Merge "Require authz for user role list (bug 1006815)"

This commit is contained in:
Jenkins 2012-06-08 17:00:02 +00:00 committed by Gerrit Code Review
commit 84a7f37510
2 changed files with 12 additions and 0 deletions

View File

@ -467,6 +467,7 @@ class RoleController(wsgi.Application):
not implementing them in hopes that the idea will die off. not implementing them in hopes that the idea will die off.
""" """
self.assert_admin(context)
if tenant_id is None: if tenant_id is None:
raise exception.NotImplemented(message='User roles not supported: ' raise exception.NotImplemented(message='User roles not supported: '
'tenant ID required') 'tenant ID required')

View File

@ -587,6 +587,17 @@ class JsonTestCase(RestfulTestCase, CoreApiTests):
expected_status=401) expected_status=401)
self.assertValidErrorResponse(r) self.assertValidErrorResponse(r)
def test_user_role_list_requires_auth(self):
"""User role list should 401 without an X-Auth-Token (bug 1006815)."""
# values here don't matter because we should 401 before they're checked
path = '/v2.0/tenants/%(tenant_id)s/users/%(user_id)s/roles' % {
'tenant_id': uuid.uuid4().hex,
'user_id': uuid.uuid4().hex,
}
r = self.admin_request(path=path, expected_status=401)
self.assertValidErrorResponse(r)
class XmlTestCase(RestfulTestCase, CoreApiTests): class XmlTestCase(RestfulTestCase, CoreApiTests):
xmlns = 'http://docs.openstack.org/identity/api/v2.0' xmlns = 'http://docs.openstack.org/identity/api/v2.0'