Merge "Update the default policy rule for /v1/storage/dataframes"
This commit is contained in:
commit
6c36f6721d
|
@ -54,7 +54,10 @@ class DataFramesController(rest.RestController):
|
|||
:return: Collection of DataFrame objects.
|
||||
"""
|
||||
|
||||
policy.authorize(pecan.request.context, 'storage:list_data_frames', {})
|
||||
project_id = tenant_id or pecan.request.context.project_id
|
||||
policy.authorize(pecan.request.context, 'storage:list_data_frames', {
|
||||
'tenant_id': project_id,
|
||||
})
|
||||
|
||||
scope_key = CONF.collect.scope_key
|
||||
backend = pecan.request.storage_backend
|
||||
|
|
|
@ -20,7 +20,7 @@ from cloudkitty.common.policies import base
|
|||
storage_policies = [
|
||||
policy.DocumentedRuleDefault(
|
||||
name='storage:list_data_frames',
|
||||
check_str=base.UNPROTECTED,
|
||||
check_str=base.RULE_ADMIN_OR_OWNER,
|
||||
description='Return a list of rated resources for a time period '
|
||||
'and a tenant.',
|
||||
operations=[{'path': '/v1/storage/dataframes',
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
security:
|
||||
- |
|
||||
The default policy for the ``/v1/storage/dataframes`` endpoint has been
|
||||
changed from ``unprotected`` (accessible by any unauthenticated used) to
|
||||
``admin_or_owner`` (accessible only by admins or members of the project).
|
Loading…
Reference in New Issue