1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
Author: Douglas Mendizábal <dmendiza@redhat.com>
Date: Thu, 25 Jan 2024 15:37:50 -0500
Description: Fix policies for groups
This patch fixes a couple of broken policies in the groups resource.
Change-Id: Ia47ecc71c04bcb50c2e0d677a99b3754ffbc1c04
Origin: upstream, https://review.opendev.org/c/openstack/keystone/+/906892
Last-Update: 2025-10-30
diff --git a/keystone/common/policies/group.py b/keystone/common/policies/group.py
index 024ee65..8c8293c 100644
--- a/keystone/common/policies/group.py
+++ b/keystone/common/policies/group.py
@@ -21,7 +21,7 @@
'user_id:%(user_id)s'
)
ADMIN_OR_SYSTEM_READER_OR_DOMAIN_READER_FOR_TARGET_OR_OWNER = (
- '(' + base.RULE_ADMIN_REQUIRED + ') or (' +
+ '(' + base.RULE_ADMIN_REQUIRED + ') or ' +
SYSTEM_READER_OR_DOMAIN_READER_FOR_TARGET_USER_OR_OWNER
)
@@ -32,7 +32,7 @@
'domain_id:%(target.user.domain_id)s)'
)
ADMIN_OR_SYSTEM_READER_OR_DOMAIN_READER_FOR_TARGET_GROUP = (
- '(' + base.RULE_ADMIN_REQUIRED + ') or (' +
+ '(' + base.RULE_ADMIN_REQUIRED + ') or ' +
SYSTEM_READER_OR_DOMAIN_READER_FOR_TARGET_GROUP_USER
)
|
