From 394ea5a61b39f65ff8fb69cc01d99dbb66a61a36 Mon Sep 17 00:00:00 2001 From: Tin Lam Date: Sun, 17 Apr 2016 07:13:51 -0500 Subject: [PATCH] Added 'volume:get_transfer' to policy.json file volume:get_transfer is not enforced by the cinder policy.json file Change-Id: I8631e3615be40b944539b14ac5eb2ed98ab266b5 Closes-Bug: #1570903 --- cinder/tests/unit/policy.json | 1 + cinder/transfer/api.py | 1 + etc/cinder/policy.json | 1 + 3 files changed, 3 insertions(+) diff --git a/cinder/tests/unit/policy.json b/cinder/tests/unit/policy.json index a5a0f2fb520..d8ef658c1a3 100644 --- a/cinder/tests/unit/policy.json +++ b/cinder/tests/unit/policy.json @@ -83,6 +83,7 @@ "volume:create_transfer": "", "volume:accept_transfer": "", "volume:delete_transfer": "", + "volume:get_transfer": "", "volume:get_all_transfers": "", "backup:create" : "", diff --git a/cinder/transfer/api.py b/cinder/transfer/api.py index 20b90cdcc28..cf5df59fd24 100644 --- a/cinder/transfer/api.py +++ b/cinder/transfer/api.py @@ -57,6 +57,7 @@ class API(base.Base): super(API, self).__init__(db_driver) def get(self, context, transfer_id): + volume_api.check_policy(context, 'get_transfer') rv = self.db.transfer_get(context, transfer_id) return dict(rv) diff --git a/etc/cinder/policy.json b/etc/cinder/policy.json index 461ba7be548..d24869fa42f 100644 --- a/etc/cinder/policy.json +++ b/etc/cinder/policy.json @@ -69,6 +69,7 @@ "volume:create_transfer": "rule:admin_or_owner", "volume:accept_transfer": "", "volume:delete_transfer": "rule:admin_or_owner", + "volume:get_transfer": "rule:admin_or_owner", "volume:get_all_transfers": "rule:admin_or_owner", "volume_extension:replication:promote": "rule:admin_api",