diff options
| author | Devin Carlen <devin.carlen@gmail.com> | 2010-08-06 21:34:37 +0000 |
|---|---|---|
| committer | Tarmac <> | 2010-08-06 21:34:37 +0000 |
| commit | efd563f110b91befdca62321e8d0b2f575ba2884 (patch) | |
| tree | 2bebf5998278acb2a4bfc3dd9b0db0433f47e01e | |
| parent | c9ba760425f9b03505633de6aa2b0a8d84a2fb16 (diff) | |
| parent | 778e8152751ebdbb2adad544cc705691395d335d (diff) | |
| download | nova-efd563f110b91befdca62321e8d0b2f575ba2884.tar.gz nova-efd563f110b91befdca62321e8d0b2f575ba2884.tar.xz nova-efd563f110b91befdca62321e8d0b2f575ba2884.zip | |
Fixed write authorization for public images
| -rw-r--r-- | nova/endpoint/cloud.py | 2 | ||||
| -rw-r--r-- | nova/objectstore/handler.py | 3 | ||||
| -rw-r--r-- | nova/objectstore/image.py | 8 |
3 files changed, 10 insertions, 3 deletions
diff --git a/nova/endpoint/cloud.py b/nova/endpoint/cloud.py index 0ee278f84..cc6216fec 100644 --- a/nova/endpoint/cloud.py +++ b/nova/endpoint/cloud.py @@ -677,6 +677,8 @@ class CloudController(object): # TODO(devcamcar): Support users and groups other than 'all'. if attribute != 'launchPermission': raise exception.ApiError('attribute not supported: %s' % attribute) + if not 'user_group' in kwargs: + raise exception.ApiError('user or group not specified') if len(kwargs['user_group']) != 1 and kwargs['user_group'][0] != 'all': raise exception.ApiError('only group "all" is supported') if not operation_type in ['add', 'remove']: diff --git a/nova/objectstore/handler.py b/nova/objectstore/handler.py index b4d7e6179..f625a2aa1 100644 --- a/nova/objectstore/handler.py +++ b/nova/objectstore/handler.py @@ -266,7 +266,8 @@ class ImagesResource(Resource): """ returns a json listing of all images that a user has permissions to see """ - images = [i for i in image.Image.all() if i.is_authorized(request.context)] + images = [i for i in image.Image.all() \ + if i.is_authorized(request.context, readonly=True)] request.write(json.dumps([i.metadata for i in images])) request.finish() diff --git a/nova/objectstore/image.py b/nova/objectstore/image.py index bea2e9637..860298ba6 100644 --- a/nova/objectstore/image.py +++ b/nova/objectstore/image.py @@ -65,9 +65,13 @@ class Image(object): except: pass - def is_authorized(self, context): + def is_authorized(self, context, readonly=False): + # NOTE(devcamcar): Public images can be read by anyone, + # but only modified by admin or owner. try: - return self.metadata['isPublic'] or context.user.is_admin() or self.metadata['imageOwnerId'] == context.project.id + return (self.metadata['isPublic'] and readonly) or \ + context.user.is_admin() or \ + self.metadata['imageOwnerId'] == context.project.id except: return False |