Browse Source

Remove redundant try/except statements in quotas.py

If a non-admin user performs an update/delete operation that requires
admin privileges, the permissions are verified and processed in
context.can(...), and subsequent authentication in try/except will never
be executed.

Change-Id: I51470731ed78ddb1e197222187c432372e2f21ee
changes/27/668627/3
helei 2 years ago
parent
commit
662766d64d
  1. 8
      karbor/api/v1/quotas.py
  2. 9
      karbor/tests/unit/api/v1/test_quotas.py

8
karbor/api/v1/quotas.py

@ -153,8 +153,6 @@ class QuotasController(wsgi.Controller):
db.quota_update(context, project_id, key, value)
except exception.ProjectQuotaNotFound:
db.quota_create(context, project_id, key, value)
except exception.AdminRequired:
raise exc.HTTPForbidden()
LOG.info("Update quotas successfully.",
resource={'id': project_id})
@ -184,11 +182,7 @@ class QuotasController(wsgi.Controller):
msg = _("Invalid project id provided.")
raise exc.HTTPBadRequest(explanation=msg)
context.can(quota_policy.DELETE_POLICY)
try:
db.authorize_project_context(context, id)
QUOTAS.destroy_all_by_project(context, id)
except exception.NotAuthorized:
raise exc.HTTPForbidden()
QUOTAS.destroy_all_by_project(context, id)
LOG.info("Delete quotas successfully.",
resource={'id': id})

9
karbor/tests/unit/api/v1/test_quotas.py

@ -67,6 +67,15 @@ class QuotaApiTest(base.TestCase):
self.assertRaises(exc.HTTPBadRequest, self.controller.update,
req, "73f74f90a1754bd7ad658afb3272323f", body=body)
def test_quota_update_with_not_admin_context(self):
body = {"quota": {"plans": 20}}
req = fakes.HTTPRequest.blank(
'/v1/quotas/73f74f90a1754bd7ad658afb3272323f',
use_admin_context=False)
self.assertRaises(
exception.PolicyNotAuthorized, self.controller.update,
req, "73f74f90a1754bd7ad658afb3272323f", body=body)
@mock.patch(
'karbor.quota.DbQuotaDriver.get_defaults')
def test_quota_defaults(self, mock_quota_get):

Loading…
Cancel
Save