Fix RBAC and ACL access for managing secret containers
This patch adds the missing access control data to enforce access control for adding/removing secrets in containers. Change-Id: I6879f566117db5ec0099ddad35ba649a3c674bd1
This commit is contained in:
parent
59aa7f71b9
commit
922c68bada
|
@ -235,6 +235,12 @@ class ContainersSecretsController(controllers.ACLMixin):
|
|||
self.secret_repo = repo.get_secret_repository()
|
||||
self.validator = validators.ContainerSecretValidator()
|
||||
|
||||
def get_acl_tuple(self, req, **kwargs):
|
||||
acl = self.get_acl_dict_for_user(req, self.container.container_acls)
|
||||
acl['project_id'] = self.container.project.external_id
|
||||
acl['creator_id'] = self.container.creator_id
|
||||
return ('container', acl)
|
||||
|
||||
@pecan.expose(generic=True)
|
||||
def index(self, **kwargs):
|
||||
pecan.abort(405) # HTTP 405 Method Not Allowed as default
|
||||
|
|
Loading…
Reference in New Issue