Return 403 when policy engine denies action
* Fixes bug 956206 Change-Id: I0447a1a86fed2456c912395a0ab7d6e0aba03f66
This commit is contained in:
parent
3ae0ef012b
commit
e2e88d8aad
|
@ -29,7 +29,6 @@ from webob.exc import (HTTPError,
|
|||
HTTPConflict,
|
||||
HTTPBadRequest,
|
||||
HTTPForbidden,
|
||||
HTTPUnauthorized,
|
||||
HTTPRequestEntityTooLarge,
|
||||
HTTPServiceUnavailable,
|
||||
)
|
||||
|
@ -104,7 +103,7 @@ class Controller(controller.BaseController):
|
|||
try:
|
||||
self.policy.enforce(req.context, action, {})
|
||||
except exception.NotAuthorized:
|
||||
raise HTTPUnauthorized()
|
||||
raise HTTPForbidden()
|
||||
|
||||
def index(self, req):
|
||||
"""
|
||||
|
|
|
@ -2194,7 +2194,7 @@ class TestGlanceAPI(base.IsolatedUnitTest):
|
|||
req.headers['Content-Type'] = 'application/octet-stream'
|
||||
req.body = "chunk00000remainder"
|
||||
res = req.get_response(self.api)
|
||||
self.assertEquals(res.status_int, 401)
|
||||
self.assertEquals(res.status_int, 403)
|
||||
|
||||
def _do_test_post_image_content_missing_format(self, missing):
|
||||
"""Tests creation of an image with missing format"""
|
||||
|
@ -2563,14 +2563,14 @@ class TestGlanceAPI(base.IsolatedUnitTest):
|
|||
self.set_policy_rules(rules)
|
||||
req = webob.Request.blank('/images/detail')
|
||||
res = req.get_response(self.api)
|
||||
self.assertEquals(res.status_int, 401)
|
||||
self.assertEquals(res.status_int, 403)
|
||||
|
||||
def test_get_images_unauthorized(self):
|
||||
rules = {"get_images": [["false:false"]]}
|
||||
self.set_policy_rules(rules)
|
||||
req = webob.Request.blank('/images/detail')
|
||||
res = req.get_response(self.api)
|
||||
self.assertEquals(res.status_int, 401)
|
||||
self.assertEquals(res.status_int, 403)
|
||||
|
||||
def test_store_location_not_revealed(self):
|
||||
"""
|
||||
|
@ -2732,7 +2732,7 @@ class TestGlanceAPI(base.IsolatedUnitTest):
|
|||
req = webob.Request.blank("/images/%s" % UUID2)
|
||||
req.method = 'HEAD'
|
||||
res = req.get_response(self.api)
|
||||
self.assertEquals(res.status_int, 401)
|
||||
self.assertEquals(res.status_int, 403)
|
||||
|
||||
def test_show_image_basic(self):
|
||||
req = webob.Request.blank("/images/%s" % UUID2)
|
||||
|
@ -2751,7 +2751,7 @@ class TestGlanceAPI(base.IsolatedUnitTest):
|
|||
self.set_policy_rules(rules)
|
||||
req = webob.Request.blank("/images/%s" % UUID2)
|
||||
res = req.get_response(self.api)
|
||||
self.assertEqual(res.status_int, 401)
|
||||
self.assertEqual(res.status_int, 403)
|
||||
|
||||
def test_delete_image(self):
|
||||
req = webob.Request.blank("/images/%s" % UUID2)
|
||||
|
@ -2833,7 +2833,7 @@ class TestGlanceAPI(base.IsolatedUnitTest):
|
|||
req = webob.Request.blank("/images/%s" % UUID2)
|
||||
req.method = 'DELETE'
|
||||
res = req.get_response(self.api)
|
||||
self.assertEquals(res.status_int, 401)
|
||||
self.assertEquals(res.status_int, 403)
|
||||
|
||||
def test_get_details_invalid_marker(self):
|
||||
"""
|
||||
|
|
Loading…
Reference in New Issue