openstack
/
barbican
Code Issues Proposed changes
barbican/barbican/api
History
Douglas Mendizábal 93c5636f9c Fix policy for Orders 
This patch adds checks to make sure that the project_id of the token
matches the project_id that owns the Order.

Currently, having a role on any project will allow the request to be
processed, which results in a 404 - Not Found instead of 401 -
Forbidden.

Change-Id: Ie0e6f6edae40e47d45afbe92fd509032cb091b1a
(cherry picked from commit 5d81a3c453)
(cherry picked from commit 382b5086a2)
(cherry picked from commit ea7451e32c)
(cherry picked from commit 85b9feecd2)
 		2021-12-14 19:40:42 +00:00
..
controllers Fix policy for Orders 2021-12-14 19:40:42 +00:00
middleware Take context from environment instead of parsing headers 2018-04-03 14:57:45 +03:00
__init__.py Stop using deprecated 'message' attribute in Exception 2017-07-26 05:30:17 +00:00
app.py Commit DB changes on API startup 2018-06-01 14:08:57 +03:00
app.wsgi Add PBR wsgi_scripts entrypoint for barbican api 2017-07-14 16:35:48 -04:00
hooks.py Update json module to jsonutils 2019-03-07 07:02:48 +00:00