Merge "Create new policy for downloading deactivated artifacts"
This commit is contained in:
commit
9b9592ea1e
|
@ -69,7 +69,13 @@ artifact_policy_rules = [
|
||||||
"Policy to set custom location for artifact"),
|
"Policy to set custom location for artifact"),
|
||||||
policy.RuleDefault("artifact:upload", "rule:admin_or_owner",
|
policy.RuleDefault("artifact:upload", "rule:admin_or_owner",
|
||||||
"Policy to upload blob for artifact"),
|
"Policy to upload blob for artifact"),
|
||||||
policy.RuleDefault("artifact:download", "",
|
policy.RuleDefault("artifact:download_deactivated",
|
||||||
|
"'deactivated':%(status)s and rule:context_is_admin "
|
||||||
|
"or not 'deactivated':%(status)s",
|
||||||
|
"Policy to download blob from deactivated artifact"),
|
||||||
|
policy.RuleDefault("artifact:download",
|
||||||
|
"rule:admin_or_owner and "
|
||||||
|
"rule:artifact:download_deactivated",
|
||||||
"Policy to download blob from artifact"),
|
"Policy to download blob from artifact"),
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
@ -541,11 +541,6 @@ class Engine(object):
|
||||||
blob_name = "%s[%s]" % (field_name, blob_key)\
|
blob_name = "%s[%s]" % (field_name, blob_key)\
|
||||||
if blob_key else field_name
|
if blob_key else field_name
|
||||||
|
|
||||||
if af.status == 'deactivated' and not context.is_admin:
|
|
||||||
msg = _("Only admin is allowed to download artifact data "
|
|
||||||
"when it's deactivated")
|
|
||||||
raise exception.Forbidden(message=msg)
|
|
||||||
|
|
||||||
if af.status == 'deleted':
|
if af.status == 'deleted':
|
||||||
msg = _("Cannot download data when artifact is deleted")
|
msg = _("Cannot download data when artifact is deleted")
|
||||||
raise exception.Forbidden(message=msg)
|
raise exception.Forbidden(message=msg)
|
||||||
|
|
Loading…
Reference in New Issue