Merge "Require authz for user role list (bug 1006815)"
This commit is contained in:
commit
84a7f37510
@ -467,6 +467,7 @@ class RoleController(wsgi.Application):
|
|||||||
not implementing them in hopes that the idea will die off.
|
not implementing them in hopes that the idea will die off.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
self.assert_admin(context)
|
||||||
if tenant_id is None:
|
if tenant_id is None:
|
||||||
raise exception.NotImplemented(message='User roles not supported: '
|
raise exception.NotImplemented(message='User roles not supported: '
|
||||||
'tenant ID required')
|
'tenant ID required')
|
||||||
|
@ -587,6 +587,17 @@ class JsonTestCase(RestfulTestCase, CoreApiTests):
|
|||||||
expected_status=401)
|
expected_status=401)
|
||||||
self.assertValidErrorResponse(r)
|
self.assertValidErrorResponse(r)
|
||||||
|
|
||||||
|
def test_user_role_list_requires_auth(self):
|
||||||
|
"""User role list should 401 without an X-Auth-Token (bug 1006815)."""
|
||||||
|
# values here don't matter because we should 401 before they're checked
|
||||||
|
path = '/v2.0/tenants/%(tenant_id)s/users/%(user_id)s/roles' % {
|
||||||
|
'tenant_id': uuid.uuid4().hex,
|
||||||
|
'user_id': uuid.uuid4().hex,
|
||||||
|
}
|
||||||
|
|
||||||
|
r = self.admin_request(path=path, expected_status=401)
|
||||||
|
self.assertValidErrorResponse(r)
|
||||||
|
|
||||||
|
|
||||||
class XmlTestCase(RestfulTestCase, CoreApiTests):
|
class XmlTestCase(RestfulTestCase, CoreApiTests):
|
||||||
xmlns = 'http://docs.openstack.org/identity/api/v2.0'
|
xmlns = 'http://docs.openstack.org/identity/api/v2.0'
|
||||||
|
Loading…
Reference in New Issue
Block a user