Return 403 when policy engine denies action
* Fixes bug 956206 Change-Id: I0447a1a86fed2456c912395a0ab7d6e0aba03f66
This commit is contained in:
parent
3ae0ef012b
commit
e2e88d8aad
|
@ -29,7 +29,6 @@ from webob.exc import (HTTPError,
|
||||||
HTTPConflict,
|
HTTPConflict,
|
||||||
HTTPBadRequest,
|
HTTPBadRequest,
|
||||||
HTTPForbidden,
|
HTTPForbidden,
|
||||||
HTTPUnauthorized,
|
|
||||||
HTTPRequestEntityTooLarge,
|
HTTPRequestEntityTooLarge,
|
||||||
HTTPServiceUnavailable,
|
HTTPServiceUnavailable,
|
||||||
)
|
)
|
||||||
|
@ -104,7 +103,7 @@ class Controller(controller.BaseController):
|
||||||
try:
|
try:
|
||||||
self.policy.enforce(req.context, action, {})
|
self.policy.enforce(req.context, action, {})
|
||||||
except exception.NotAuthorized:
|
except exception.NotAuthorized:
|
||||||
raise HTTPUnauthorized()
|
raise HTTPForbidden()
|
||||||
|
|
||||||
def index(self, req):
|
def index(self, req):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -2194,7 +2194,7 @@ class TestGlanceAPI(base.IsolatedUnitTest):
|
||||||
req.headers['Content-Type'] = 'application/octet-stream'
|
req.headers['Content-Type'] = 'application/octet-stream'
|
||||||
req.body = "chunk00000remainder"
|
req.body = "chunk00000remainder"
|
||||||
res = req.get_response(self.api)
|
res = req.get_response(self.api)
|
||||||
self.assertEquals(res.status_int, 401)
|
self.assertEquals(res.status_int, 403)
|
||||||
|
|
||||||
def _do_test_post_image_content_missing_format(self, missing):
|
def _do_test_post_image_content_missing_format(self, missing):
|
||||||
"""Tests creation of an image with missing format"""
|
"""Tests creation of an image with missing format"""
|
||||||
|
@ -2563,14 +2563,14 @@ class TestGlanceAPI(base.IsolatedUnitTest):
|
||||||
self.set_policy_rules(rules)
|
self.set_policy_rules(rules)
|
||||||
req = webob.Request.blank('/images/detail')
|
req = webob.Request.blank('/images/detail')
|
||||||
res = req.get_response(self.api)
|
res = req.get_response(self.api)
|
||||||
self.assertEquals(res.status_int, 401)
|
self.assertEquals(res.status_int, 403)
|
||||||
|
|
||||||
def test_get_images_unauthorized(self):
|
def test_get_images_unauthorized(self):
|
||||||
rules = {"get_images": [["false:false"]]}
|
rules = {"get_images": [["false:false"]]}
|
||||||
self.set_policy_rules(rules)
|
self.set_policy_rules(rules)
|
||||||
req = webob.Request.blank('/images/detail')
|
req = webob.Request.blank('/images/detail')
|
||||||
res = req.get_response(self.api)
|
res = req.get_response(self.api)
|
||||||
self.assertEquals(res.status_int, 401)
|
self.assertEquals(res.status_int, 403)
|
||||||
|
|
||||||
def test_store_location_not_revealed(self):
|
def test_store_location_not_revealed(self):
|
||||||
"""
|
"""
|
||||||
|
@ -2732,7 +2732,7 @@ class TestGlanceAPI(base.IsolatedUnitTest):
|
||||||
req = webob.Request.blank("/images/%s" % UUID2)
|
req = webob.Request.blank("/images/%s" % UUID2)
|
||||||
req.method = 'HEAD'
|
req.method = 'HEAD'
|
||||||
res = req.get_response(self.api)
|
res = req.get_response(self.api)
|
||||||
self.assertEquals(res.status_int, 401)
|
self.assertEquals(res.status_int, 403)
|
||||||
|
|
||||||
def test_show_image_basic(self):
|
def test_show_image_basic(self):
|
||||||
req = webob.Request.blank("/images/%s" % UUID2)
|
req = webob.Request.blank("/images/%s" % UUID2)
|
||||||
|
@ -2751,7 +2751,7 @@ class TestGlanceAPI(base.IsolatedUnitTest):
|
||||||
self.set_policy_rules(rules)
|
self.set_policy_rules(rules)
|
||||||
req = webob.Request.blank("/images/%s" % UUID2)
|
req = webob.Request.blank("/images/%s" % UUID2)
|
||||||
res = req.get_response(self.api)
|
res = req.get_response(self.api)
|
||||||
self.assertEqual(res.status_int, 401)
|
self.assertEqual(res.status_int, 403)
|
||||||
|
|
||||||
def test_delete_image(self):
|
def test_delete_image(self):
|
||||||
req = webob.Request.blank("/images/%s" % UUID2)
|
req = webob.Request.blank("/images/%s" % UUID2)
|
||||||
|
@ -2833,7 +2833,7 @@ class TestGlanceAPI(base.IsolatedUnitTest):
|
||||||
req = webob.Request.blank("/images/%s" % UUID2)
|
req = webob.Request.blank("/images/%s" % UUID2)
|
||||||
req.method = 'DELETE'
|
req.method = 'DELETE'
|
||||||
res = req.get_response(self.api)
|
res = req.get_response(self.api)
|
||||||
self.assertEquals(res.status_int, 401)
|
self.assertEquals(res.status_int, 403)
|
||||||
|
|
||||||
def test_get_details_invalid_marker(self):
|
def test_get_details_invalid_marker(self):
|
||||||
"""
|
"""
|
||||||
|
|
Loading…
Reference in New Issue