, self).before_delete(resource)
def update(self, context, resource, resource_dict): if resource.name == 'Any': raise exceptions.PolicyNotAuthorized( action='modification of system address groups') return super(AddressGroupResource, self).update( context, resource, resource_dict, )
def create(self, context, tenant_id, body): if body.get('name', '').lower() == 'any': raise exceptions.PolicyNotAuthorized( action='creation of wildcard address groups') return super(AddressGroupResource, self).create( context, tenant_id, body, )
def create(self, context, tenant_id, body): if body.get('port') == 0: # FIXME(dhellmann): This will apply if the user creates # any of their own aliases with a zero port. raise exceptions.PolicyNotAuthorized( action='creation of wildcard port aliases' ) return super(PortaliasResource, self).create(context, tenant_id, body )
def update(self, context, resource, resource_dict): if resource.port == 0: # FIXME(dhellmann): This will apply if the user creates # any of their own aliases with a zero port. raise exceptions.PolicyNotAuthorized( action='deletion of system port aliases.' ) return super(PortaliasResource, self).update(context, resource, resource_dict, )
def enforce(context, action, target, plugin=None): """Verifies that the action is valid on the target in this context. :param context: neutron context :param action: string representing the action to be checked this should be colon separated for clarity. :param target: dictionary representing the object of the action for object creation this should be a dictionary representing the location of the object e.g. ``{'project_id': context.project_id}`` :param plugin: currently unused and deprecated. Kept for backward compatibility. :raises neutron.exceptions.PolicyNotAuthorized: if verification fails. """ rule, target, credentials = _prepare_check(context, action, target) result = policy.check(rule, target, credentials, action=action) if not result: LOG.debug(_("Failed policy check for '%s'"), action) raise exceptions.PolicyNotAuthorized(action=action) return result
def before_delete(self, resource): if resource.name == 'Any': raise exceptions.PolicyNotAuthorized( action='modification of system address groups') return super(AddressGroupResource, self).before_delete(resource)