From 6c8a9b95e0ed0d6ad9acf8075f0179c5d187e45c Mon Sep 17 00:00:00 2001
From: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Date: Fri, 1 Jul 2016 13:22:54 +0100
Subject: [PATCH] Update paste, policy and rootwrap configurations 2016-07-01

Change-Id: I66fe2bbd39657dd24f67ace8df45f40f741d000b
---
 templates/policy.json.j2 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/policy.json.j2 b/templates/policy.json.j2
index 797af24d..1e37bef0 100644
--- a/templates/policy.json.j2
+++ b/templates/policy.json.j2
@@ -28,7 +28,7 @@
     "identity:update_endpoint": "rule:admin_required",
     "identity:delete_endpoint": "rule:admin_required",
 
-    "identity:get_domain": "rule:admin_required",
+    "identity:get_domain": "rule:admin_required or token.project.domain.id:%(target.domain.id)s",
     "identity:list_domains": "rule:admin_required",
     "identity:create_domain": "rule:admin_required",
     "identity:update_domain": "rule:admin_required",
@@ -41,7 +41,7 @@
     "identity:update_project": "rule:admin_required",
     "identity:delete_project": "rule:admin_required",
 
-    "identity:get_user": "rule:admin_required",
+    "identity:get_user": "rule:admin_or_owner",
     "identity:list_users": "rule:admin_required",
     "identity:create_user": "rule:admin_required",
     "identity:update_user": "rule:admin_required",
@@ -173,8 +173,8 @@
     "identity:get_auth_projects": "",
     "identity:get_auth_domains": "",
 
-    "identity:list_projects_for_groups": "",
-    "identity:list_domains_for_groups": "",
+    "identity:list_projects_for_user": "",
+    "identity:list_domains_for_user": "",
 
     "identity:list_revoke_events": "",