diff options
| author | Dolph Mathews <dolph.mathews@gmail.com> | 2012-03-25 12:03:26 -0500 |
|---|---|---|
| committer | Dolph Mathews <dolph.mathews@gmail.com> | 2012-03-27 18:55:42 -0700 |
| commit | 9e4fe654ed3f2fa4040ccbcd0ccc003f56f9bce2 (patch) | |
| tree | c0b3b59eefc195a3c62101bbc537ec8b0a3155d6 /keystone | |
| parent | a9c6fb1d39f84f79f97333f59ef757cfd9dc8fd2 (diff) | |
| download | keystone-9e4fe654ed3f2fa4040ccbcd0ccc003f56f9bce2.tar.gz keystone-9e4fe654ed3f2fa4040ccbcd0ccc003f56f9bce2.tar.xz keystone-9e4fe654ed3f2fa4040ccbcd0ccc003f56f9bce2.zip | |
user-role-crud 404 (bug 963056)
user-role-add
user-role-remove
Change-Id: I1b3cd019d0d110b01ed175822cdd6c9ddb486412
Diffstat (limited to 'keystone')
| -rw-r--r-- | keystone/identity/backends/kvs.py | 4 | ||||
| -rw-r--r-- | keystone/identity/backends/sql.py | 4 | ||||
| -rw-r--r-- | keystone/identity/core.py | 14 |
3 files changed, 21 insertions, 1 deletions
diff --git a/keystone/identity/backends/kvs.py b/keystone/identity/backends/kvs.py index 95286a9f..55bd8f08 100644 --- a/keystone/identity/backends/kvs.py +++ b/keystone/identity/backends/kvs.py @@ -144,6 +144,10 @@ class Identity(kvs.Base, identity.Driver): if not metadata_ref: metadata_ref = {} roles = set(metadata_ref.get('roles', [])) + if role_id not in roles: + msg = 'Cannot remove role that has not been granted, %s' % role_id + raise exception.RoleNotFound(message=msg) + roles.remove(role_id) metadata_ref['roles'] = list(roles) self.update_metadata(user_id, tenant_id, metadata_ref) diff --git a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py index 00dedcba..443ddd3b 100644 --- a/keystone/identity/backends/sql.py +++ b/keystone/identity/backends/sql.py @@ -286,6 +286,10 @@ class Identity(sql.Base, identity.Driver): is_new = True metadata_ref = {} roles = set(metadata_ref.get('roles', [])) + if role_id not in roles: + msg = 'Cannot remove role that has not been granted, %s' % role_id + raise exception.RoleNotFound(message=msg) + roles.remove(role_id) metadata_ref['roles'] = list(roles) if not is_new: diff --git a/keystone/identity/core.py b/keystone/identity/core.py index c2a1041d..ee225264 100644 --- a/keystone/identity/core.py +++ b/keystone/identity/core.py @@ -497,6 +497,12 @@ class RoleController(wsgi.Application): if tenant_id is None: raise exception.NotImplemented(message='User roles not supported: ' 'tenant_id required') + if self.identity_api.get_user(context, user_id) is None: + raise exception.UserNotFound(user_id=user_id) + if self.identity_api.get_tenant(context, tenant_id) is None: + raise exception.TenantNotFound(tenant_id=tenant_id) + if self.identity_api.get_role(context, role_id) is None: + raise exception.RoleNotFound(role_id=role_id) # This still has the weird legacy semantics that adding a role to # a user also adds them to a tenant @@ -517,9 +523,15 @@ class RoleController(wsgi.Application): if tenant_id is None: raise exception.NotImplemented(message='User roles not supported: ' 'tenant_id required') + if self.identity_api.get_user(context, user_id) is None: + raise exception.UserNotFound(user_id=user_id) + if self.identity_api.get_tenant(context, tenant_id) is None: + raise exception.TenantNotFound(tenant_id=tenant_id) + if self.identity_api.get_role(context, role_id) is None: + raise exception.RoleNotFound(role_id=role_id) # This still has the weird legacy semantics that adding a role to - # a user also adds them to a tenant + # a user also adds them to a tenant, so we must follow up on that self.identity_api.remove_role_from_user_and_tenant( context, user_id, tenant_id, role_id) roles = self.identity_api.get_roles_for_user_and_tenant( |