From 15c08d822af0e4f2c488433210fe240a282b6d86 Mon Sep 17 00:00:00 2001 From: NiallBunting Date: Fri, 21 Aug 2015 14:19:20 +0000 Subject: [PATCH] Cause forbidden when deactivating image(non-admin) If a user tries to deactivate an image that is hosted by the admin that has public visiblity, it will currently return a 500 error. This changes that behaviour to return a Forbidden. Closes-Bug: 1485940 Change-Id: Id7f645fc599e57f6c0842bba2b7a2f3db52784ae --- glance/api/authorization.py | 8 ++++++++ glance/tests/unit/test_auth.py | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/glance/api/authorization.py b/glance/api/authorization.py index 9f8bdce4ea..1dfe78a006 100644 --- a/glance/api/authorization.py +++ b/glance/api/authorization.py @@ -328,6 +328,14 @@ class ImmutableImageProxy(object): message = _("You are not permitted to upload data for this image.") raise exception.Forbidden(message) + def deactivate(self, *args, **kwargs): + message = _("You are not permitted to deactivate this image.") + raise exception.Forbidden(message) + + def activate(self, *args, **kwargs): + message = _("You are not permitted to activate this image.") + raise exception.Forbidden(message) + class ImmutableMemberProxy(object): def __init__(self, base): diff --git a/glance/tests/unit/test_auth.py b/glance/tests/unit/test_auth.py index 2fc15afaca..057b5bda99 100644 --- a/glance/tests/unit/test_auth.py +++ b/glance/tests/unit/test_auth.py @@ -768,6 +768,12 @@ class TestImmutableImage(utils.BaseTestCase): self.assertRaises(exception.Forbidden, self.image.set_data, 'blah', 4) + def test_deactivate_image(self): + self.assertRaises(exception.Forbidden, self.image.deactivate) + + def test_activate_image(self): + self.assertRaises(exception.Forbidden, self.image.activate) + def test_get_data(self): class FakeImage(object): def get_data(self):