33 lines
1.0 KiB
Python
33 lines
1.0 KiB
Python
from keystoneclient.v2_0 import client
|
|
from flask import request
|
|
import flask_restful
|
|
|
|
|
|
def validate_user_in_tenancy(tenant_id):
|
|
headers = request.headers
|
|
if 'user_id' in headers:
|
|
user_id = headers['user_id']
|
|
endpoint = "http://0.0.0.0:35357/v2.0" # MAJOR TODO
|
|
admin_token = "bob" # MAJOR TODO
|
|
keystone = client.Client(token=admin_token, endpoint=endpoint)
|
|
tenant = keystone.tenants.get(tenant_id)
|
|
for user in tenant.list_users():
|
|
if user.id == user_id:
|
|
return True
|
|
return False
|
|
else:
|
|
flask_restful.abort(403, message=("'user_id' and 'tenant_id' are" +
|
|
"required values."))
|
|
|
|
|
|
def keystone_auth_decorator(func):
|
|
|
|
def wrapper(*args, **kwargs):
|
|
if validate_user_in_tenancy(kwargs['id']):
|
|
return func(*args, **kwargs)
|
|
else:
|
|
flask_restful.abort(403, message=("User does not have access" +
|
|
"to this tenant."))
|
|
|
|
return wrapper
|