Merge "Allow users with "creator" role to edit ACLs" into stable/train
This commit is contained in:
commit
d632bbaffd
|
@ -33,7 +33,9 @@ rules = [
|
|||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name='secret_acls:delete',
|
||||
check_str='rule:secret_project_admin or rule:secret_project_creator',
|
||||
check_str='rule:secret_project_admin or rule:secret_project_creator ' +
|
||||
'or (rule:secret_project_creator_role and ' +
|
||||
'rule:secret_non_private_read)',
|
||||
scope_types=[],
|
||||
description='Delete the ACL settings for a given secret.',
|
||||
operations=[
|
||||
|
@ -45,7 +47,9 @@ rules = [
|
|||
),
|
||||
policy.DocumentedRuleDefault(
|
||||
name='secret_acls:put_patch',
|
||||
check_str='rule:secret_project_admin or rule:secret_project_creator',
|
||||
check_str='rule:secret_project_admin or rule:secret_project_creator ' +
|
||||
'or (rule:secret_project_creator_role and ' +
|
||||
'rule:secret_non_private_read)',
|
||||
scope_types=[],
|
||||
description='Create new, replaces, or updates existing ACL for a ' +
|
||||
'given secret.',
|
||||
|
@ -75,7 +79,9 @@ rules = [
|
|||
policy.DocumentedRuleDefault(
|
||||
name='container_acls:delete',
|
||||
check_str='rule:container_project_admin or ' +
|
||||
'rule:container_project_creator',
|
||||
'rule:container_project_creator or ' +
|
||||
'(rule:container_project_creator_role and' +
|
||||
' rule:container_non_private_read)',
|
||||
scope_types=[],
|
||||
description='Delete ACL for a given container. No content is returned '
|
||||
'in the case of successful deletion.',
|
||||
|
@ -89,7 +95,9 @@ rules = [
|
|||
policy.DocumentedRuleDefault(
|
||||
name='container_acls:put_patch',
|
||||
check_str='rule:container_project_admin or ' +
|
||||
'rule:container_project_creator',
|
||||
'rule:container_project_creator or ' +
|
||||
'(rule:container_project_creator_role and' +
|
||||
' rule:container_non_private_read)',
|
||||
scope_types=[],
|
||||
description='Create new or replaces existing ACL for a given '
|
||||
'container.',
|
||||
|
|
|
@ -111,8 +111,8 @@ class WhenTestingSecretACLsResource(utils.BarbicanAPIBaseTestCase,
|
|||
resp = self._set_acls_with_context(
|
||||
self.app, entity_type='secrets', op_type='create',
|
||||
entity_id=secret_uuid, roles=['creator'], user='NotSecretCreator',
|
||||
expect_errors=True)
|
||||
self.assertEqual(403, resp.status_int)
|
||||
expect_errors=False)
|
||||
self.assertEqual(200, resp.status_int)
|
||||
|
||||
resp = self._set_acls_with_context(
|
||||
self.app, entity_type='secrets', op_type='create',
|
||||
|
@ -379,8 +379,8 @@ class WhenTestingSecretACLsResource(utils.BarbicanAPIBaseTestCase,
|
|||
resp = self._set_acls_with_context(
|
||||
self.app, entity_type='secrets', op_type='update',
|
||||
entity_id=secret_uuid, roles=['creator'], user='NotSecretCreator',
|
||||
expect_errors=True)
|
||||
self.assertEqual(403, resp.status_int)
|
||||
expect_errors=False)
|
||||
self.assertEqual(200, resp.status_int)
|
||||
|
||||
resp = self._set_acls_with_context(
|
||||
self.app, entity_type='secrets', op_type='update',
|
||||
|
@ -460,9 +460,9 @@ class WhenTestingSecretACLsResource(utils.BarbicanAPIBaseTestCase,
|
|||
resp = self._set_acls_with_context(
|
||||
self.app, entity_type='secrets', op_type='delete',
|
||||
entity_id=secret_uuid, roles=['creator'], user='NotSecretCreator',
|
||||
expect_errors=True)
|
||||
expect_errors=False)
|
||||
|
||||
self.assertEqual(403, resp.status_int)
|
||||
self.assertEqual(200, resp.status_int)
|
||||
|
||||
resp = self._set_acls_with_context(
|
||||
self.app, entity_type='secrets', op_type='delete',
|
||||
|
@ -567,8 +567,8 @@ class WhenTestingContainerAclsResource(utils.BarbicanAPIBaseTestCase,
|
|||
resp = self._set_acls_with_context(
|
||||
self.app, entity_type='containers', op_type='create',
|
||||
entity_id=container_id, roles=['creator'],
|
||||
user='NotContainerCreator', expect_errors=True)
|
||||
self.assertEqual(403, resp.status_int)
|
||||
user='NotContainerCreator', expect_errors=False)
|
||||
self.assertEqual(200, resp.status_int)
|
||||
|
||||
resp = self._set_acls_with_context(
|
||||
self.app, entity_type='containers', op_type='create',
|
||||
|
@ -871,8 +871,8 @@ class WhenTestingContainerAclsResource(utils.BarbicanAPIBaseTestCase,
|
|||
resp = self._set_acls_with_context(
|
||||
self.app, entity_type='containers', op_type='update',
|
||||
entity_id=container_id, roles=['creator'], user='NotCreator',
|
||||
expect_errors=True)
|
||||
self.assertEqual(403, resp.status_int)
|
||||
expect_errors=False)
|
||||
self.assertEqual(200, resp.status_int)
|
||||
|
||||
resp = self._set_acls_with_context(
|
||||
self.app, entity_type='containers', op_type='update',
|
||||
|
@ -931,9 +931,9 @@ class WhenTestingContainerAclsResource(utils.BarbicanAPIBaseTestCase,
|
|||
resp = self._set_acls_with_context(
|
||||
self.app, entity_type='containers', op_type='delete',
|
||||
entity_id=container_id, roles=['creator'], user='NotCreator',
|
||||
expect_errors=True)
|
||||
expect_errors=False)
|
||||
|
||||
self.assertEqual(403, resp.status_int)
|
||||
self.assertEqual(200, resp.status_int)
|
||||
|
||||
resp = self._set_acls_with_context(
|
||||
self.app, entity_type='containers', op_type='delete',
|
||||
|
|
Loading…
Reference in New Issue