From c8d3c580143282935de36e4a5a1708ee9242f7be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Douglas=20Mendiz=C3=A1bal?= <dmendiza@redhat.com>
Date: Wed, 31 Mar 2021 12:54:15 -0500
Subject: [PATCH] Fix RBAC and ACL access for managing secret containers

This patch adds the missing access control data to enforce access
control for adding/removing secrets in containers.

Change-Id: I6879f566117db5ec0099ddad35ba649a3c674bd1
(cherry picked from commit 922c68badaf5cc4b43862ab261119b68cdc68a37)
---
 barbican/api/controllers/containers.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/barbican/api/controllers/containers.py b/barbican/api/controllers/containers.py
index 0896f34a2..bac8934c4 100644
--- a/barbican/api/controllers/containers.py
+++ b/barbican/api/controllers/containers.py
@@ -235,6 +235,12 @@ class ContainersSecretsController(controllers.ACLMixin):
         self.secret_repo = repo.get_secret_repository()
         self.validator = validators.ContainerSecretValidator()
 
+    def get_acl_tuple(self, req, **kwargs):
+        acl = self.get_acl_dict_for_user(req, self.container.container_acls)
+        acl['project_id'] = self.container.project.external_id
+        acl['creator_id'] = self.container.creator_id
+        return ('container', acl)
+
     @pecan.expose(generic=True)
     def index(self, **kwargs):
         pecan.abort(405)  # HTTP 405 Method Not Allowed as default