diff --git a/cinder/api/contrib/hosts.py b/cinder/api/contrib/hosts.py index 0d5bf6630b2..dc1f93e75ba 100644 --- a/cinder/api/contrib/hosts.py +++ b/cinder/api/contrib/hosts.py @@ -146,9 +146,7 @@ class HostController(wsgi.Controller): """ host = id context = req.environ['cinder.context'] - if not context.is_admin: - msg = _("Describe-resource is admin only functionality") - raise webob.exc.HTTPForbidden(explanation=msg) + context.authorize(policy.MANAGE_POLICY) # Not found exception will be handled at the wsgi level host_ref = objects.Service.get_by_host_and_topic( diff --git a/cinder/policies/hosts.py b/cinder/policies/hosts.py index bea808b53b7..627f74497c9 100644 --- a/cinder/policies/hosts.py +++ b/cinder/policies/hosts.py @@ -24,7 +24,7 @@ hosts_policies = [ policy.DocumentedRuleDefault( name=MANAGE_POLICY, check_str=base.RULE_ADMIN_API, - description="List or update hosts for a project.", + description="List, update or show hosts for a project.", operations=[ { 'method': 'GET', @@ -33,6 +33,10 @@ hosts_policies = [ { 'method': 'PUT', 'path': '/os-hosts/{host_name}' + }, + { + 'method': 'GET', + 'path': '/os-hosts/{host_id}' } ]) ] diff --git a/cinder/tests/unit/api/contrib/test_hosts.py b/cinder/tests/unit/api/contrib/test_hosts.py index 2dee75f79c4..6f803e15d26 100644 --- a/cinder/tests/unit/api/contrib/test_hosts.py +++ b/cinder/tests/unit/api/contrib/test_hosts.py @@ -214,7 +214,7 @@ class HostTestCase(test.TestCase): def test_show_forbidden(self): self.req.environ['cinder.context'].is_admin = False dest = 'dummydest' - self.assertRaises(webob.exc.HTTPForbidden, + self.assertRaises(exception.PolicyNotAuthorized, self.controller.show, self.req, dest) self.req.environ['cinder.context'].is_admin = True