openstack
/
glance
Code Issues Proposed changes

Return 403 when policy engine denies action 

* Fixes bug 956206

Change-Id: I0447a1a86fed2456c912395a0ab7d6e0aba03f66
This commit is contained in:
Brian Waldon 2012-03-15 12:55:39 -07:00
parent 3ae0ef012b
commit e2e88d8aad
2 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
glance/api/v1/images.py
View File

@ -29,7 +29,6 @@ from webob.exc import (HTTPError,
HTTPConflict, HTTPConflict,
HTTPBadRequest, HTTPBadRequest,
HTTPForbidden, HTTPForbidden,
HTTPUnauthorized,
HTTPRequestEntityTooLarge, HTTPRequestEntityTooLarge,
HTTPServiceUnavailable, HTTPServiceUnavailable,
) )
@ -104,7 +103,7 @@ class Controller(controller.BaseController):
try: try:
self.policy.enforce(req.context, action, {}) self.policy.enforce(req.context, action, {})
except exception.NotAuthorized: except exception.NotAuthorized:
raise HTTPUnauthorized() raise HTTPForbidden()
def index(self, req): def index(self, req):
""" """

12
glance/tests/unit/test_api.py
View File

@ -2194,7 +2194,7 @@ class TestGlanceAPI(base.IsolatedUnitTest):
req.headers['Content-Type'] = 'application/octet-stream' req.headers['Content-Type'] = 'application/octet-stream'
req.body = "chunk00000remainder" req.body = "chunk00000remainder"
res = req.get_response(self.api) res = req.get_response(self.api)
self.assertEquals(res.status_int, 401) self.assertEquals(res.status_int, 403)
def _do_test_post_image_content_missing_format(self, missing): def _do_test_post_image_content_missing_format(self, missing):
"""Tests creation of an image with missing format""" """Tests creation of an image with missing format"""
@ -2563,14 +2563,14 @@ class TestGlanceAPI(base.IsolatedUnitTest):
self.set_policy_rules(rules) self.set_policy_rules(rules)
req = webob.Request.blank('/images/detail') req = webob.Request.blank('/images/detail')
res = req.get_response(self.api) res = req.get_response(self.api)
self.assertEquals(res.status_int, 401) self.assertEquals(res.status_int, 403)
def test_get_images_unauthorized(self): def test_get_images_unauthorized(self):
rules = {"get_images": [["false:false"]]} rules = {"get_images": [["false:false"]]}
self.set_policy_rules(rules) self.set_policy_rules(rules)
req = webob.Request.blank('/images/detail') req = webob.Request.blank('/images/detail')
res = req.get_response(self.api) res = req.get_response(self.api)
self.assertEquals(res.status_int, 401) self.assertEquals(res.status_int, 403)
def test_store_location_not_revealed(self): def test_store_location_not_revealed(self):
""" """
@ -2732,7 +2732,7 @@ class TestGlanceAPI(base.IsolatedUnitTest):
req = webob.Request.blank("/images/%s" % UUID2) req = webob.Request.blank("/images/%s" % UUID2)
req.method = 'HEAD' req.method = 'HEAD'
res = req.get_response(self.api) res = req.get_response(self.api)
self.assertEquals(res.status_int, 401) self.assertEquals(res.status_int, 403)
def test_show_image_basic(self): def test_show_image_basic(self):
req = webob.Request.blank("/images/%s" % UUID2) req = webob.Request.blank("/images/%s" % UUID2)
@ -2751,7 +2751,7 @@ class TestGlanceAPI(base.IsolatedUnitTest):
self.set_policy_rules(rules) self.set_policy_rules(rules)
req = webob.Request.blank("/images/%s" % UUID2) req = webob.Request.blank("/images/%s" % UUID2)
res = req.get_response(self.api) res = req.get_response(self.api)
self.assertEqual(res.status_int, 401) self.assertEqual(res.status_int, 403)
def test_delete_image(self): def test_delete_image(self):
req = webob.Request.blank("/images/%s" % UUID2) req = webob.Request.blank("/images/%s" % UUID2)
@ -2833,7 +2833,7 @@ class TestGlanceAPI(base.IsolatedUnitTest):
req = webob.Request.blank("/images/%s" % UUID2) req = webob.Request.blank("/images/%s" % UUID2)
req.method = 'DELETE' req.method = 'DELETE'
res = req.get_response(self.api) res = req.get_response(self.api)
self.assertEquals(res.status_int, 401) self.assertEquals(res.status_int, 403)
def test_get_details_invalid_marker(self): def test_get_details_invalid_marker(self):
""" """