From 5c87422b07d2e8efb250301d99e39f8ccf138c7d Mon Sep 17 00:00:00 2001
From: Raildo Mascena <raildo@lsd.ufcg.edu.br>
Date: Thu, 2 Jun 2016 17:10:06 -0300
Subject: [PATCH] Adding role assignment lists unit tests

Add a unit tests on role assignment list when a project admin
should not be able to list role assignment of any other project

Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br>

Change-Id: I0ce36a2d3fa088a8f2a9382bf85b0ab34b2c58a4
---
 keystone/tests/unit/test_v3_protection.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/keystone/tests/unit/test_v3_protection.py b/keystone/tests/unit/test_v3_protection.py
index 78321a28b5..e0ed0cc20c 100644
--- a/keystone/tests/unit/test_v3_protection.py
+++ b/keystone/tests/unit/test_v3_protection.py
@@ -1316,6 +1316,19 @@ class IdentityTestv3CloudPolicySample(test_v3.RestfulTestCase,
         self.assertRoleAssignmentInListResponse(r, project_admin_entity)
         self.assertRoleAssignmentInListResponse(r, project_user_entity)
 
+    def test_project_admin_list_assignments_of_another_project_failed(self):
+        projectB = unit.new_project_ref(domain_id=self.domainA['id'])
+        self.resource_api.create_project(projectB['id'], projectB)
+        admin_auth = self.build_authentication_request(
+            user_id=self.project_admin_user['id'],
+            password=self.project_admin_user['password'],
+            project_id=self.project['id'])
+
+        collection_url = self.build_role_assignment_query_url(
+            project_id=projectB['id'])
+        self.get(collection_url, auth=admin_auth,
+                 expected_status=exception.ForbiddenAction.code)
+
     @utils.wip('waiting on bug #1437407')
     def test_domain_admin_list_assignments_of_project(self):
         self.auth = self.build_authentication_request(