diff options
| author | Li Chen <chen.li@intel.com> | 2013-02-01 17:32:26 +0800 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2013-02-06 00:46:38 +0000 |
| commit | 7ba533f069aa95c73524f7f0a398a216dfbcdbb3 (patch) | |
| tree | 32355c0558879a709e509b09a5f36c6657c7eb5a /nova/api | |
| parent | af235b22eccb81d815c79fd1f531734a140cfafb (diff) | |
Flavor Extra Specs should require admin privileges
The previous fix added admin check in policy.json,
but code still can't recorginize the detailed actions.
This fix edited "authorize" function for flavor_extra_specs,
to make sure it will check the admin privileges in policy.json.
Also, together with the code, this fix edit old test case with admin privileges,
and added new non-admin privileges test case.
Fixes bug 1094142
Change-Id: Ia286aedb4846383ad51bd54b0984dd1feddfbf81
Diffstat (limited to 'nova/api')
| -rw-r--r-- | nova/api/openstack/compute/contrib/flavorextraspecs.py | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/nova/api/openstack/compute/contrib/flavorextraspecs.py b/nova/api/openstack/compute/contrib/flavorextraspecs.py index 12cc7d9ed..1349abe78 100644 --- a/nova/api/openstack/compute/contrib/flavorextraspecs.py +++ b/nova/api/openstack/compute/contrib/flavorextraspecs.py @@ -62,13 +62,13 @@ class FlavorExtraSpecsController(object): def index(self, req, flavor_id): """Returns the list of extra specs for a given flavor.""" context = req.environ['nova.context'] - authorize(context) + authorize(context, action='index') return self._get_extra_specs(context, flavor_id) @wsgi.serializers(xml=ExtraSpecsTemplate) def create(self, req, flavor_id, body): context = req.environ['nova.context'] - authorize(context) + authorize(context, action='create') self._check_body(body) specs = body.get('extra_specs') try: @@ -82,7 +82,7 @@ class FlavorExtraSpecsController(object): @wsgi.serializers(xml=ExtraSpecTemplate) def update(self, req, flavor_id, id, body): context = req.environ['nova.context'] - authorize(context) + authorize(context, action='update') self._check_body(body) if id not in body: expl = _('Request body and URI mismatch') @@ -102,7 +102,7 @@ class FlavorExtraSpecsController(object): def show(self, req, flavor_id, id): """Return a single extra spec item.""" context = req.environ['nova.context'] - authorize(context) + authorize(context, action='show') specs = self._get_extra_specs(context, flavor_id) if id in specs['extra_specs']: return {id: specs['extra_specs'][id]} @@ -112,7 +112,7 @@ class FlavorExtraSpecsController(object): def delete(self, req, flavor_id, id): """Deletes an existing extra spec.""" context = req.environ['nova.context'] - authorize(context) + authorize(context, action='delete') db.instance_type_extra_specs_delete(context, flavor_id, id) |