Merge "Fix image owner can't be changed issue in v2"

2015-08-17 18:48:55 +00:00 · 2015-08-17 18:48:55 +00:00 · 0f26b30a6b
parent c674b79981 46666826c9
commit 0f26b30a6b
2 changed files with 15 additions and 3 deletions
--- a/glance/api/v2/images.py
+++ b/glance/api/v2/images.py
@ -183,6 +183,9 @@ class ImagesController(object):
        value = change['value']
        if path_root == 'locations':
            self._do_replace_locations(image, value)
+        elif path_root == 'owner' and req.context.is_admin == False:
+            msg = _("Owner can't be updated by non admin.")
+            raise webob.exc.HTTPForbidden(msg)
        else:
            if hasattr(image, path_root):
                setattr(image, path_root, value)
@ -323,7 +326,7 @@ class RequestDeserializer(wsgi.JSONRequestDeserializer):
    _readonly_properties = ('created_at', 'updated_at', 'status', 'checksum',
                            'size', 'virtual_size', 'direct_url', 'self',
                            'file', 'schema', 'id')
-    _reserved_properties = ('owner', 'location', 'deleted', 'deleted_at')
+    _reserved_properties = ('location', 'deleted', 'deleted_at')
    _base_properties = ('checksum', 'created_at', 'container_format',
                        'disk_format', 'id', 'min_disk', 'min_ram', 'name',
                        'size', 'virtual_size', 'status', 'tags',
--- a/glance/tests/unit/v2/test_images_resource.py
+++ b/glance/tests/unit/v2/test_images_resource.py
@ -793,13 +793,23 @@ class TestImagesController(base.IsolatedUnitTest):
    def test_update_replace_base_attribute(self):
        self.db.image_update(None, UUID1, {'properties': {'foo': 'bar'}})
        request = unit_test_utils.get_fake_request()
-        changes = [{'op': 'replace', 'path': ['name'], 'value': 'fedora'}]
+        request.context.is_admin = True
+        changes = [{'op': 'replace', 'path': ['name'], 'value': 'fedora'},
+                   {'op': 'replace', 'path': ['owner'], 'value': TENANT3}]
        output = self.controller.update(request, UUID1, changes)
        self.assertEqual(UUID1, output.image_id)
        self.assertEqual('fedora', output.name)
+        self.assertEqual(TENANT3, output.owner)
        self.assertEqual({'foo': 'bar'}, output.extra_properties)
        self.assertNotEqual(output.created_at, output.updated_at)

+    def test_update_replace_onwer_non_admin(self):
+        request = unit_test_utils.get_fake_request()
+        request.context.is_admin = False
+        changes = [{'op': 'replace', 'path': ['owner'], 'value': TENANT3}]
+        self.assertRaises(webob.exc.HTTPForbidden,
+                          self.controller.update, request, UUID1, changes)
+
    def test_update_replace_tags(self):
        request = unit_test_utils.get_fake_request()
        changes = [
@ -2455,7 +2465,6 @@ class TestImagesDeserializer(test_utils.BaseTestCase):

    def test_update_reserved_attributes(self):
        samples = {
-            'owner': TENANT1,
            'deleted': False,
            'deleted_at': ISOTIME,
        }