Adding granularity for quotas to list and update

added quotas:show and quotas:update to policy.json defaulting quotas:update to an admin-api default Change-Id: Ib328912be859512b9c5391d9b7aa317ecf29aeab
author: Paul Voccio <paul@openstack.org> 2012-07-13 14:21:22 -0700
committer: Paul Voccio <paul@openstack.org> 2012-07-16 09:10:58 -0700
commit: 0766ec0da0d19be32c2ac07f480b3cb873d8037d (patch)
tree: 533ae83b7af2554a5624e84cde8b796e7dec657d
parent: 57e4ee833d1897b5114be193be3b6f7fa38f49bf (diff)
3 files changed, 9 insertions, 6 deletions
diff --git a/etc/nova/policy.json b/etc/nova/policy.json
index 8bc8ae4cc..3970ce96a 100644
--- a/etc/nova/policy.json
+++ b/etc/nova/policy.json
@@ -47,7 +47,8 @@
     "compute_extension:multinic": [],
     "compute_extension:networks": [["rule:admin_api"]],
     "compute_extension:networks:view": [],
-    "compute_extension:quotas": [],
+    "compute_extension:quotas:show": [],
+    "compute_extension:quotas:update": [["rule:admin_api"]],
     "compute_extension:quota_classes": [],
     "compute_extension:rescue": [],
     "compute_extension:security_groups": [],
diff --git a/nova/api/openstack/compute/contrib/quotas.py b/nova/api/openstack/compute/contrib/quotas.py
index 361335927..33584badc 100644
--- a/nova/api/openstack/compute/contrib/quotas.py
+++ b/nova/api/openstack/compute/contrib/quotas.py
@@ -29,7 +29,8 @@ from nova import quota
 QUOTAS = quota.QUOTAS
 
 
-authorize = extensions.extension_authorizer('compute', 'quotas')
+authorize_update = extensions.extension_authorizer('compute', 'quotas:update')
+authorize_show = extensions.extension_authorizer('compute', 'quotas:show')
 
 
 class QuotaTemplate(xmlutil.TemplateBuilder):
@@ -73,7 +74,7 @@ class QuotaSetsController(object):
     @wsgi.serializers(xml=QuotaTemplate)
     def show(self, req, id):
         context = req.environ['nova.context']
-        authorize(context)
+        authorize_show(context)
         try:
             sqlalchemy_api.authorize_project_context(context, id)
             return self._format_quota_set(id, self._get_quotas(context, id))
@@ -83,7 +84,7 @@ class QuotaSetsController(object):
     @wsgi.serializers(xml=QuotaTemplate)
     def update(self, req, id, body):
         context = req.environ['nova.context']
-        authorize(context)
+        authorize_update(context)
         project_id = id
         for key in body['quota_set'].keys():
             if key in QUOTAS:
@@ -100,7 +101,7 @@ class QuotaSetsController(object):
     @wsgi.serializers(xml=QuotaTemplate)
     def defaults(self, req, id):
         context = req.environ['nova.context']
-        authorize(context)
+        authorize_show(context)
         return self._format_quota_set(id, QUOTAS.get_defaults(context))
 
 
diff --git a/nova/tests/policy.json b/nova/tests/policy.json
index b0b3114c4..bed66a7df 100644
--- a/nova/tests/policy.json
+++ b/nova/tests/policy.json
@@ -103,7 +103,8 @@
     "compute_extension:multinic": [],
     "compute_extension:networks": [],
     "compute_extension:networks:view": [],
-    "compute_extension:quotas": [],
+    "compute_extension:quotas:show": [],
+    "compute_extension:quotas:update": [],
     "compute_extension:quota_classes": [],
     "compute_extension:rescue": [],
     "compute_extension:security_groups": [],
author	Paul Voccio <paul@openstack.org>	2012-07-13 14:21:22 -0700
committer	Paul Voccio <paul@openstack.org>	2012-07-16 09:10:58 -0700
commit	0766ec0da0d19be32c2ac07f480b3cb873d8037d (patch)
tree	533ae83b7af2554a5624e84cde8b796e7dec657d
parent	57e4ee833d1897b5114be193be3b6f7fa38f49bf (diff)