openstack
/
neutron
Code Issues Proposed changes
neutron/neutron
History
Elena Ezhova dd4b77ff53 Forbid regular users to reset admin-only attrs to default values 
A regular user can reset an admin-only attribute to its default
value due to the fact that a corresponding policy rule is
enforced only in the case when an attribute is present in the
target AND has a non-default value.

Added a new attribute "attributes_to_update" which contains a list
of all to-be updated attributes to the body of the target that is
passed to policy.enforce.

Changed a check for whether an attribute is explicitly set.
Now, in the case of update, the function should not pay attention
to a default value of an attribute, but check whether it was
explicitly marked as being updated.

Added unit-tests.

Conflicts:
	neutron/common/constants.py

Closes-Bug: #1357379
Related-Bug: #1338880
Change-Id: I6537bb1da5ef0d6899bc71e4e949f2c760c103c2
(cherry picked from commit 74d1093990)
 		2014-09-25 17:14:33 +02:00
..
agent Don't spawn metadata-proxy for non-isolated nets 2014-09-22 11:22:31 +03:00
api Forbid regular users to reset admin-only attrs to default values 2014-09-25 17:14:33 +02:00
cmd remove binaries under bin 2013-08-16 10:10:30 +08:00
common Forbid regular users to reset admin-only attrs to default values 2014-09-25 17:14:33 +02:00
db Merge "Don't allow user to set firewall rule with port and no protocol" into stable/icehouse 2014-09-25 00:19:22 +00:00
debug Neutron should not use the neutronclient utils module for import_class 2014-09-09 10:08:43 -07:00
extensions Don't allow user to set firewall rule with port and no protocol 2014-09-17 16:14:22 +02:00
locale Fix Jenkins translation jobs 2014-04-07 11:37:38 +02:00
notifiers Replace loopingcall in notifier with a delayed send 2014-05-26 15:40:06 +03:00
openstack Synced jsonutils from oslo-incubator 2014-06-24 00:13:17 +02:00
plugins Merge "BSN: Add context to backend request for debugging" into stable/icehouse 2014-09-23 09:41:38 +00:00
scheduler Fix DetachedInstanceError for Agent instance 2014-02-27 14:48:11 +00:00
server Adds multiple RPC worker processes to neutron server 2014-03-04 00:50:20 +00:00
services Ensure ip6tables are used only if ipv6 is enabled in kernel 2014-08-22 10:42:07 +02:00
tests Forbid regular users to reset admin-only attrs to default values 2014-09-25 17:14:33 +02:00
__init__.py Rename Quantum to Neutron 2013-07-06 15:02:43 -04:00
auth.py Return request-id in API response 2014-02-10 04:58:38 +09:00
context.py Stop logging unnecessary warning on context create 2013-11-28 09:17:18 +00:00
hooks.py Remove pyudev dependency 2014-02-25 14:28:35 +00:00
manager.py Ensure core plugin deallocation after every test 2014-07-03 13:14:29 -07:00
neutron_plugin_base_v2.py Add support for multiple RPC workers under Metaplugin 2014-04-24 15:50:53 +09:00
policy.py Forbid regular users to reset admin-only attrs to default values 2014-09-25 17:14:33 +02:00
quota.py Kill 'Skipping unknown group key: firewall_driver' log trace 2014-03-13 12:46:06 -07:00
service.py Add support for multiple RPC workers under Metaplugin 2014-04-24 15:50:53 +09:00
version.py Rename Quantum to Neutron 2013-07-06 15:02:43 -04:00
wsgi.py Merge "Fix webob.exc.HTTPForbidden parameter miss" 2014-03-02 19:05:50 +00:00