Move default policy target

Move default target from context.can() into policy.authorize() so
it is easier to unit test the context behaviour.

This was not done originally due to this meaning placement avoided the
strange default target, but that is no longer required.

Change-Id: I23c433dcd459e7f930ac2eb8a3583c857836cae2

1 files changed, 2 insertions, 9 deletions

diff --git a/nova/context.py b/nova/context.py
index 4901f1de1b..da1024efbb 100644
--- a/nova/context.py
+++ b/nova/context.py
@@ -238,9 +238,8 @@ class RequestContext(context.RequestContext):
         :param action: string representing the action to be checked.
         :param target: dictionary representing the object of the action
             for object creation this should be a dictionary representing the
-            location of the object e.g. ``{'project_id': context.project_id}``.
-            If None, then this default target will be considered:
-            {'project_id': self.project_id, 'user_id': self.user_id}
+            location of the object
+            e.g. ``{'project_id': instance.project_id}``.
         :param fatal: if False, will return False when an exception.Forbidden
            occurs.
 
@@ -250,9 +249,6 @@ class RequestContext(context.RequestContext):
         :return: returns a non-False value (not necessarily "True") if
             authorized and False if not authorized and fatal is False.
         """
-        if target is None:
-            target = self.default_target()
-
         try:
             return policy.authorize(self, action, target)
         except exception.Forbidden:
@@ -260,9 +256,6 @@ class RequestContext(context.RequestContext):
                 raise
             return False
 
-    def default_target(self):
-        return {'project_id': self.project_id, 'user_id': self.user_id}
-
     def to_policy_values(self):
         policy = super(RequestContext, self).to_policy_values()
         policy['is_admin'] = self.is_admin