diff options
Diffstat (limited to 'zuul/web/__init__.py')
-rwxr-xr-x | zuul/web/__init__.py | 30 |
1 files changed, 7 insertions, 23 deletions
diff --git a/zuul/web/__init__.py b/zuul/web/__init__.py index b64faf202..210c68ad9 100755 --- a/zuul/web/__init__.py +++ b/zuul/web/__init__.py @@ -890,7 +890,7 @@ class ZuulWebAPI(object): @cherrypy.expose @cherrypy.tools.json_out(content_type='application/json; charset=utf-8') @cherrypy.tools.handle_options(allowed_methods=['GET', ]) - def tenant_authorizations(self, tenant): + def tenant_authorizations(self, tenant_name): basic_error = self._basic_auth_header_check() if basic_error is not None: return basic_error @@ -898,29 +898,12 @@ class ZuulWebAPI(object): claims, token_error = self._auth_token_check() if token_error is not None: return token_error - try: - admin_tenants = self._authorizations() - except exceptions.AuthTokenException as e: - for header, contents in e.getAdditionalHeaders().items(): - cherrypy.response.headers[header] = contents - cherrypy.response.status = e.HTTPError - return {'description': e.error_description, - 'error': e.error, - 'realm': e.realm} + tenant = self._getTenantOrRaise(tenant_name) + admin = self._is_authorized(tenant, claims) resp = cherrypy.response resp.headers['Access-Control-Allow-Origin'] = '*' - return {'zuul': {'admin': tenant in admin_tenants, - 'scope': [tenant, ]}, } - - def _authorizations(self): - rawToken = cherrypy.request.headers['Authorization'][len('Bearer '):] - claims = self.zuulweb.authenticators.authenticate(rawToken) - - if 'zuul' in claims and 'admin' in claims.get('zuul', {}): - return claims['zuul']['admin'] - - return [n for n, t in self.zuulweb.abide.tenants.items() - if self._is_authorized(t, claims)] + return {'zuul': {'admin': admin, + 'scope': [tenant_name, ]}, } def _tenants(self): result = [] @@ -1897,7 +1880,8 @@ class ZuulWeb(object): if self.authenticators.authenticators: # route order is important, put project actions before the more # generic tenant/{tenant}/project/{project} route - route_map.connect('api', '/api/tenant/{tenant}/authorizations', + route_map.connect('api', + '/api/tenant/{tenant_name}/authorizations', controller=api, action='tenant_authorizations') route_map.connect('api', '/api/tenant/{tenant_name}/promote', |