From 7ba533f069aa95c73524f7f0a398a216dfbcdbb3 Mon Sep 17 00:00:00 2001
From: Li Chen <chen.li@intel.com>
Date: Fri, 1 Feb 2013 17:32:26 +0800
Subject: Flavor Extra Specs should require admin privileges

The previous fix added admin check in policy.json,
but code still can't recorginize the detailed actions.

This fix edited "authorize" function for flavor_extra_specs,
to make sure it will check the admin privileges in policy.json.

Also, together with the code, this fix edit old test case with admin privileges,
and added new non-admin privileges test case.

Fixes bug 1094142

Change-Id: Ia286aedb4846383ad51bd54b0984dd1feddfbf81
---
 nova/api/openstack/compute/contrib/flavorextraspecs.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'nova/api')

diff --git a/nova/api/openstack/compute/contrib/flavorextraspecs.py b/nova/api/openstack/compute/contrib/flavorextraspecs.py
index 12cc7d9ed..1349abe78 100644
--- a/nova/api/openstack/compute/contrib/flavorextraspecs.py
+++ b/nova/api/openstack/compute/contrib/flavorextraspecs.py
@@ -62,13 +62,13 @@ class FlavorExtraSpecsController(object):
     def index(self, req, flavor_id):
         """Returns the list of extra specs for a given flavor."""
         context = req.environ['nova.context']
-        authorize(context)
+        authorize(context, action='index')
         return self._get_extra_specs(context, flavor_id)
 
     @wsgi.serializers(xml=ExtraSpecsTemplate)
     def create(self, req, flavor_id, body):
         context = req.environ['nova.context']
-        authorize(context)
+        authorize(context, action='create')
         self._check_body(body)
         specs = body.get('extra_specs')
         try:
@@ -82,7 +82,7 @@ class FlavorExtraSpecsController(object):
     @wsgi.serializers(xml=ExtraSpecTemplate)
     def update(self, req, flavor_id, id, body):
         context = req.environ['nova.context']
-        authorize(context)
+        authorize(context, action='update')
         self._check_body(body)
         if id not in body:
             expl = _('Request body and URI mismatch')
@@ -102,7 +102,7 @@ class FlavorExtraSpecsController(object):
     def show(self, req, flavor_id, id):
         """Return a single extra spec item."""
         context = req.environ['nova.context']
-        authorize(context)
+        authorize(context, action='show')
         specs = self._get_extra_specs(context, flavor_id)
         if id in specs['extra_specs']:
             return {id: specs['extra_specs'][id]}
@@ -112,7 +112,7 @@ class FlavorExtraSpecsController(object):
     def delete(self, req, flavor_id, id):
         """Deletes an existing extra spec."""
         context = req.environ['nova.context']
-        authorize(context)
+        authorize(context, action='delete')
         db.instance_type_extra_specs_delete(context, flavor_id, id)
 
 
-- 
cgit