set user_update policy to admin_required
This changes the default policy.json to prevent users from changing their own attributes such as password, name, or default_project_id. Closes-Bug: 1237989 Change-Id: I7de5fff3d72a76b78113e289c57a9fac2096395f
This commit is contained in:
parent
c14ebd668f
commit
3866991918
|
@ -35,7 +35,7 @@
|
||||||
"identity:get_user": [["rule:admin_required"]],
|
"identity:get_user": [["rule:admin_required"]],
|
||||||
"identity:list_users": [["rule:admin_required"]],
|
"identity:list_users": [["rule:admin_required"]],
|
||||||
"identity:create_user": [["rule:admin_required"]],
|
"identity:create_user": [["rule:admin_required"]],
|
||||||
"identity:update_user": [["rule:admin_or_owner"]],
|
"identity:update_user": [["rule:admin_required"]],
|
||||||
"identity:delete_user": [["rule:admin_required"]],
|
"identity:delete_user": [["rule:admin_required"]],
|
||||||
|
|
||||||
"identity:get_group": [["rule:admin_required"]],
|
"identity:get_group": [["rule:admin_required"]],
|
||||||
|
|
|
@ -2220,14 +2220,9 @@ class TestTrustAuth(TestAuthInfo):
|
||||||
self.user_id, expected_status=200,
|
self.user_id, expected_status=200,
|
||||||
token=trust_token)
|
token=trust_token)
|
||||||
|
|
||||||
auth_data = self.build_authentication_request(
|
|
||||||
user_id=self.trustee_user['id'],
|
|
||||||
password=self.trustee_user['password'])
|
|
||||||
|
|
||||||
self.assertValidUserResponse(
|
self.assertValidUserResponse(
|
||||||
self.patch('/users/%s' % self.trustee_user['id'],
|
self.patch('/users/%s' % self.trustee_user['id'],
|
||||||
body={'user': {'password': uuid.uuid4().hex}},
|
body={'user': {'password': uuid.uuid4().hex}},
|
||||||
auth=auth_data,
|
|
||||||
expected_status=200))
|
expected_status=200))
|
||||||
|
|
||||||
self.get('/OS-TRUST/trusts?trustor_user_id=%s' %
|
self.get('/OS-TRUST/trusts?trustor_user_id=%s' %
|
||||||
|
|
Loading…
Reference in New Issue