openstack/deb-murano
Code Issues Proposed changes

Merge "Allow any admins to perform actions on packages"

Browse Source
This commit is contained in:
Jenkins 2015-04-08 15:00:12 +00:00 committed by Gerrit Code Review
commit 7e5e4b5642
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
murano/db/catalog/api.py
View File

@ -82,7 +82,8 @@ def package_get(package_id_or_name, context):
"""
session = db_session.get_session()
package = _package_get(package_id_or_name, session)
_authorize_package(package, context, allow_public=True)
if not context.is_admin:
_authorize_package(package, context, allow_public=True)
return package
@ -234,7 +235,8 @@ def package_update(pkg_id_or_name, changes, context):
session = db_session.get_session()
with session.begin():
pkg = _package_get(pkg_id_or_name, session)
_authorize_package(pkg, context)
if not context.is_admin:
_authorize_package(pkg, context)
for change in changes:
pkg = operation_methods[change['op']](pkg, change)
@ -376,7 +378,10 @@ def package_delete(package_id_or_name, context):
with session.begin():
package = _package_get(package_id_or_name, session)
_authorize_package(package, context)
if not context.is_admin and package.owner_id != context.tenant:
raise exc.HTTPForbidden(
explanation='Package is not owned by the'
' tenant "{0}"'.format(context.tenant))
session.delete(package)