Return 403 instead of 401 HTTP Response
401 Unauthorized is the HTTP status code used for authentication errors for eg. Missing or Bad Authentication. 403 Forbidden response is used for denying permission to access resources for a correctly authenticated user. This fix corrects the mistake in the api. Change-Id: I0903b226cfe32a7aed69d265a27ca21d7cc9b98e Closes-Bug:1477013
This commit is contained in:
parent
bfdcab1170
commit
1ca86fd418
|
@ -82,7 +82,7 @@ Environment API
|
|||
+================+===========================================================+
|
||||
| 200 | Operation completed successfully |
|
||||
+----------------+-----------------------------------------------------------+
|
||||
| 401 | User is not authorized to perform the operation |
|
||||
| 403 | User is not authorized to perform the operation |
|
||||
+----------------+-----------------------------------------------------------+
|
||||
|
||||
List environments
|
||||
|
@ -223,7 +223,7 @@ Update environment
|
|||
| 400 | Environment name must contain only alphanumeric or '_-.' |
|
||||
| | characters, must start with alpha |
|
||||
+----------------+-----------------------------------------------------------+
|
||||
| 401 | User is not authorized to access environment |
|
||||
| 403 | User is not authorized to access environment |
|
||||
+----------------+-----------------------------------------------------------+
|
||||
| 404 | Environment not found |
|
||||
+----------------+-----------------------------------------------------------+
|
||||
|
|
|
@ -18,7 +18,7 @@ from webob import exc
|
|||
|
||||
from murano.api.v1 import environments as envs_api
|
||||
from murano.api.v1 import request_statistics
|
||||
from murano.common.i18n import _, _LE
|
||||
from murano.common.i18n import _
|
||||
from murano.common import policy
|
||||
from murano.common import utils
|
||||
from murano.common import wsgi
|
||||
|
@ -226,9 +226,9 @@ class Controller(object):
|
|||
get_env_template = env_temps.EnvTemplateServices.get_env_template
|
||||
env_template = get_env_template(env_template_id)
|
||||
if env_template.tenant_id != request.context.tenant:
|
||||
LOG.exception(_LE('User is not authorized to access this tenant '
|
||||
'resources.'))
|
||||
raise exc.HTTPUnauthorized
|
||||
msg = _('User is not authorized to access this tenant resources')
|
||||
LOG.error(msg)
|
||||
raise exc.HTTPForbidden(explanation=msg)
|
||||
|
||||
|
||||
def create_resource():
|
||||
|
|
|
@ -184,7 +184,7 @@ class TestEnvTemplatesTenantIsolation(base.NegativeTestCase):
|
|||
"""
|
||||
env_template = self.create_env_template('test_env_temp')
|
||||
|
||||
self.assertRaises(exceptions.Unauthorized,
|
||||
self.assertRaises(exceptions.Forbidden,
|
||||
self.alt_client.get_env_template, env_template['id'])
|
||||
|
||||
self.client.delete_env_template(env_template['id'])
|
||||
|
@ -197,7 +197,7 @@ class TestEnvTemplatesTenantIsolation(base.NegativeTestCase):
|
|||
"""
|
||||
env_template = self.create_env_template('test_env_temp')
|
||||
|
||||
self.assertRaises(exceptions.Unauthorized,
|
||||
self.assertRaises(exceptions.Forbidden,
|
||||
self.alt_client.delete_env_template,
|
||||
env_template['id'])
|
||||
self.client.delete_env_template(env_template['id'])
|
||||
|
|
|
@ -17,7 +17,7 @@ import functools
|
|||
from oslo_log import log as logging
|
||||
from webob import exc
|
||||
|
||||
from murano.common.i18n import _, _LE
|
||||
from murano.common.i18n import _
|
||||
from murano.db import models
|
||||
from murano.db.services import sessions
|
||||
from murano.db import session as db_session
|
||||
|
@ -76,15 +76,17 @@ def verify_env_template(func):
|
|||
unit = db_session.get_session()
|
||||
template = unit.query(models.EnvironmentTemplate).get(env_template_id)
|
||||
if template is None:
|
||||
LOG.error(_LE("Environment Template with id '{id}' not found").
|
||||
format(id=env_template_id))
|
||||
raise exc.HTTPNotFound()
|
||||
msg = _('Environment Template with id {id} not found'
|
||||
).format(id=env_template_id)
|
||||
LOG.error(msg)
|
||||
raise exc.HTTPNotFound(explanation=msg)
|
||||
|
||||
if hasattr(request, 'context'):
|
||||
if template.tenant_id != request.context.tenant:
|
||||
LOG.error(_LE('User is not authorized to access '
|
||||
'this tenant resources'))
|
||||
raise exc.HTTPUnauthorized()
|
||||
msg = _('User is not authorized to access'
|
||||
' this tenant resources')
|
||||
LOG.error(msg)
|
||||
raise exc.HTTPForbidden(explanation=msg)
|
||||
|
||||
return func(self, request, env_template_id, *args, **kwargs)
|
||||
return __inner
|
||||
|
|
Loading…
Reference in New Issue