summaryrefslogtreecommitdiff
path: root/keystone/models/token_model.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystone/models/token_model.py')
-rw-r--r--keystone/models/token_model.py18
1 files changed, 18 insertions, 0 deletions
diff --git a/keystone/models/token_model.py b/keystone/models/token_model.py
index 077f138b2..4b308d62a 100644
--- a/keystone/models/token_model.py
+++ b/keystone/models/token_model.py
@@ -13,6 +13,7 @@
"""Unified in-memory token model."""
from oslo_log import log
+from oslo_serialization import jsonutils
from oslo_serialization import msgpackutils
from oslo_utils import reflection
import six
@@ -328,6 +329,21 @@ class TokenModel(object):
return roles
+ def _get_oauth_roles(self):
+ roles = []
+ access_token_roles = self.access_token['role_ids']
+ access_token_roles = [
+ {'role_id': r} for r in jsonutils.loads(access_token_roles)]
+ effective_access_token_roles = (
+ PROVIDERS.assignment_api.add_implied_roles(access_token_roles)
+ )
+ user_roles = [r['id'] for r in self._get_project_roles()]
+ for role in effective_access_token_roles:
+ if role['role_id'] in user_roles:
+ role = PROVIDERS.role_api.get_role(role['role_id'])
+ roles.append({'id': role['id'], 'name': role['name']})
+ return roles
+
def _get_federated_roles(self):
roles = []
group_ids = [group['id'] for group in self.federated_groups]
@@ -431,6 +447,8 @@ class TokenModel(object):
roles = self._get_system_roles()
elif self.trust_scoped:
roles = self._get_trust_roles()
+ elif self.oauth_scoped:
+ roles = self._get_oauth_roles()
elif self.is_federated and not self.unscoped:
roles = self._get_federated_roles()
elif self.domain_scoped:
View Lorry Controller Status