openstack
/
murano
Code Issues Proposed changes
murano/murano/api
History
Andrew Pashkin 6b5eb95593 Added tenant check in sessions API resource 
This revision introduces additional checks for methods of sessions
controller.

Before it, only environment ID of user session was checked
for equality with environment ID in request. But user from another
tenant, that knew environment ID and session ID, was able to call
methods for that environment. Additional check, that was introduced in
this commit, closes that breach.

Change-Id: I34c7431751bb88236b6ffb81b08ccc7c3617e77b
Closes-Bug: #1382026
 		2015-02-10 12:39:58 +03:00
..
middleware Remove #noqa from gettextutils imports 2014-11-14 19:43:14 +02:00
v1 Added tenant check in sessions API resource 2015-02-10 12:39:58 +03:00
__init__.py Rename muranoapi to murano 2014-05-27 15:14:44 +04:00
versions.py Use oslo.serialization 2014-12-11 02:15:39 +03:00