For ldap, API wrongly reports user is in group
When the ldap identity backend is configured, HEAD v3/groups/{group_id}/users/{user_id} always returns 200, even if the user is not actually in the group. This is because the sql and kvs backend will raise NotFound exception if the user is not in the group, but the ldap backend just return result. Change-Id: Ie1585c8aebe054091bd76fded666bf41125ff9ca Closes-Bug: 1245247
This commit is contained in:
parent
58b790f1cc
commit
628f383fbb
@ -179,7 +179,8 @@ class Identity(identity.Driver):
|
||||
if x['id'] == user_id:
|
||||
found = True
|
||||
break
|
||||
return found
|
||||
if not found:
|
||||
raise exception.NotFound(_('User not found in group'))
|
||||
|
||||
|
||||
# TODO(termie): turn this into a data object and move logic to driver
|
||||
|
@ -323,7 +323,7 @@ class UserV3(controller.V3Controller):
|
||||
|
||||
@controller.protected(callback=_check_user_and_group_protection)
|
||||
def check_user_in_group(self, context, user_id, group_id):
|
||||
return self.identity_api.check_user_in_group(
|
||||
self.identity_api.check_user_in_group(
|
||||
user_id, group_id,
|
||||
domain_scope=self._get_domain_id_for_request(context))
|
||||
|
||||
|
@ -480,7 +480,7 @@ class Manager(manager.Manager):
|
||||
@domains_configured
|
||||
def check_user_in_group(self, user_id, group_id, domain_scope=None):
|
||||
domain_id, driver = self._get_domain_id_and_driver(domain_scope)
|
||||
return driver.check_user_in_group(user_id, group_id)
|
||||
driver.check_user_in_group(user_id, group_id)
|
||||
|
||||
@domains_configured
|
||||
def change_password(self, context, user_id, original_password,
|
||||
|
@ -2249,6 +2249,16 @@ class IdentityTests(object):
|
||||
uuid.uuid4().hex,
|
||||
new_group['id'])
|
||||
|
||||
new_user = {'id': uuid.uuid4().hex, 'name': 'new_user',
|
||||
'password': uuid.uuid4().hex, 'enabled': True,
|
||||
'domain_id': DEFAULT_DOMAIN_ID}
|
||||
self.identity_api.create_user(new_user['id'], new_user)
|
||||
|
||||
self.assertRaises(exception.NotFound,
|
||||
self.identity_api.check_user_in_group,
|
||||
new_user['id'],
|
||||
new_group['id'])
|
||||
|
||||
def test_list_users_in_group(self):
|
||||
domain = self._get_domain_fixture()
|
||||
new_group = {'id': uuid.uuid4().hex, 'domain_id': domain['id'],
|
||||
|
Loading…
Reference in New Issue
Block a user