Remove redundant try/except statements in quotas.py
If a non-admin user performs an update/delete operation that requires admin privileges, the permissions are verified and processed in context.can(...), and subsequent authentication in try/except will never be executed. Change-Id: I51470731ed78ddb1e197222187c432372e2f21ee
This commit is contained in:
helei
parent
8632a6cfcd
commit
662766d64d
|
|
@ -153,8 +153,6 @@ class QuotasController(wsgi.Controller):
|
|||
db.quota_update(context, project_id, key, value)
|
||||
except exception.ProjectQuotaNotFound:
|
||||
db.quota_create(context, project_id, key, value)
|
||||
except exception.AdminRequired:
|
||||
raise exc.HTTPForbidden()
|
||||
|
||||
LOG.info("Update quotas successfully.",
|
||||
resource={'id': project_id})
|
||||
|
|
@ -184,11 +182,7 @@ class QuotasController(wsgi.Controller):
|
|||
msg = _("Invalid project id provided.")
|
||||
raise exc.HTTPBadRequest(explanation=msg)
|
||||
context.can(quota_policy.DELETE_POLICY)
|
||||
try:
|
||||
db.authorize_project_context(context, id)
|
||||
QUOTAS.destroy_all_by_project(context, id)
|
||||
except exception.NotAuthorized:
|
||||
raise exc.HTTPForbidden()
|
||||
|
||||
LOG.info("Delete quotas successfully.",
|
||||
resource={'id': id})
|
||||
|
|
|
|||
|
|
@ -67,6 +67,15 @@ class QuotaApiTest(base.TestCase):
|
|||
self.assertRaises(exc.HTTPBadRequest, self.controller.update,
|
||||
req, "73f74f90a1754bd7ad658afb3272323f", body=body)
|
||||
|
||||
def test_quota_update_with_not_admin_context(self):
|
||||
body = {"quota": {"plans": 20}}
|
||||
req = fakes.HTTPRequest.blank(
|
||||
'/v1/quotas/73f74f90a1754bd7ad658afb3272323f',
|
||||
use_admin_context=False)
|
||||
self.assertRaises(
|
||||
exception.PolicyNotAuthorized, self.controller.update,
|
||||
req, "73f74f90a1754bd7ad658afb3272323f", body=body)
|
||||
|
||||
@mock.patch(
|
||||
'karbor.quota.DbQuotaDriver.get_defaults')
|
||||
def test_quota_defaults(self, mock_quota_get):
|
||||
|
|
|
|||
Loading…
Reference in New Issue